router rip
Use this command to configure the Routing Information Protocol (RIP) on the FortiGate unit. RIP is a distance-vector routing protocol intended for small, relatively homogeneous networks. RIP uses hop count as its routing metric. Each network is usually counted as one hop. The network diameter is limited to 15 hops with 16 hops.
The FortiOS implementation of RIP supports RIP version 1 (see RFC 1058) and RIP version 2 (see RFC 2453). RIP version 2 enables RIP messages to carry more information, and to support simple authentication and subnet masks.
update_timer cannot be larger than timeout_time r and garbage_timer . Attempts to do
so will generate an error. |
History
The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.
Command | Description |
---|---|
config redistribute edit <name> set metric <integer> next ... |
Updated the |
config router rip set default-information-originate {enable | disable} Enable/disable generation of default route. set default-metric {integer} Default metric. range[1-16] set max-out-metric {integer} Maximum metric allowed to output(0 means 'not set'). range[0-15] set recv-buffer-size {integer} Receiving buffer size. range[8129-2147483647] config distance edit {id} # distance set id {integer} Distance ID. range[0-4294967295] set prefix {ipv4 classnet any} Distance prefix. set distance {integer} Distance (1 - 255). range[1-255] set access-list {string} Access list for route destination. size[35] - datasource(s): router.access-list.name next config distribute-list edit {id} # Distribute list. set id {integer} Distribute list ID. range[0-4294967295] set status {enable | disable} status set direction {in | out} Distribute list direction. in Filter incoming packets. out Filter outgoing packets. set listname {string} Distribute access/prefix list name. size[35] - datasource(s): router.access-list.name,router.prefix-list.name set interface {string} Distribute list interface name. size[15] - datasource(s): system.interface.name next config neighbor edit {id} # neighbor set id {integer} Neighbor entry ID. range[0-4294967295] set ip {ipv4 address} IP address. next config network edit {id} # network set id {integer} Network entry ID. range[0-4294967295] set prefix {ipv4 classnet} Network prefix. next config offset-list edit {id} # Offset list. set id {integer} Offset-list ID. range[0-4294967295] set status {enable | disable} status set direction {in | out} Offset list direction. in Filter incoming packets. out Filter outgoing packets. set access-list {string} Access list name. size[35] - datasource(s): router.access-list.name set offset {integer} offset range[1-16] set interface {string} Interface name. size[15] - datasource(s): system.interface.name next config passive-interface edit {name} # Passive interface configuration. set name {string} Passive interface name. size[64] - datasource(s): system.interface.name next config redistribute edit {name} # Redistribute configuration. set name {string} Redistribute name. size[35] set status {enable | disable} status set metric {integer} Redistribute metric setting. range[1-16] set routemap {string} Route map name. size[35] - datasource(s): router.route-map.name next set update-timer {integer} Update timer in seconds. range[5-2147483647] set timeout-timer {integer} Timeout timer in seconds. range[5-2147483647] set garbage-timer {integer} Garbage timer in seconds. range[5-2147483647] set version {1 | 2} RIP version. 1 Version 1. 2 Version 2. config interface edit {name} # RIP interface configuration. set name {string} Interface name. size[35] - datasource(s): system.interface.name set auth-keychain {string} Authentication key-chain name. size[35] - datasource(s): router.key-chain.name set auth-mode {none | text | md5} Authentication mode. none None. text Text. md5 MD5. set auth-string {password_string} Authentication string/password. size[16] set receive-version {1 | 2} Receive version. 1 Version 1. 2 Version 2. set send-version {1 | 2} Send version. 1 Version 1. 2 Version 2. set send-version2-broadcast {disable | enable} Enable/disable broadcast version 1 compatible packets. set split-horizon-status {enable | disable} Enable/disable split horizon. set split-horizon {poisoned | regular} Enable/disable split horizon. poisoned Poisoned. regular Regular. set flags {integer} flags range[0-255] next end
Additional information
The following section is for those options that require additional explanation.
default-information-originate
Enter enable to advertise a default static route into RIP.
default-metric
For non-default routes in the static routing table and directly connected networks the default metric is the metric that the FortiGate unit advertises to adjacent routers. This metric is added to the metrics of learned routes. The default metric can be a number from 1 to 16.
garbage-timer
The time in seconds that must elapse after the timeout interval for a route expires, before RIP deletes the route. If RIP receives an update for the route after the timeout timer expires but before the garbage timer expires then the entry is switched back to reachable.
RIP timer defaults are effective in most configurations. All routers and access servers in the network should have the same RIP timer settings.
The update timer interval can not be larger than the garbage timer interval.
passive-interface
Block RIP broadcasts on the specified interface. You can use “config neighbor” and the passive interface command to allow RIP to send unicast updates to the specified neighbor while blocking broadcast updates on the specified interface.
timeout-timer
The time interval in seconds after which a route is declared unreachable. The route is removed from the routing table. RIP holds the route until the garbage timer expires and then deletes the route. If RIP receives an update for the route before the timeout timer expires, then the timeout-timer is restarted. If RIP receives an update for the route after the timeout timer expires but before the garbage timer expires then the entry is switched back to reachable. The value of the timeout timer should be at least three times the value of the update timer.
RIP timer defaults are effective in most configurations. All routers and access servers in the network should have the same RIP timer settings.
The update timer interval can not be larger than the timeout timer interval.
update-timer
The time interval in seconds between RIP updates.
RIP timer defaults are effective in most configurations. All routers and access servers in the network should have the same RIP timer settings.
The update timer interval can not be larger than timeout or garbage timer intervals.
version
Enable sending and receiving
- RIP version 1 packets
- RIP version 2 packets
- Both vresions for all RIP-enabled interfaces.
You can override this setting on a per interface basis using the receive-version
and send-version
fields described under “config interface”.
Example This example shows how to enable the advertising of a default static route into RIP, enable the sending and receiving of RIP version 1 packets, and raise the preference of local routes in the static routing table (the default metric) from the default of 1 to 5 - those routes well be less preferred. config router rip set default-information-originate enable set version 1 set default-metric 5 end |
config distance
Use this subcommand to specify an administrative distance. When different routing protocols provide multiple routes to the same destination, the administrative distance sets the priority of those routes. The lowest administrative distance indicates the preferred route.
If you specify a prefix, RIP uses the specified distance when the source IP address of a packet matches the prefix.
The distance
field is required. All other fields are optional.
access-list
Enter the name of an access list. The distances associated with the routes in the access list will be modified. To create an access list, see router {access-list | access-list6}.
distance
Enter a number from 1 to 255, to set the administrative distance.
This field is required.
prefix
Optionally enter a prefix to apply the administrative distance to.
Example: This example shows how to change the administrative distance to 10 for all IP addresses that match the internal_example access-list. config router rip config distance edit 1 set distance 10 set access-list internal_example end end |
config distribute-list
Use this subcommand to filter incoming or outgoing updates using an access list or a prefix list. If you do not specify an interface, the filter will be applied to all interfaces. You must configure the access list or prefix list that you want the distribution list to use before you configure the distribution list. For more information on configuring access lists and prefix lists, see router {access-list | access-list6} and router {prefix-list | prefix-list6}.
The direction
and listname
fields are required. All other fields are optional.
direction
Set the direction for the filter.
in
- to filter incoming packets that originate from other routers.out
- to filter outgoing packets the FortiGate unit is sending to other routers.
interface
Enter the name of the interface to apply this distribution list to. If you do not specify an interface, this distribution list will be used for all interfaces.
listname
Enter the name of the access list or prefix list to use for this distribution list.
The prefix or access list used must be configured before configuring the distribute-list.
status
Enable or disable this distribution list.
Example This example shows how to configure and enable a distribution list to use an access list named
config router rip config distribute-list edit 0 set direction in set interface external set listname allowed_routers set status enable end end |
config interface
Use this subcommand to configure RIP version 2 authentication, RIP version send and receive for the specified interface, and to configure and enable split horizon.
Authentication is only available for RIP version 2 packets sent and received by an interface. You must set auth-mode
to none
when receive-version
or send-version
are set to 1
or 1 2
(both are set to 1 by default).
A split horizon occurs when a router advertises a route it learns over the same interface it learned it on. In this case the router that gave the learned route to the last router now has two entries to get to another location. However, if the primary route fails that router tries the second route to find itself as part of the route and an infinite loop is created. A poisoned split horizon will still advertise the route on the interface it received it on, but it will mark the route as unreachable. Any unreachable routes are automatically removed from the routing table. This is also called split horizon with poison reverse.
auth-keychain
Enter the name of the key chain to use for authentication for RIP version 2 packets sent and received by this interface. Use key chains when you want to configure multiple keys. For information on how to configure key chains, see router key-chain.
auth-mode
Use the auth-mode field to define the authentication used for RIP version 2 packets sent and received by this interface. Choose one of:
none
— no authentication is used.text
— the authentication key is sent as plain text.md5
— the authentication key is used to generate an MD5 hash.
Both text mode and MD5 mode only guarantee the authenticity of the update packet, not the confidentiality of the routing information in the packet.
In text mode the key is sent in clear text over the network. Text mode is usually used only to prevent network problems that can occur if an unwanted or misconfigured router is mistakenly added to the network.
Use the auth-string
field to specify the key.
auth-string
Enter a single key to use for authentication for RIP version 2 packets sent and received by this interface. Use auth-string
when you only want to configure one key. The key can be up to 35 characters long.
receive-version
RIP routing messages are UDP packets that use port 520. Choose one of:
1
- configure RIP to listen for RIP version 1 messages on an interface.2
- configure RIP to listen for RIP version 2 messages on an interface.1 2
- configure RIP to listen for both RIP version 1 and RIP version 2 messages on an interface.
send-version
RIP routing messages are UDP packets that use port 520.
Choose one of:
1
- configure RIP to send for RIP version 1 messages on an interface.2
- configure RIP to send for RIP version 2 messages on an interface.1 2
- configure RIP to send for both RIP version 1 and RIP version 2 messages on an interface.
send-version2-broadcast
Enable or disable sending broadcast updates from an interface configured for RIP version 2.
RIP version 2 normally multicasts updates. RIP version 1 can only receive broadcast updates.
split-horizon
Configure RIP to use either regular or poisoned split horizon on this interface. Choose one of:
regular
- prevent RIP from sending updates for a route back out on the interface from which it received that route.poisoned
- send updates with routes learned on an interface back out the same interface but mark those routes as unreachable.
split-horizon-status
Enable or disable split horizon for this interface. Split horizon is enabled by default.
Disable split horizon only if there is no possibility of creating a counting to infinity loop when network topology changes.
Example This example shows how to configure the external interface to send and receive RIP version 2, to use MD5 authentication, and to use a key chain called test1. config router rip config interface edit external set receive-version 2 set send-version 2 set auth-mode md5 set auth-keychain test1 end end |
config neighbor
Use this subcommand to enable RIP to send unicast routing updates to the router at the specified address. You can use the neighbor
subcommand and the passive-interface
setting to allow RIP to send unicast updates to the specified neighbor while blocking broadcast updates on the specified interface. You can configure multiple neighbors.
The ip
field is required. All other fields are optional.
ip
Enter the IPv4 address of the neighboring router to which to send unicast updates.
Example This example shows how to specify that the router at 192.168.21.20 is a neighbor. config router rip config neighbor edit 0 set ip 192.168.21.20 end end |
config network
Use this subcommand to identify the networks for which to send and receive RIP updates. If a network is not specified, interfaces in that network will not be advertised in RIP updates. The prefix
field is optional.
prefix
Enter the IPv4 address and netmask for the RIP network.
Example Use the following command to enable RIP for the interfaces attached to networks specified by the IP address 10.0.0.0 and the netmask 255.255.255.0. config router rip config network edit 0 set prefix 10.0.0.0 255.255.255.0 end end |
config offset-list
Use this subcommand to add the specified offset to the metric (hop count) of a route from the offset list. The access-list
, direction
, and offset
fields are required. All other fields are optional.
access-list
Enter the name of the access list to use for this offset list. The access list is used to determine which routes to add the metric to. For more information, see router {access-list | access-list6}.
direction
Enter in
to apply the specified offset to the metrics of routes originating on other routers - incoming routes.
Enter out
to apply the specified offset to the metrics of routes leaving from the FortiGate unit - outgoing routes.
interface
Enter the name of the interface to match for this offset list.
offset
Enter the offset number to add to the metric. The metric is the hop count. The acceptable value range is an integer from 1 to 16, with 16 being unreachable.
For example if a route has already has a metric of 5, an offset of 10 will increase the metric to 15 for that route.
status
Enable or disable this offset list.
Example This example shows how to configure and enable offset list ID number 5. This offset list entry adds a metric of 3 to incoming routes that match the access list named acc_list1 on the external interface. config router rip config offset-list edit 5 set access-list acc_list1 set direction in set interface external set offset 3 set status enable end end |
config redistribute
Use this subcommand to advertise routes learned from OSPF, BGP, static routes, or a direct connection to the destination network.
The RIP redistribution table contains four static entries. You cannot add entries to the table. The entries are defined as follows:
bgp
- Redistribute routes learned from BGP.connected
- Redistribute routes learned from a direct connection to the destination network.isis
- Redistribute routes learned from ISIS.ospf
- Redistribute routes learned from OSPF.static
- Redistribute the static routes defined in the FortiGate unit routing table.
When you enter the subcommand, end the command with one of the four static entry names (that is, config redistribute {bgp | connected | isis | ospf | static}
). All fields are optional.
metric
Enter the metric value to be used for the redistributed routes. The acceptable value range is an integer from 0 to 16.
routemap
Enter the name of the route map to use for the redistributed routes. For information on how to configure route maps, see router route-map.