Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Handbook

    6.0.0
    6.0.0

    RIPng: RIP and IPv6

    RIPng: RIP and IPv6

    RIP next generation, or RIPng, is the version of RIP that supports IPv6.

    This is an example of a typical small network configuration using RIPng routing.

    Your internal R&D network is working on a project for a large international telecom company that uses IPv6. For this reason, you have to run IPv6 on your internal network and you have decided to use only IPv6 addresses.

    Your network has two FortiGate devices running the RIPng dynamic routing protocol. Both FortiGate devices are connected to the ISP router and the internal network. This configuration provides some redundancy for the R&D internal network, allowing it to reach the Internet at all times.

    Network layout and assumptions

    Basic network layout

    Your internal R&D network is working on a project for a large international telecom company that uses IPv6. For this reason, you have to run IPv6 on your internal network and you have decided to use only IPv6 addresses.

    Your network has two FortiGate devices running the RIPng dynamic routing protocol. Both FortiGate devices are connected to the ISP router and the internal network. This configuration provides some redundancy for the R&D internal network, allowing it to reach the Internet at all times.

    All internal computers use RIP routing, so no static routing is required. And all internal computers use IPv6 addresses.

    Where possible in this example, the default values will be used (or the most general settings). This is intended to provide an easier configuration that will require less troubleshooting.

    In this example, the routers, networks, interfaces used, and IP addresses are as follows.

    Example RIP network topology

    Network

    Router

    Interface & alias

    IPv6 address

    R&D

    Router1

    port1 (internal)

    2002:A0B:6565:0:0:0:0:0

    port2 (ISP)

    2002:AC14:7865:0:0:0:0:0

    Router2

    port1 (internal)

    2002:A0B:6566:0:0:0:0:0

    port2 (ISP)

    2002:AC14:7866:0:0:0:0:0
    Example network topology for IPV6 RIPng

    Assumptions

    The following assumptions have been made concerning this example.

    • All FortiGate devices have 5.0 firmware and are running factory default settings.
    • All CLI and GUI navigation assumes the unit is running in NAT mode, with VDOMs disabled.
    • All FortiGate devices have interfaces labeled port1 and port2, as required.
    • All firewalls have been configured for each FortiGate to allow the required traffic to flow across interfaces.
    • All network devices support IPv6 and are running RIPng.

    Configuring the FortiGate system information

    Each FortiGate needs IPv6 enabled, a new hostname, and interfaces configured.

    To configure system information on Router1 - GUI:
    1. Go to System > Settings.
    2. In the Host name field, enter “Router1”.
    3. Go to System > Feature Visibility.
    4. In Basic Features, enable IPv6, and select Apply.
    5. Go to Network > Interfaces.
    6. Edit port1 (internal) interface.
    7. Set the following information and select OK.

      8. Alias

      internal

      IP/Network Mask

      2002:A0B:6565::/0

      Administrative Access

      HTTPS SSH PING

      Description

      Internal RnD network

      Administrative Status

      Up
    8. Edit port2 (ISP) interface.
    9. Set the following information and select OK.

      10. Alias

      ISP

      IP/Network Mask

      2002:AC14:7865::/0

      Administrative Access

      HTTPS SSH PING

      Description

      ISP and Internet

      Administrative Status

      Up
    To configure system information on Router1 - CLI:

    config system global

    set hostname Router1

    set gui-ipv6 enable

    end

    config system interface

    edit port1

    set alias internal

    set allowaccess https ping ssh

    set description “Internal RnD network”

    config ipv6

    set ip6-address 2002:a0b:6565::/0

    end

    next

    edit port2

    set alias ISP

    set allowaccess https ping ssh

    set description “ISP and Internet”

    config ipv6

    set ip6-address 2002:AC14:7865::

    end

    end

    To configure system information on Router2 - GUI:
    1. Go to System > Settings.
    2. In the Host name field, enter “Router2”.
    3. Go to System > Feature Visibility.
    4. In Basic Features, enable IPv6, and select Apply.
    5. Go to Network > Interfaces.
    6. Edit port1 (internal) interface.
    7. Set the following information and select OK.

      8. Alias

      internal

      IP/Network Mask

      2002:A0B:6566::/0

      Administrative Access

      HTTPS SSH PING

      Description

      Internal RnD network

      Administrative Status

      Up
    8. Edit port2 (ISP) interface.
    9. Set the following information and select OK.

      10. Alias

      ISP

      IP/Network Mask

      2002:AC14:7866::/0

      Administrative Access

      HTTPS SSH PING

      Description

      ISP and Internet

      Administrative Status

      Up
    To configure system information on Router2 - CLI:

    config system global

    set hostname Router2

    set gui-ipv6 enable

    end

    config system interface

    edit port1

    set alias internal

    set allowaccess https ping ssh

    set description “Internal RnD network”

    config ipv6

    set ip6-address 2002:a0b:6566::/0

    end

    next

    edit port2

    set alias ISP

    set allowaccess https ping ssh

    set description “ISP and Internet”

    config ipv6

    set ip6-address 2002:AC14:7866::

    end

    end

    Configuring RIPng on FortiGate

    Now that the interfaces are configured, you can configure RIPng on the FortiGate devices.

    There are only two networks and two interfaces to include: the internal network and the ISP network. There is no redistribution and no authentication. In RIPng there is no specific command to include a subnet in the RIP broadcasts. There is also no information required for the interfaces beyond including their name.

    As this is a CLI only configuration, configure the ISP router and the other FortiGate as neighbors. This was not part of the previous example as this feature is not offered in the GUI. Declaring neighbors in the configuration like this will reduce the discovery traffic when the routers start up.

    Since RIPng is not supported in the GUI, this section will only be entered in the CLI.

    To configure RIPng on Router1 - CLI:

    config router ripng

    config interface

    edit port1

    next

    edit port2

    end

    config neighbor

    edit 1

    set interface port1

    set ipv6 2002:a0b:6566::/0

    next

    edit 2

    set interface port2

    set ipv6 2002:AC14:7805::/0

    end

    To configure RIPng on Router2 - CLI:

    config router ripng

    config interface

    edit port1

    next

    edit port2

    end

    config neighbor

    edit 1

    set interface port1

    set ipv6 2002:a0b:6565::/0

    next

    edit 2

    set interface port2

    set ipv6 2002:AC14:7805::/0

    end

    Configuring other network devices

    The other devices on the internal network all support IPv6 and are running RIPng, where applicable. They only need to know the internal interface network addresses of the FortiGate devices.

    The ISP routers need to know the FortiGate information, such as IPv6 addresses.

    Testing the configuration

    In addition to normal testing of your network configuration, you must also test the IPv6 part of this example.

    For troubleshooting problems with your network, see the Troubleshooting Handbook.

    For troubleshooting problems with RIP, see Troubleshooting RIP.

    Testing the IPv6 RIPng information

    There are some commands to use when checking that your RIPng information is correct on your network. These are useful to check on your RIPng FortiGate devices on your network. Comparing the output between devices will help you understand your network better, and also track down any problems:

    diagnose ipv6 address list

    View the local scope IPv6 addresses used as next-hops by RIPng on the FortiGate:

    diagnose ipv6 route list

    View ipv6 addresses that are installed in the routing table:

    get router info6 routing-table

    View the routing table. This information is almost the same as the previous diagnose ipv6 route list command, but it is presented in a format that is easier to read.

    get router info6 rip interface external

    View the brief output on the RIP information for the interface listed. This includes information such as, if the interface is up or down, what routing protocol is being used, and whether passive interface or split horizon are enabled.

    get router info6 neighbor-cache list

    View the IPv6/MAC address mapping. This also displays the interface index and name associated with the address.

    Previous
    Next

    RIPng: RIP and IPv6

    RIPng: RIP and IPv6

    RIP next generation, or RIPng, is the version of RIP that supports IPv6.

    This is an example of a typical small network configuration using RIPng routing.

    Your internal R&D network is working on a project for a large international telecom company that uses IPv6. For this reason, you have to run IPv6 on your internal network and you have decided to use only IPv6 addresses.

    Your network has two FortiGate devices running the RIPng dynamic routing protocol. Both FortiGate devices are connected to the ISP router and the internal network. This configuration provides some redundancy for the R&D internal network, allowing it to reach the Internet at all times.

    Network layout and assumptions

    Basic network layout

    Your internal R&D network is working on a project for a large international telecom company that uses IPv6. For this reason, you have to run IPv6 on your internal network and you have decided to use only IPv6 addresses.

    Your network has two FortiGate devices running the RIPng dynamic routing protocol. Both FortiGate devices are connected to the ISP router and the internal network. This configuration provides some redundancy for the R&D internal network, allowing it to reach the Internet at all times.

    All internal computers use RIP routing, so no static routing is required. And all internal computers use IPv6 addresses.

    Where possible in this example, the default values will be used (or the most general settings). This is intended to provide an easier configuration that will require less troubleshooting.

    In this example, the routers, networks, interfaces used, and IP addresses are as follows.

    Example RIP network topology

    Network

    Router

    Interface & alias

    IPv6 address

    R&D

    Router1

    port1 (internal)

    2002:A0B:6565:0:0:0:0:0

    port2 (ISP)

    2002:AC14:7865:0:0:0:0:0

    Router2

    port1 (internal)

    2002:A0B:6566:0:0:0:0:0

    port2 (ISP)

    2002:AC14:7866:0:0:0:0:0
    Example network topology for IPV6 RIPng

    Assumptions

    The following assumptions have been made concerning this example.

    • All FortiGate devices have 5.0 firmware and are running factory default settings.
    • All CLI and GUI navigation assumes the unit is running in NAT mode, with VDOMs disabled.
    • All FortiGate devices have interfaces labeled port1 and port2, as required.
    • All firewalls have been configured for each FortiGate to allow the required traffic to flow across interfaces.
    • All network devices support IPv6 and are running RIPng.

    Configuring the FortiGate system information

    Each FortiGate needs IPv6 enabled, a new hostname, and interfaces configured.

    To configure system information on Router1 - GUI:
    1. Go to System > Settings.
    2. In the Host name field, enter “Router1”.
    3. Go to System > Feature Visibility.
    4. In Basic Features, enable IPv6, and select Apply.
    5. Go to Network > Interfaces.
    6. Edit port1 (internal) interface.
    7. Set the following information and select OK.

      8. Alias

      internal

      IP/Network Mask

      2002:A0B:6565::/0

      Administrative Access

      HTTPS SSH PING

      Description

      Internal RnD network

      Administrative Status

      Up
    8. Edit port2 (ISP) interface.
    9. Set the following information and select OK.

      10. Alias

      ISP

      IP/Network Mask

      2002:AC14:7865::/0

      Administrative Access

      HTTPS SSH PING

      Description

      ISP and Internet

      Administrative Status

      Up
    To configure system information on Router1 - CLI:

    config system global

    set hostname Router1

    set gui-ipv6 enable

    end

    config system interface

    edit port1

    set alias internal

    set allowaccess https ping ssh

    set description “Internal RnD network”

    config ipv6

    set ip6-address 2002:a0b:6565::/0

    end

    next

    edit port2

    set alias ISP

    set allowaccess https ping ssh

    set description “ISP and Internet”

    config ipv6

    set ip6-address 2002:AC14:7865::

    end

    end

    To configure system information on Router2 - GUI:
    1. Go to System > Settings.
    2. In the Host name field, enter “Router2”.
    3. Go to System > Feature Visibility.
    4. In Basic Features, enable IPv6, and select Apply.
    5. Go to Network > Interfaces.
    6. Edit port1 (internal) interface.
    7. Set the following information and select OK.

      8. Alias

      internal

      IP/Network Mask

      2002:A0B:6566::/0

      Administrative Access

      HTTPS SSH PING

      Description

      Internal RnD network

      Administrative Status

      Up
    8. Edit port2 (ISP) interface.
    9. Set the following information and select OK.

      10. Alias

      ISP

      IP/Network Mask

      2002:AC14:7866::/0

      Administrative Access

      HTTPS SSH PING

      Description

      ISP and Internet

      Administrative Status

      Up
    To configure system information on Router2 - CLI:

    config system global

    set hostname Router2

    set gui-ipv6 enable

    end

    config system interface

    edit port1

    set alias internal

    set allowaccess https ping ssh

    set description “Internal RnD network”

    config ipv6

    set ip6-address 2002:a0b:6566::/0

    end

    next

    edit port2

    set alias ISP

    set allowaccess https ping ssh

    set description “ISP and Internet”

    config ipv6

    set ip6-address 2002:AC14:7866::

    end

    end

    Configuring RIPng on FortiGate

    Now that the interfaces are configured, you can configure RIPng on the FortiGate devices.

    There are only two networks and two interfaces to include: the internal network and the ISP network. There is no redistribution and no authentication. In RIPng there is no specific command to include a subnet in the RIP broadcasts. There is also no information required for the interfaces beyond including their name.

    As this is a CLI only configuration, configure the ISP router and the other FortiGate as neighbors. This was not part of the previous example as this feature is not offered in the GUI. Declaring neighbors in the configuration like this will reduce the discovery traffic when the routers start up.

    Since RIPng is not supported in the GUI, this section will only be entered in the CLI.

    To configure RIPng on Router1 - CLI:

    config router ripng

    config interface

    edit port1

    next

    edit port2

    end

    config neighbor

    edit 1

    set interface port1

    set ipv6 2002:a0b:6566::/0

    next

    edit 2

    set interface port2

    set ipv6 2002:AC14:7805::/0

    end

    To configure RIPng on Router2 - CLI:

    config router ripng

    config interface

    edit port1

    next

    edit port2

    end

    config neighbor

    edit 1

    set interface port1

    set ipv6 2002:a0b:6565::/0

    next

    edit 2

    set interface port2

    set ipv6 2002:AC14:7805::/0

    end

    Configuring other network devices

    The other devices on the internal network all support IPv6 and are running RIPng, where applicable. They only need to know the internal interface network addresses of the FortiGate devices.

    The ISP routers need to know the FortiGate information, such as IPv6 addresses.

    Testing the configuration

    In addition to normal testing of your network configuration, you must also test the IPv6 part of this example.

    For troubleshooting problems with your network, see the Troubleshooting Handbook.

    For troubleshooting problems with RIP, see Troubleshooting RIP.

    Testing the IPv6 RIPng information

    There are some commands to use when checking that your RIPng information is correct on your network. These are useful to check on your RIPng FortiGate devices on your network. Comparing the output between devices will help you understand your network better, and also track down any problems:

    diagnose ipv6 address list

    View the local scope IPv6 addresses used as next-hops by RIPng on the FortiGate:

    diagnose ipv6 route list

    View ipv6 addresses that are installed in the routing table:

    get router info6 routing-table

    View the routing table. This information is almost the same as the previous diagnose ipv6 route list command, but it is presented in a format that is easier to read.

    get router info6 rip interface external

    View the brief output on the RIP information for the interface listed. This includes information such as, if the interface is up or down, what routing protocol is being used, and whether passive interface or split horizon are enabled.

    get router info6 neighbor-cache list

    View the IPv6/MAC address mapping. This also displays the interface index and name associated with the address.

    Previous
    Next