Fortinet black logo

CLI Reference

router ripng

router ripng

Use this command to configure the “next generation” Routing Information Protocol (RIPng) on the FortiGate unit. RIPng is a distance-vector routing protocol intended for small, relatively homogeneous, IPv6 networks. RIPng uses hop count as its routing metric. Each network is usually counted as one hop. The network diameter is limited to 15 hops. RIPng is defined in RFC 2080.

config router ripng
    set default-information-originate {enable | disable}   Enable/disable generation of default route.
    set default-metric {integer}   Default metric. range[1-16]
    set max-out-metric {integer}   Maximum metric allowed to output(0 means 'not set'). range[0-15]
    config distance
        edit {id}
        # distance
            set id {integer}   Distance ID. range[0-4294967295]
            set distance {integer}   Distance (1 - 255). range[1-255]
            set prefix6 {ipv6 prefix}   Distance prefix6.
            set access-list6 {string}   Access list for route destination. size[35] - datasource(s): router.access-list6.name
        next
    config distribute-list
        edit {id}
        # Distribute list.
            set id {integer}   Distribute list ID. range[0-4294967295]
            set status {enable | disable}   status
            set direction {in | out}   Distribute list direction.
                    in   Filter incoming packets.
                    out  Filter outgoing packets.
            set listname {string}   Distribute access/prefix list name. size[35] - datasource(s): router.access-list6.name,router.prefix-list6.name
            set interface {string}   Distribute list interface name. size[15] - datasource(s): system.interface.name
        next
    config neighbor
        edit {id}
        # neighbor
            set id {integer}   Neighbor entry ID. range[0-4294967295]
            set ip6 {ipv6 address}   IPv6 link-local address.
            set interface {string}   Interface name. size[15] - datasource(s): system.interface.name
        next
    config network
        edit {id}
        # Network.
            set id {integer}   Network entry ID. range[0-4294967295]
            set prefix {ipv6 prefix}   Network IPv6 link-local prefix.
        next
    config aggregate-address
        edit {id}
        # Aggregate address.
            set id {integer}   Aggregate address entry ID. range[0-4294967295]
            set prefix6 {ipv6 prefix}   Aggregate address prefix.
        next
    config offset-list
        edit {id}
        # Offset list.
            set id {integer}   Offset-list ID. range[0-4294967295]
            set status {enable | disable}   status
            set direction {in | out}   Offset list direction.
                    in   Filter incoming packets.
                    out  Filter outgoing packets.
            set access-list6 {string}   IPv6 access list name. size[35] - datasource(s): router.access-list6.name
            set offset {integer}   offset range[1-16]
            set interface {string}   Interface name. size[15] - datasource(s): system.interface.name
        next
    config passive-interface
        edit {name}
        # Passive interface configuration.
            set name {string}   Passive interface name. size[64] - datasource(s): system.interface.name
        next
    config redistribute
        edit {name}
        # Redistribute configuration.
            set name {string}   Redistribute name. size[35]
            set status {enable | disable}   status
            set metric {integer}   Redistribute metric setting. range[1-16]
            set routemap {string}   Route map name. size[35] - datasource(s): router.route-map.name
        next
    set update-timer {integer}   Update timer. range[5-2147483647]
    set timeout-timer {integer}   Timeout timer. range[5-2147483647]
    set garbage-timer {integer}   Garbage timer. range[5-2147483647]
    config interface
        edit {name}
        # RIPng interface configuration.
            set name {string}   Interface name. size[35] - datasource(s): system.interface.name
            set split-horizon-status {enable | disable}   Enable/disable split horizon.
            set split-horizon {poisoned | regular}   Enable/disable split horizon.
                    poisoned  Poisoned.
                    regular   Regular.
            set flags {integer}   Flags. range[0-255]
        next
end

Additional information

The following section is for those options that require additional explanation.

default-information-originate

Enter enable to advertise a default static route into RIPng.

default-metric

For non-default routes in the static routing table and directly connected networks the default metric is the metric that the FortiGate unit advertises to adjacent routers. This metric is added to the metrics of learned routes. The default metric can be a number from 1 to 16.

garbage-timer

The time in seconds that must elapse after the timeout interval for a route expires, before RIPng deletes the route. If RIPng receives an update for the route after the timeout timer expires but before the garbage timer expires then the entry is switched back to reachable.

RIP timer defaults are effective in most configurations. All routers and access servers in the network should have the same RIP timer settings.

The update timer interval can not be larger than the garbage timer interval.

Range 5 to 2,147,483,647 seconds.

passive-interface

Block RIPng broadcasts on the specified interface. You can use “config neighbor” and the passive interface command to allow RIPng to send unicast updates to the specified neighbor while blocking broadcast updates on the specified interface.

timeout-timer

The time interval in seconds after which a route is declared unreachable. The route is removed from the routing table. RIP holds the route until the garbage timer expires and then deletes the route. If RIP receives an update for the route before the timeout timer expires, then the timeout-timer is restarted. If RIP receives an update for the route after the timeout timer expires but before the garbage timer expires then the entry is switched back to reachable. The value of the timeout timer should be at least three times the value of the update timer.

RIP timer defaults are effective in most configurations. All routers and access servers in the network should have the same RIP timer settings.

The update timer interval can not be larger than the timeout timer interval.

Range 5 to 2,147,483,647 seconds.

update-timer

The time interval in seconds between RIP updates.

RIP timer defaults are effective in most configurations. All routers and access servers in the network should have the same RIP timer settings.

The update timer interval can not be larger than timeout or garbage timer intervals.

Range 5 to 2,147,483,647 seconds.

config aggregate-address

Use this subcommand to configure aggregate address prefixes.

prefix6

Enter the prefix for the aggregate address.

config distance

Use this subcommand to specify an administrative distance. When different routing protocols provide multiple routes to the same destination, the administrative distance sets the priority of those routes. The lowest administrative distance indicates the preferred route. The distance field is required. All other fields are optional.

If you specify a prefix, RIP uses the specified distance when the source IP address of a packet matches the prefix.

access-list6

Enter the name of an access list. The distances associated with the routes in the access list will be modified. To create an access list, see router {access-list | access-list6}.

distance

Enter a number from 1 to 255, to set the administrative distance.

This field is required.

prefix6

Optionally enter a prefix to apply the administrative distance to.

config distribute-list

Use this subcommand to filter incoming or outgoing updates using an access list or a prefix list. If you do not specify an interface, the filter will be applied to all interfaces. You must configure the access list or prefix list that you want the distribution list to use before you configure the distribution list. For more information on configuring access lists and prefix lists, see router {access-list | access-list6} and router {prefix-list | prefix-list6}.

The direction and listname fields are required. All other fields are optional.

direction

Set the direction for the filter.

  • in to filter incoming packets.
  • out to filter outgoing packets.

interface

Enter the name of the interface to apply this distribution list to. If you do not specify an interface, this distribution list will be used for all interfaces.

listname

Enter the name of the access list or prefix list to use for this distribution list.

config interface

Use this subcommand to configure and enable split horizon. All fields are optional.

A split horizon occurs when a router advertises a route it learns over the same interface it learned it on. In this case the router that gave the learned route to the last router now has two entries to get to another location. However, if the primary route fails that router tries the second route to find itself as part of the route and an infinite loop is created. A poisoned split horizon will still advertise the route on the interface it received it on, but it will mark the route as unreachable. Any unreachable routes are automatically removed from the routing table. This is also called split horizon with poison reverse.

edit

Type the name of the FortiGate unit interface that is linked to the RIP network. The interface might be a virtual IPSec or GRE interface.

split-horizon

Configure RIP to use either regular or poisoned split horizon on this interface. Choose one of:

  • regular - prevent RIP from sending updates for a route back out on the interface from which it received that route.
  • poisoned - send updates with routes learned on an interface back out the same interface but mark those routes as unreachable.

split-horizon-status

Enable or disable split horizon for this interface. Split horizon is enabled by default.

Disable split horizon only if there is no possibility of creating a counting to infinity loop when network topology changes.

config neighbor

Use this subcommand to enable RIPng to send unicast routing updates to the router at the specified address. You can use the neighbor subcommand and “passive-interface" setting to allow RIPng to send unicast updates to the specified neighbor while blocking broadcast updates on the specified interface. You can configure multiple neighbors.

All fields are required.

edit

Enter an entry number for the RIPng neighbor. The number must be an integer.

interface

The interface that connects to the neighbor.

ip6

Enter the IP address of the neighboring router to which to send unicast updates.

config offset-list

Use this subcommand to add the specified offset to the metric (hop count) of a route from the offset list. The access-list6, direction, and offset fields are required. All other fields are optional.

access-list6

Enter the name of the access list to use for this offset list. The access list is used to determine which routes to add the metric to.

direction

Enter in to apply the offset to the metrics of incoming routes. Enter out to apply the offset to the metrics of outgoing routes.

interface

Enter the name of the interface to match for this offset list.

offset

Enter the offset number to add to the metric. The metric is the hop count. The acceptable range value is from 1 to 16, with 16 being unreachable.

status

Enable or disable this offset list.

config redistribute

Use this subcommand to redistribute routes learned from OSPF, BGP, static routes, or a direct connection to the destination network.

The RIPng redistribution table contains four static entries. You cannot add entries to the table.

The entries are defined as follows:

  • bgp - Redistribute routes learned from BGP.
  • connected - Redistribute routes learned from a direct connection to the destination network.
  • isis - Redistribute routes learned from ISIS.
  • ospf - Redistribute routes learned from OSPF.
  • static - Redistribute the static routes defined in the FortiGate unit routing table.

When you enter the subcommand, end the command with one of the four static entry names (that is, config redistribute {bgp | connected | isis | ospf | static}).

All fields are optional.

metric

Enter the metric value to be used for the redistributed routes. The acceptable value range is an integer from 0 to 16.

routemap

Enter the name of the route map to use for the redistributed routes.

router ripng

Use this command to configure the “next generation” Routing Information Protocol (RIPng) on the FortiGate unit. RIPng is a distance-vector routing protocol intended for small, relatively homogeneous, IPv6 networks. RIPng uses hop count as its routing metric. Each network is usually counted as one hop. The network diameter is limited to 15 hops. RIPng is defined in RFC 2080.

config router ripng
    set default-information-originate {enable | disable}   Enable/disable generation of default route.
    set default-metric {integer}   Default metric. range[1-16]
    set max-out-metric {integer}   Maximum metric allowed to output(0 means 'not set'). range[0-15]
    config distance
        edit {id}
        # distance
            set id {integer}   Distance ID. range[0-4294967295]
            set distance {integer}   Distance (1 - 255). range[1-255]
            set prefix6 {ipv6 prefix}   Distance prefix6.
            set access-list6 {string}   Access list for route destination. size[35] - datasource(s): router.access-list6.name
        next
    config distribute-list
        edit {id}
        # Distribute list.
            set id {integer}   Distribute list ID. range[0-4294967295]
            set status {enable | disable}   status
            set direction {in | out}   Distribute list direction.
                    in   Filter incoming packets.
                    out  Filter outgoing packets.
            set listname {string}   Distribute access/prefix list name. size[35] - datasource(s): router.access-list6.name,router.prefix-list6.name
            set interface {string}   Distribute list interface name. size[15] - datasource(s): system.interface.name
        next
    config neighbor
        edit {id}
        # neighbor
            set id {integer}   Neighbor entry ID. range[0-4294967295]
            set ip6 {ipv6 address}   IPv6 link-local address.
            set interface {string}   Interface name. size[15] - datasource(s): system.interface.name
        next
    config network
        edit {id}
        # Network.
            set id {integer}   Network entry ID. range[0-4294967295]
            set prefix {ipv6 prefix}   Network IPv6 link-local prefix.
        next
    config aggregate-address
        edit {id}
        # Aggregate address.
            set id {integer}   Aggregate address entry ID. range[0-4294967295]
            set prefix6 {ipv6 prefix}   Aggregate address prefix.
        next
    config offset-list
        edit {id}
        # Offset list.
            set id {integer}   Offset-list ID. range[0-4294967295]
            set status {enable | disable}   status
            set direction {in | out}   Offset list direction.
                    in   Filter incoming packets.
                    out  Filter outgoing packets.
            set access-list6 {string}   IPv6 access list name. size[35] - datasource(s): router.access-list6.name
            set offset {integer}   offset range[1-16]
            set interface {string}   Interface name. size[15] - datasource(s): system.interface.name
        next
    config passive-interface
        edit {name}
        # Passive interface configuration.
            set name {string}   Passive interface name. size[64] - datasource(s): system.interface.name
        next
    config redistribute
        edit {name}
        # Redistribute configuration.
            set name {string}   Redistribute name. size[35]
            set status {enable | disable}   status
            set metric {integer}   Redistribute metric setting. range[1-16]
            set routemap {string}   Route map name. size[35] - datasource(s): router.route-map.name
        next
    set update-timer {integer}   Update timer. range[5-2147483647]
    set timeout-timer {integer}   Timeout timer. range[5-2147483647]
    set garbage-timer {integer}   Garbage timer. range[5-2147483647]
    config interface
        edit {name}
        # RIPng interface configuration.
            set name {string}   Interface name. size[35] - datasource(s): system.interface.name
            set split-horizon-status {enable | disable}   Enable/disable split horizon.
            set split-horizon {poisoned | regular}   Enable/disable split horizon.
                    poisoned  Poisoned.
                    regular   Regular.
            set flags {integer}   Flags. range[0-255]
        next
end

Additional information

The following section is for those options that require additional explanation.

default-information-originate

Enter enable to advertise a default static route into RIPng.

default-metric

For non-default routes in the static routing table and directly connected networks the default metric is the metric that the FortiGate unit advertises to adjacent routers. This metric is added to the metrics of learned routes. The default metric can be a number from 1 to 16.

garbage-timer

The time in seconds that must elapse after the timeout interval for a route expires, before RIPng deletes the route. If RIPng receives an update for the route after the timeout timer expires but before the garbage timer expires then the entry is switched back to reachable.

RIP timer defaults are effective in most configurations. All routers and access servers in the network should have the same RIP timer settings.

The update timer interval can not be larger than the garbage timer interval.

Range 5 to 2,147,483,647 seconds.

passive-interface

Block RIPng broadcasts on the specified interface. You can use “config neighbor” and the passive interface command to allow RIPng to send unicast updates to the specified neighbor while blocking broadcast updates on the specified interface.

timeout-timer

The time interval in seconds after which a route is declared unreachable. The route is removed from the routing table. RIP holds the route until the garbage timer expires and then deletes the route. If RIP receives an update for the route before the timeout timer expires, then the timeout-timer is restarted. If RIP receives an update for the route after the timeout timer expires but before the garbage timer expires then the entry is switched back to reachable. The value of the timeout timer should be at least three times the value of the update timer.

RIP timer defaults are effective in most configurations. All routers and access servers in the network should have the same RIP timer settings.

The update timer interval can not be larger than the timeout timer interval.

Range 5 to 2,147,483,647 seconds.

update-timer

The time interval in seconds between RIP updates.

RIP timer defaults are effective in most configurations. All routers and access servers in the network should have the same RIP timer settings.

The update timer interval can not be larger than timeout or garbage timer intervals.

Range 5 to 2,147,483,647 seconds.

config aggregate-address

Use this subcommand to configure aggregate address prefixes.

prefix6

Enter the prefix for the aggregate address.

config distance

Use this subcommand to specify an administrative distance. When different routing protocols provide multiple routes to the same destination, the administrative distance sets the priority of those routes. The lowest administrative distance indicates the preferred route. The distance field is required. All other fields are optional.

If you specify a prefix, RIP uses the specified distance when the source IP address of a packet matches the prefix.

access-list6

Enter the name of an access list. The distances associated with the routes in the access list will be modified. To create an access list, see router {access-list | access-list6}.

distance

Enter a number from 1 to 255, to set the administrative distance.

This field is required.

prefix6

Optionally enter a prefix to apply the administrative distance to.

config distribute-list

Use this subcommand to filter incoming or outgoing updates using an access list or a prefix list. If you do not specify an interface, the filter will be applied to all interfaces. You must configure the access list or prefix list that you want the distribution list to use before you configure the distribution list. For more information on configuring access lists and prefix lists, see router {access-list | access-list6} and router {prefix-list | prefix-list6}.

The direction and listname fields are required. All other fields are optional.

direction

Set the direction for the filter.

  • in to filter incoming packets.
  • out to filter outgoing packets.

interface

Enter the name of the interface to apply this distribution list to. If you do not specify an interface, this distribution list will be used for all interfaces.

listname

Enter the name of the access list or prefix list to use for this distribution list.

config interface

Use this subcommand to configure and enable split horizon. All fields are optional.

A split horizon occurs when a router advertises a route it learns over the same interface it learned it on. In this case the router that gave the learned route to the last router now has two entries to get to another location. However, if the primary route fails that router tries the second route to find itself as part of the route and an infinite loop is created. A poisoned split horizon will still advertise the route on the interface it received it on, but it will mark the route as unreachable. Any unreachable routes are automatically removed from the routing table. This is also called split horizon with poison reverse.

edit

Type the name of the FortiGate unit interface that is linked to the RIP network. The interface might be a virtual IPSec or GRE interface.

split-horizon

Configure RIP to use either regular or poisoned split horizon on this interface. Choose one of:

  • regular - prevent RIP from sending updates for a route back out on the interface from which it received that route.
  • poisoned - send updates with routes learned on an interface back out the same interface but mark those routes as unreachable.

split-horizon-status

Enable or disable split horizon for this interface. Split horizon is enabled by default.

Disable split horizon only if there is no possibility of creating a counting to infinity loop when network topology changes.

config neighbor

Use this subcommand to enable RIPng to send unicast routing updates to the router at the specified address. You can use the neighbor subcommand and “passive-interface" setting to allow RIPng to send unicast updates to the specified neighbor while blocking broadcast updates on the specified interface. You can configure multiple neighbors.

All fields are required.

edit

Enter an entry number for the RIPng neighbor. The number must be an integer.

interface

The interface that connects to the neighbor.

ip6

Enter the IP address of the neighboring router to which to send unicast updates.

config offset-list

Use this subcommand to add the specified offset to the metric (hop count) of a route from the offset list. The access-list6, direction, and offset fields are required. All other fields are optional.

access-list6

Enter the name of the access list to use for this offset list. The access list is used to determine which routes to add the metric to.

direction

Enter in to apply the offset to the metrics of incoming routes. Enter out to apply the offset to the metrics of outgoing routes.

interface

Enter the name of the interface to match for this offset list.

offset

Enter the offset number to add to the metric. The metric is the hop count. The acceptable range value is from 1 to 16, with 16 being unreachable.

status

Enable or disable this offset list.

config redistribute

Use this subcommand to redistribute routes learned from OSPF, BGP, static routes, or a direct connection to the destination network.

The RIPng redistribution table contains four static entries. You cannot add entries to the table.

The entries are defined as follows:

  • bgp - Redistribute routes learned from BGP.
  • connected - Redistribute routes learned from a direct connection to the destination network.
  • isis - Redistribute routes learned from ISIS.
  • ospf - Redistribute routes learned from OSPF.
  • static - Redistribute the static routes defined in the FortiGate unit routing table.

When you enter the subcommand, end the command with one of the four static entry names (that is, config redistribute {bgp | connected | isis | ospf | static}).

All fields are optional.

metric

Enter the metric value to be used for the redistributed routes. The acceptable value range is an integer from 0 to 16.

routemap

Enter the name of the route map to use for the redistributed routes.