router {ospf | ospf6}
Use this command to configure Open Shortest Path First (OSPF) protocol settings on the FortiGate unit. More information on OSPF can be found in RFC 2328.
OSPF is a link state protocol capable of routing larger networks than the simpler distance vector RIP protocol. An OSPF autonomous system (AS) or routing domain is a group of areas connected to a backbone area. A router connected to more than one area is an area border router (ABR). Routing information is contained in a link state database. Routing information is communicated between routers using link state advertisements (LSAs).
Bi-directional Forwarding Detection (BFD) is a protocol used by BGP and OSPF. It is used to quickly locate hardware failures in the network. Routers running BFD communicate with each other, and if a timer runs out on a connection then that router is declared down. BFD then communicates this information to the routing protocol and the routing information is updated. BFD support can only be configured through the CLI.
config router ospf set abr-type {cisco | ibm | shortcut | standard} Area border router type. cisco Cisco. ibm IBM. shortcut Shortcut. standard Standard. set auto-cost-ref-bandwidth {integer} Reference bandwidth in terms of megabits per second. range[1-1000000] set distance-external {integer} Administrative external distance. range[1-255] set distance-inter-area {integer} Administrative inter-area distance. range[1-255] set distance-intra-area {integer} Administrative intra-area distance. range[1-255] set database-overflow {enable | disable} Enable/disable database overflow. set database-overflow-max-lsas {integer} Database overflow maximum LSAs. range[0-4294967295] set database-overflow-time-to-recover {integer} Database overflow time to recover (sec). range[0-65535] set default-information-originate {enable | always | disable} Enable/disable generation of default route. set default-information-metric {integer} Default information metric. range[1-16777214] set default-information-metric-type {1 | 2} Default information metric type. 1 Type 1. 2 Type 2. set default-information-route-map {string} Default information route map. size[35] - datasource(s): router.route-map.name set default-metric {integer} Default metric of redistribute routes. range[1-16777214] set distance {integer} Distance of the route. range[1-255] set rfc1583-compatible {enable | disable} Enable/disable RFC1583 compatibility. set router-id {ipv4 address any} Router ID. set spf-timers {string} SPF calculation frequency. set bfd {enable | disable} Bidirectional Forwarding Detection (BFD). set log-neighbour-changes {enable | disable} Enable logging of OSPF neighbour's changes set distribute-list-in {string} Filter incoming routes. size[35] - datasource(s): router.access-list.name,router.prefix-list.name set distribute-route-map-in {string} Filter incoming external routes by route-map. size[35] - datasource(s): router.route-map.name set restart-mode {none | lls | graceful-restart} OSPF restart mode (graceful or LLS). none Hitless restart disabled. lls LLS mode. graceful-restart Graceful Restart Mode. set restart-period {integer} Graceful restart period. range[1-3600] config area edit {id} # OSPF area configuration. set id {ipv4 address any} Area entry IP address. set shortcut {disable | enable | default} Enable/disable shortcut option. set authentication {none | text | md5} Authentication type. none None. text Text. md5 MD5. set default-cost {integer} Summary default cost of stub or NSSA area. range[0-4294967295] set nssa-translator-role {candidate | never | always} NSSA translator role type. candidate Candidate. never Never. always Always. set stub-type {no-summary | summary} Stub summary setting. no-summary No summary. summary Summary. set type {regular | nssa | stub} Area type setting. regular Regular. nssa NSSA. stub Stub. set nssa-default-information-originate {enable | always | disable} Redistribute, advertise, or do not originate Type-7 default route into NSSA area. set nssa-default-information-originate-metric {integer} OSPF default metric. range[0-16777214] set nssa-default-information-originate-metric-type {1 | 2} OSPF metric type for default routes. 1 Type 1. 2 Type 2. set nssa-redistribution {enable | disable} Enable/disable redistribute into NSSA area. config range edit {id} # OSPF area range configuration. set id {integer} Range entry ID. range[0-4294967295] set prefix {ipv4 classnet any} Prefix. set advertise {disable | enable} Enable/disable advertise status. set substitute {ipv4 classnet any} Substitute prefix. set substitute-status {enable | disable} Enable/disable substitute status. next config virtual-link edit {name} # OSPF virtual link configuration. set name {string} Virtual link entry name. size[35] set authentication {none | text | md5} Authentication type. none None. text Text. md5 MD5. set authentication-key {password_string} Authentication key. size[8] set md5-key {string} MD5 key. set dead-interval {integer} Dead interval. range[1-65535] set hello-interval {integer} Hello interval. range[1-65535] set retransmit-interval {integer} Retransmit interval. range[1-65535] set transmit-delay {integer} Transmit delay. range[1-65535] set peer {ipv4 address any} Peer IP. next config filter-list edit {id} # OSPF area filter-list configuration. set id {integer} Filter list entry ID. range[0-4294967295] set list {string} Access-list or prefix-list name. size[35] - datasource(s): router.access-list.name,router.prefix-list.name set direction {in | out} Direction. in In. out Out. next next config ospf-interface edit {name} # OSPF interface configuration. set name {string} Interface entry name. size[35] set interface {string} Configuration interface name. size[15] - datasource(s): system.interface.name set ip {ipv4 address} IP address. set authentication {none | text | md5} Authentication type. none None. text Text. md5 MD5. set authentication-key {password_string} Authentication key. size[8] set md5-key {string} MD5 key. set prefix-length {integer} Prefix length. range[0-32] set retransmit-interval {integer} Retransmit interval. range[1-65535] set transmit-delay {integer} Transmit delay. range[1-65535] set cost {integer} Cost of the interface, value range from 0 to 65535, 0 means auto-cost. range[0-65535] set priority {integer} Priority. range[0-255] set dead-interval {integer} Dead interval. range[0-65535] set hello-interval {integer} Hello interval. range[0-65535] set hello-multiplier {integer} Number of hello packets within dead interval. range[3-10] set database-filter-out {enable | disable} Enable/disable control of flooding out LSAs. set mtu {integer} MTU for database description packets. range[576-65535] set mtu-ignore {enable | disable} Enable/disable ignore MTU. set network-type {option} Network type. broadcast Broadcast. non-broadcast Non-broadcast. point-to-point Point-to-point. point-to-multipoint Point-to-multipoint. point-to-multipoint-non-broadcast Point-to-multipoint and non-broadcast. set bfd {global | enable | disable} Bidirectional Forwarding Detection (BFD). set status {disable | enable} Enable/disable status. set resync-timeout {integer} Graceful restart neighbor resynchronization timeout. range[1-3600] next config network edit {id} # OSPF network configuration. set id {integer} Network entry ID. range[0-4294967295] set prefix {ipv4 classnet} Prefix. set area {ipv4 address any} Attach the network to area. next config neighbor edit {id} # OSPF neighbor configuration are used when OSPF runs on non-broadcast media set id {integer} Neighbor entry ID. range[0-4294967295] set ip {ipv4 address} Interface IP address of the neighbor. set poll-interval {integer} Poll interval time in seconds. range[1-65535] set cost {integer} Cost of the interface, value range from 0 to 65535, 0 means auto-cost. range[0-65535] set priority {integer} Priority. range[0-255] next config passive-interface edit {name} # Passive interface configuration. set name {string} Passive interface name. size[64] - datasource(s): system.interface.name next config summary-address edit {id} # IP address summary configuration. set id {integer} Summary address entry ID. range[0-4294967295] set prefix {ipv4 classnet} Prefix. set tag {integer} Tag value. range[0-4294967295] set advertise {disable | enable} Enable/disable advertise status. next config distribute-list edit {id} # Distribute list configuration. set id {integer} Distribute list entry ID. range[0-4294967295] set access-list {string} Access list name. size[35] - datasource(s): router.access-list.name set protocol {connected | static | rip} Protocol type. connected Connected type. static Static type. rip RIP type. next config redistribute edit {name} # Redistribute configuration. set name {string} Redistribute name. size[35] set status {enable | disable} status set metric {integer} Redistribute metric setting. range[0-16777214] set routemap {string} Route map name. size[35] - datasource(s): router.route-map.name set metric-type {1 | 2} Metric type. 1 Type 1. 2 Type 2. set tag {integer} Tag value. range[0-4294967295] next end
config router ospf6 set abr-type {cisco | ibm | standard} Area border router type. cisco Cisco. ibm IBM. standard Standard. set auto-cost-ref-bandwidth {integer} Reference bandwidth in terms of megabits per second. range[1-1000000] set default-information-originate {enable | always | disable} Enable/disable generation of default route. set log-neighbour-changes {enable | disable} Enable logging of OSPFv3 neighbour's changes set default-information-metric {integer} Default information metric. range[1-16777214] set default-information-metric-type {1 | 2} Default information metric type. 1 Type 1. 2 Type 2. set default-information-route-map {string} Default information route map. size[35] - datasource(s): router.route-map.name set default-metric {integer} Default metric of redistribute routes. range[1-16777214] set router-id {ipv4 address any} A.B.C.D, in IPv4 address format. set spf-timers {string} SPF calculation frequency. set bfd {enable | disable} Enable/disable Bidirectional Forwarding Detection (BFD). config area edit {id} # OSPF6 area configuration. set id {ipv4 address any} Area entry IP address. set default-cost {integer} Summary default cost of stub or NSSA area. range[0-16777215] set nssa-translator-role {candidate | never | always} NSSA translator role type. candidate Candidate. never Never. always Always. set stub-type {no-summary | summary} Stub summary setting. no-summary No summary. summary Summary. set type {regular | nssa | stub} Area type setting. regular Regular. nssa NSSA. stub Stub. set nssa-default-information-originate {enable | disable} Enable/disable originate type 7 default into NSSA area. set nssa-default-information-originate-metric {integer} OSPFv3 default metric. range[0-16777214] set nssa-default-information-originate-metric-type {1 | 2} OSPFv3 metric type for default routes. 1 Type 1. 2 Type 2. set nssa-redistribution {enable | disable} Enable/disable redistribute into NSSA area. config range edit {id} # OSPF6 area range configuration. set id {integer} Range entry ID. range[0-4294967295] set prefix6 {ipv6 network} IPv6 prefix. set advertise {disable | enable} Enable/disable advertise status. next config virtual-link edit {name} # OSPF6 virtual link configuration. set name {string} Virtual link entry name. size[35] set dead-interval {integer} Dead interval. range[1-65535] set hello-interval {integer} Hello interval. range[1-65535] set retransmit-interval {integer} Retransmit interval. range[1-65535] set transmit-delay {integer} Transmit delay. range[1-65535] set peer {ipv4 address any} A.B.C.D, peer router ID. next next config ospf6-interface edit {name} # OSPF6 interface configuration. set name {string} Interface entry name. size[35] set area-id {ipv4 address any} A.B.C.D, in IPv4 address format. set interface {string} Configuration interface name. size[15] - datasource(s): system.interface.name set retransmit-interval {integer} Retransmit interval. range[1-65535] set transmit-delay {integer} Transmit delay. range[1-65535] set cost {integer} Cost of the interface, value range from 0 to 65535, 0 means auto-cost. range[0-65535] set priority {integer} priority range[0-255] set dead-interval {integer} Dead interval. range[1-65535] set hello-interval {integer} Hello interval. range[1-65535] set status {disable | enable} Enable/disable OSPF6 routing on this interface. set network-type {option} Network type. broadcast broadcast point-to-point point-to-point non-broadcast non-broadcast point-to-multipoint point-to-multipoint point-to-multipoint-non-broadcast point-to-multipoint and non-broadcast. set bfd {global | enable | disable} Enable/disable Bidirectional Forwarding Detection (BFD). set mtu {integer} MTU for OSPFv3 packets. range[576-65535] set mtu-ignore {enable | disable} Enable/disable ignoring MTU field in DBD packets. config neighbor edit {ip6} # OSPFv3 neighbors are used when OSPFv3 runs on non-broadcast media set ip6 {ipv6 address} IPv6 link local address of the neighbor. set poll-interval {integer} Poll interval time in seconds. range[1-65535] set cost {integer} Cost of the interface, value range from 0 to 65535, 0 means auto-cost. range[0-65535] set priority {integer} priority range[0-255] next next config redistribute edit {name} # Redistribute configuration. set name {string} Redistribute name. size[35] set status {enable | disable} status set metric {integer} Redistribute metric setting. range[0-16777214] set routemap {string} Route map name. size[35] - datasource(s): router.route-map.name set metric-type {1 | 2} Metric type. 1 Type 1. 2 Type 2. next config passive-interface edit {name} # Passive interface configuration. set name {string} Passive interface name. size[64] - datasource(s): system.interface.name next config summary-address edit {id} # IPv6 address summary configuration. set id {integer} Summary address entry ID. range[0-4294967295] set prefix6 {ipv6 network} IPv6 prefix. set advertise {disable | enable} Enable/disable advertise status. set tag {integer} Tag value. range[0-4294967295] next end
Additional information
The following section is for those options that require additional explanation.
abr-type
Specify the behavior of a FortiGate unit acting as an OSPF area border router (ABR) when it has multiple attached areas and has no backbone connection. Selecting the ABR type compatible with the routers on your network can reduce or eliminate the need for configuring and maintaining virtual links. For more information, see RFC 3509.
auto-cost-ref-bandwidth
Enter the Mbits per second for the reference bandwidth. Values can range from 1 to 65535.
bfd
Select one of the Bidirectional Forwarding Detection (BFD) options for this interface.
- enable - start BFD on this interface
- disable - stop BFD on this interface
- global - use the global settings instead of explicitly setting BFD per interface.
database-overflow
Enable or disable dynamically limiting link state database size under overflow conditions. Enable this command for FortiGate units on a network with routers that may not be able to maintain a complete link state database because of limited resources.
database-overflow-max-lsas
If you have enabled database-overflow
, set the limit for the number of external link state advertisements (LSAs) that the FortiGate unit can keep in its link state database before entering the overflow state. The lsas_integer
must be the same on all routers attached to the OSPF area and the OSPF backbone. The valid range for lsas_integer
is 0 to 4294967294.
database-overflow-time-to-recover
Enter the time, in seconds, after which the FortiGate unit will attempt to leave the overflow state. If seconds_integer
is set to 0, the FortiGate unit will not leave the overflow state until restarted. The valid range for seconds_integer
is 0 to 65535.
default-information-metric
Specify the metric for the default route set by the default-information-originate
command. The valid range for metric_integer
is 1 to 16777214.
default-information-metric-type
Specify the OSPF external metric type for the default route set by the default-information-originate
command.
default-information-originate
Enter enable to advertise a default route into an OSPF routing domain.
Use always to advertise a default route even if the FortiGate unit does not have a default route in its routing table.
default-information-route-map
If you have set default-information-originate
to always
, and there is no default route in the routing table, you can configure a route map to define the parameters that OSPF uses to advertise the default route.
default-metric
Specify the default metric that OSPF should use for redistributed routes. The valid range for metric_integer
is 1 to 16777214.
distance
Configure the administrative distance for all OSPF routes. Using administrative distance you can specify the relative priorities of different routes to the same destination. A lower administrative distance indicates a more preferred route. The valid range for distance_integer
is 1 to 255.
distance-external
Change the administrative distance of all external OSPF routes. The range is from 1 to 255.
distance-inter-area
Change the administrative distance of all inter-area OSPF routes. The range is from 1 to 255.
distance-intra-area
Change the administrative distance of all intra-area OSPF routes. The range is from 1 to 255.
distribute-list-in
Limit route updates from the OSPF neighbor based on the Network Layer Reachability Information (NLRI) defined in the specified access list. You must create the access list before it can be selected here.
See router {access-list | access-list6}
passive-interface
OSPF routing information is not sent or received through the specified interface.
restart-mode
Select the restart mode from:
graceful-restart
- (also known as hitless restart) when FortiGate unit goes down it advertises to neighbors how long it will be down to reduce trafficlls
- Enable Link-local Signaling (LLS) modenone
- hitless restart (graceful restart) is disabled
restart-period
Enter the time in seconds the restart is expected to take.
rfc1583-compatible
Enable or disable RFC 1583 compatibility. RFC 1583 compatibility should be enabled only when there is another OSPF router in the network that only supports RFC 1583.
When RFC 1583 compatibility is enabled, routers choose the path with the lowest cost. Otherwise, routers choose the lowest cost intra-area path through a non-backbone area.
router-id
Set the router ID. The router ID is a unique number, in IP address dotted decimal format, that is used to identify an OSPF router to other OSPF routers within an area. The router ID should not be changed while OSPF is running.
A router ID of 0.0.0.0
is not allowed.
spf-timers
Change the default shortest path first (SPF) calculation delay time and frequency.
The delay_integer
is the time, in seconds, between when OSPF receives information that will require an SPF calculation and when it starts an SPF calculation. The valid range for delay_integer
is 0 to 4294967295.
The hold_integer
is the minimum time, in seconds, between consecutive SPF calculations. The valid range for hold_integer
is 0 to 4294967295.
OSPF updates routes more quickly if the SPF timers are set low; however, this uses more CPU. A setting of 0 for spf-timers
can quickly use up all available CPU.
config router ospf
Use this command to set the router ID of the FortiGate unit. Additional configuration options are supported.
- The
router-id
field is required. All other fields are optional. - The descriptions of the variables for this subcommand are found above.
config area
Use this subcommand to set OSPF area related parameters. Routers in an OSPF autonomous system (AS) or routing domain are organized into logical groupings called areas. Areas are linked together by area border routers (ABRs). There must be a backbone area that all areas can connect to. You can use a virtual link to connect areas that do not have a physical connection to the backbone. Routers within an OSPF area maintain link state databases for their own areas.
FortiGate units support the three main types of areas—stub areas, Not So Stubby areas (NSSA), and regular areas. A stub area only has a default route to the rest of the OSPF routing domain. NSSA is a type of stub area that can import AS external routes and send them to the backbone, but cannot receive AS external routes from the backbone or other areas. All other areas are considered regular areas.
You can use access or prefix lists for OSPF area filter lists. For more information, see router {access-list | access-list6} and router {prefix-list | prefix-list6}.
You can use the config range subcommand to summarize routes at an area boundary. If the network numbers in an area are contiguous, the ABR advertises a summary route that includes all the networks within the area that are within the specified range.
You can configure a virtual link using the config virtual-link subcommand to connect an area to the backbone when the area has no direct connection to the backbone. A virtual link allows traffic from the area to transit a directly connected area to reach the backbone. The transit area cannot be a stub area. Virtual links can only be set up between two ABRs.
If you define a filter list, the If you configure authentication for interfaces, the authentication configured for the area is overridden. |
edit
Type the IP address of the area. An address of 0.0.0.0 indicates the backbone area.
authentication
Define the authentication used for OSPF packets sent and received in this area. Choose one of:
none
— no authentication is used.text
— the authentication key is sent as plain text.md5
— the authentication key is used to generate an MD5 hash.
Both text mode and MD5 mode only guarantee the authenticity of the OSPF packet, not the confidentiality of the information in the packet.
In text mode the key is sent in clear text over the network, and is only used to prevent network problems that can occur if a misconfigured router is mistakenly added to the area.
Authentication passwords or keys are defined per interface.
default-cost
Enter the metric to use for the summary default route in a stub area or not so stubby area (NSSA). A lower default cost indicates a more preferred route.
The valid range for cost_integer is 1 to 16777214.
nssa-default-information-originate
Enter enable to advertise a default route in a not so stubby area. Affects NSSA ABRs or NSSA Autonomous System Boundary Routers only.
nssa-default-information-originate-metric
Specify the metric (an integer) for the default route set by the nssa-default-information-originate field.
nssa-default-information-originate-metric-type
Specify the OSPF external metric type for the default route set by the nssa-default-information-originate field.
nssa-redistribution
Enable or disable redistributing routes into a NSSA area.
nssa-translator-role
A NSSA border router can translate the Type 7 LSAs used for external route information within the NSSA to Type 5 LSAs used for distributing external route information to other parts of the OSPF routing domain. Usually a NSSA will have only one NSSA border router acting as a translator for the NSSA.
You can set the translator role to always to ensure this FortiGate unit always acts as a translator if it is in a NSSA, even if other routers in the NSSA are also acting as translators.
You can set the translator role to candidate to have this FortiGate unit participate in the process for electing a translator for a NSSA.
You can set the translator role to never to ensure this FortiGate unit never acts as the translator if it is in a NSSA.
shortcut
Use this command to specify area shortcut parameters.
stub-type
Enter no-summary to prevent an ABR sending summary LSAs into a stub area. Enter summary to allow an ABR to send summary LSAs into a stub area.
type
Set the area type:
- Select nssa for a not so stubby area.
- Select regular for a normal OSPF area.
- Select stub for a stub area.
This is not available for area 0.0.0.0.
config filter-list variables
edit
Enter an ID number for the filter list. The number must be an integer.
direction
Set the direction for the filter.
- Enter
in
to filter incoming packets. - Enter
out
to filter outgoing packets.
list
Enter the name of the access list or prefix list to use for this filter list.
config range variables
edit
Enter an ID number for the range. The number must be an integer in the 0 to 4,294,967,295 range.
advertise
Enable
or disable
advertising the specified range.
prefix
Specify the range of addresses to summarize. Format: x.x.x.x x.x.x.x.
substitute
Enter a prefix to advertise instead of the prefix defined for the range. Format: x.x.x.x x.x.x.x.The prefix 0.0.0.0 0.0.0.0 is not allowed.
substitute-status
Enable
or disable
using a substitute prefix.
config virtual-link variables
edit
Enter a name for the virtual link.
authentication
Define the type of authentication used for OSPF packets sent and received over this virtual link. Choose one of:
none
— no authentication is used.text
— the authentication key is sent as plain text.md5
— the authentication key is used to generate an MD5 hash.
Both text mode and MD5 mode only guarantee the authenticity of the OSPF packet, not the confidentiality of the information in the packet.
In text mode the key is sent in clear text over the network, and is only used only to prevent network problems that can occur if a misconfigured router is mistakenly added to the area.
authentication-key
Enter the password to use for text
authentication. The maximum length for the authentication-key
is 15 characters.
The authentication-key
used must be the same on both ends of the virtual link.
This field is only available when authentication
is set to text
.
dead-interval
The time in seconds to wait for a hello packet before declaring a router down. The value of the dead-interval
should be four times the value of the hello-interval
.
Both ends of the virtual link must use the same value for dead-interval
.
The valid range for seconds_integer
is 1 to 65535.
hello-interval
The time, in seconds, between hello packets.
Both ends of the virtual link must use the same value for hello-interval
.
The value for dead-interval
should be four times larger than the hello-interval
value.
The valid range for seconds_integer
is 1 to 65535.
md5-key
This field is available when authentication
is set to md5
.
Enter the key ID and password to use for MD5 authentication.
Example:
set md5-key 6 "ENCyYKaPSrY89CeXn66WUybbLZQ5YM="
Both ends of the virtual link must use the same key ID and key.
The valid range for id_integer
is 1 to 255. key_str
is an alphanumeric string of up to 16 characters.
peer
The router id of the remote ABR.
0.0.0.0
is not allowed.
retransmit-interval
The time, in seconds, to wait before sending a LSA retransmission. The value for the retransmit interval must be greater than the expected round-trip delay for a packet. The valid range for seconds_integer
is 1 to 65535.
transmit-delay
The estimated time, in seconds, required to send a link state update packet on this virtual link.
OSPF increments the age of the LSAs in the update packet to account for transmission and propagation delays on the virtual link.
Increase the value for transmit-delay
on low speed links.
The valid range for seconds_integer
is 1 to 65535.
Example: This example shows how to configure a stub area with the id 15.1.1.1, a stub type of summary, a default cost of 20, and MD5 authentication. config router ospf config area edit 15.1.1.1 set type stub set stub-type summary set default-cost 20 set authentication md5 end end |
Example: This example shows how to use a filter list named acc_list1 to filter packets entering area 15.1.1.1. config router ospf config area edit 15.1.1.1 config filter-list edit 1 set direction in set list acc_list1 end end |
Example: This example shows how to set the prefix for range 1 of area 15.1.1.1. config router ospf config area edit 15.1.1.1 config range edit 1 set prefix 1.1.0.0 255.255.0.0 end end |
Example: This example shows how to configure a virtual link. config router ospf config area edit 15.1.1.1 config virtual-link edit vlnk1 set peer 1.1.1.1 end end |
config distribute-list
Use this subcommand to filter the networks for routing updates using an access list. Routes not matched by any of the distribution lists will not be advertised.
You must configure the access list that you want the distribution list to use before you configure the distribution list. To configure an access list, see router {access-list | access-list6}.
The access-list and protocol fields are required.
edit
Enter an ID number for the distribution list. The number must be an integer.
access-list
Enter the name of the access list to use for this distribution list.
protocol
Advertise only the routes discovered by the specified protocol and that are permitted by the named access list.
Example: This example shows how to configure distribution list 2 to use an access list named config router ospf config distribute-list edit 2 set access-list acc_list1 set protocol static end end |
config neighbor
Use this subcommand to manually configure an OSPF neighbor on non-broadcast networks. OSPF packets are unicast to the specified neighbor address. You can configure multiple neighbors.
The ip
field is required. All other fields are optional.
edit
Enter an ID number for the OSPF neighbor. The number must be an integer.
cost
Enter the cost to use for this neighbor. The valid range for cost_integer
is 1 to 65535.
ip
Enter the IP address of the neighbor.
poll-interval
Enter the time, in seconds, between hello packets sent to the neighbor in the down state. The value of the poll interval must be larger than the value of the hello interval. The valid range for seconds_integer
is 1 to 65535.
priority
Enter a priority number for the neighbor. The valid range for priority_integer
is 0 to 255.
Example This example shows how to manually add a neighbor. config router ospf config neighbor edit 1 set ip 192.168.21.63 end end |
config network
Use this subcommand to identify the interfaces to include in the specified OSPF area. The prefix
field can define one or multiple interfaces.
The area
and prefix
fields are required.
edit
Enter an ID number for the network. The number must be an integer.
area
The ID number of the area to be associated with the prefix.
prefix
Enter the IP address and netmask for the OSPF network.
Example: Use the following command to enable OSPF for the interfaces attached to networks specified by the IP address 10.0.0.0 and the netmask 255.255.255.0 and to add these interfaces to area 10.1.1.1. config router ospf config network edit 2 set area 10.1.1.1 set prefix 10.0.0.0 255.255.255.0 end end |
config ospf-interface
Use this subcommand to configure interface related OSPF settings.
The interface
field is required. All other fields are optional. If you configure authentication for the interface, authentication for areas is not used.
edit
Enter a descriptive name for this OSPF interface configuration. To apply this configuration to a FortiGate unit interface, set the interface <name_str>
attribute.
authentication
Define the authentication used for OSPF packets sent and received by this interface. Choose one of:
none
— no authentication is used.text
— the authentication key is sent as plain text.md5
— the authentication key is used to generate an MD5 hash.
Both text mode and MD5 mode only guarantee the authenticity of the update packet, not the confidentiality of the routing information in the packet.
In text mode the key is sent in clear text over the network, and is only used only to prevent network problems that can occur if a misconfigured router is mistakenly added to the network.
All routers on the network must use the same authentication type.
authentication-key
This field is available when authentication
is set to text.
Enter the password to use for text
authentication.
The authentication-key
must be the same on all neighboring routers.
The maximum length for the authentication-key
is 15 characters.
bfd
Select to enable Bi-directional Forwarding Detection (BFD). It is used to quickly detect hardware problems on the network.
This command enables this service on this interface.
cost
Specify the cost (metric) of the link. The cost is used for shortest path first calculations.
database-filter-out
Enable or disable flooding LSAs out of this interface.
dead-interval
The time, in seconds, to wait for a hello packet before declaring a router down. The value of the dead-interval
should be four times the value of the hello-interval
.
All routers on the network must use the same value for dead-interval
.
The valid range for seconds_integer
is 1 to 65535.
hello-interval
The time, in seconds, between hello packets.
All routers on the network must use the same value for hello-interval
.
The value of the dead-interval
should be four times the value of the hello-interval
.
The valid range for seconds_integer
is 1 to 65535.
hello-multiplier
Enter the number of hello packets to send within the dead interval. Range 3-10. 0 disables.
interface
Enter the name of the interface to associate with this OSPF configuration. The interface might be a virtual IPSec or GRE interface.
ip
Enter the IP address of the interface named by the interface
field.
It is possible to apply different OSPF configurations for different IP addresses defined on the same interface.
md5-key
This field is available when authentication
is set to md5
.
Enter the key ID and password to use for MD5 authentication.
Example:
set md5-key 6 "ENCyYKaPSrY89CeXn66WUybbLZQ5YM="
You can add more than one key ID and key pair per interface. However, you cannot unset one key without unsetting all of the keys.
The key ID and key must be the same on all neighboring routers.
The valid range for id_integer
is 1 to 255. key_str
is an alphanumeric string of up to 16 characters.
mtu
Change the Maximum Transmission Unit (MTU) size included in database description packets sent out this interface. The valid range for mtu_integer
is 576 to 65535.
mtu-ignore
Use this command to control the way OSPF behaves when the Maximum Transmission Unit (MTU) in the sent and received database description packets does not match.
When mtu-ignore
is enabled, OSPF will stop detecting mismatched MTUs and go ahead and form an adjacency.
When mtu-ignore
is disabled, OSPF will detect mismatched MTUs and not form an adjacency.
mtu-ignore
should only be enabled if it is not possible to reconfigure the MTUs so that they match on both ends of the attempted adjacency connection.
network-type
Specify the type of network to which the interface is connected.
OSPF supports four different types of network. This command specifies the behavior of the OSPF interface according to the network type. Choose one of:
- broadcast
- non-broadcast
- point-to-multipoint
- point-to-multipoint-non-broadcast
- point-to-point
If you specify non-broadcast
, you must also configure neighbors using “config neighbor”.
prefix-length
Set the size of the OSPF hello network mask. Range 0 to 32.
priority
Set the router priority for this interface.
Router priority is used during the election of a designated router (DR) and backup designated router (BDR).
An interface with router priority set to 0 can not be elected DR or BDR. The interface with the highest router priority wins the election. If there is a tie for router priority, router ID is used.
Point-to-point networks do not elect a DR or BDR; therefore, this setting has no effect on a point-to-point network.
The valid range for priority_integer
is 0 to 255.
resync-timeout
Enter the synchronizing timeout for graceful restart interval in seconds. This is the period for this interface to synchronize with a neighbor.
retransmit-interval
The time, in seconds, to wait before sending a LSA retransmission. The value for the retransmit interval must be greater than the expected round-trip delay for a packet. The valid range for seconds_integer
is 1 to 65535.
status
Enable or disable OSPF on this interface.
transmit-delay
The estimated time, in seconds, required to send a link state update packet on this interface.
OSPF increments the age of the LSAs in the update packet to account for transmission and propagation delays on the interface.
Increase the value for transmit-delay
on low speed links.
The valid range for seconds_integer
is 1 to 65535.
Example This example shows how to assign an OSPF interface configuration named test to the
interface named config router ospf config ospf-interface edit test set interface internal set ip 192.168.20.3 set authentication text set authentication-key a2b3c4d5e end end |
config redistribute
Use this subcommand to redistribute routes learned from BGP, RIP, static routes, or a direct connection to the destination network.
The OSPF redistribution table contains four static entries. You cannot add entries to the table. The entries are defined as follows:
bgp
— Redistribute routes learned from BGP.connected
— Redistribute routes learned from a direct connection to the destination network.isis
— Redistribute routes learned from ISIS.static
— Redistribute the static routes defined in the FortiGate unit routing table.rip
— Redistribute routes learned from RIP.
When you enter the subcommand, end the command with one of the four static entry names (that is, config redistribute {bgp | connected | isis | static | rip
}).
All fields are optional.
metric
Enter the metric to be used for the redistributed routes. The range for the metric is from 1 to 16777214.
metric-type
Specify the external link type to be used for the redistributed routes.
routemap
Enter the name of the route map to use for the redistributed routes. For information on how to configure route maps, see router route-map.
status
Enable or disable redistributing routes.
tag
Specify a tag for redistributed routes. The valid range for integer variable is 0 to 4294967295.
Example This example shows how to enable route redistribution from RIP, using a metric of 3 and a route map named rtmp2. config router ospf config redistribute rip set metric 3 set routemap rtmp2 set status enable end |
config summary-address
edit
Enter an ID number for the summary address. The
number must be an integer.
advertise
Advertise or suppress the summary route that matches the specified prefix.
prefix
Enter the prefix (IP address and netmask) to use for the summary route. The prefix 0.0.0.0 0.0.0.0
is not allowed.
tag
Specify a tag for the summary route.
The valid range for integer variable is 0 to 4294967295.