Fortinet Document Library

Version:


Table of Contents

CLI Reference

6.0.6
Download PDF
Copy Link

router rip

Use this command to configure the Routing Information Protocol (RIP) on the FortiGate unit. RIP is a distance-vector routing protocol intended for small, relatively homogeneous networks. RIP uses hop count as its routing metric. Each network is usually counted as one hop. The network diameter is limited to 15 hops with 16 hops.

The FortiOS implementation of RIP supports RIP version 1 (see RFC 1058) and RIP version 2 (see RFC 2453). RIP version 2 enables RIP messages to carry more information, and to support simple authentication and subnet masks.

note icon update_timer cannot be larger than timeout_timer and garbage_timer. Attempts to do so will generate an error.

History

The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.

Command Description

config redistribute

edit <name>

set metric <integer>

next

...

Updated the metric option's maximum-range value to 16.

config router rip
    set default-information-originate {enable | disable}   Enable/disable generation of default route.
    set default-metric {integer}   Default metric. range[1-16]
    set max-out-metric {integer}   Maximum metric allowed to output(0 means 'not set'). range[0-15]
    set recv-buffer-size {integer}   Receiving buffer size. range[8129-2147483647]
    config distance
        edit {id}
        # distance
            set id {integer}   Distance ID. range[0-4294967295]
            set prefix {ipv4 classnet any}   Distance prefix.
            set distance {integer}   Distance (1 - 255). range[1-255]
            set access-list {string}   Access list for route destination. size[35] - datasource(s): router.access-list.name
        next
    config distribute-list
        edit {id}
        # Distribute list.
            set id {integer}   Distribute list ID. range[0-4294967295]
            set status {enable | disable}   status
            set direction {in | out}   Distribute list direction.
                    in   Filter incoming packets.
                    out  Filter outgoing packets.
            set listname {string}   Distribute access/prefix list name. size[35] - datasource(s): router.access-list.name,router.prefix-list.name
            set interface {string}   Distribute list interface name. size[15] - datasource(s): system.interface.name
        next
    config neighbor
        edit {id}
        # neighbor
            set id {integer}   Neighbor entry ID. range[0-4294967295]
            set ip {ipv4 address}   IP address.
        next
    config network
        edit {id}
        # network
            set id {integer}   Network entry ID. range[0-4294967295]
            set prefix {ipv4 classnet}   Network prefix.
        next
    config offset-list
        edit {id}
        # Offset list.
            set id {integer}   Offset-list ID. range[0-4294967295]
            set status {enable | disable}   status
            set direction {in | out}   Offset list direction.
                    in   Filter incoming packets.
                    out  Filter outgoing packets.
            set access-list {string}   Access list name. size[35] - datasource(s): router.access-list.name
            set offset {integer}   offset range[1-16]
            set interface {string}   Interface name. size[15] - datasource(s): system.interface.name
        next
    config passive-interface
        edit {name}
        # Passive interface configuration.
            set name {string}   Passive interface name. size[64] - datasource(s): system.interface.name
        next
    config redistribute
        edit {name}
        # Redistribute configuration.
            set name {string}   Redistribute name. size[35]
            set status {enable | disable}   status
            set metric {integer}   Redistribute metric setting. range[1-16]
            set routemap {string}   Route map name. size[35] - datasource(s): router.route-map.name
        next
    set update-timer {integer}   Update timer in seconds. range[5-2147483647]
    set timeout-timer {integer}   Timeout timer in seconds. range[5-2147483647]
    set garbage-timer {integer}   Garbage timer in seconds. range[5-2147483647]
    set version {1 | 2}   RIP version.
            1  Version 1.
            2  Version 2.
    config interface
        edit {name}
        # RIP interface configuration.
            set name {string}   Interface name. size[35] - datasource(s): system.interface.name
            set auth-keychain {string}   Authentication key-chain name. size[35] - datasource(s): router.key-chain.name
            set auth-mode {none | text | md5}   Authentication mode.
                    none  None.
                    text  Text.
                    md5   MD5.
            set auth-string {password_string}   Authentication string/password. size[16]
            set receive-version {1 | 2}   Receive version.
                    1  Version 1.
                    2  Version 2.
            set send-version {1 | 2}   Send version.
                    1  Version 1.
                    2  Version 2.
            set send-version2-broadcast {disable | enable}   Enable/disable broadcast version 1 compatible packets.
            set split-horizon-status {enable | disable}   Enable/disable split horizon.
            set split-horizon {poisoned | regular}   Enable/disable split horizon.
                    poisoned  Poisoned.
                    regular   Regular.
            set flags {integer}   flags range[0-255]
        next
end

Additional information

The following section is for those options that require additional explanation.

 

default-information-originate

Enter enable to advertise a default static route into RIP.

default-metric

For non-default routes in the static routing table and directly connected networks the default metric is the metric that the FortiGate unit advertises to adjacent routers. This metric is added to the metrics of learned routes. The default metric can be a number from 1 to 16.

garbage-timer

The time in seconds that must elapse after the timeout interval for a route expires, before RIP deletes the route. If RIP receives an update for the route after the timeout timer expires but before the garbage timer expires then the entry is switched back to reachable.

RIP timer defaults are effective in most configurations. All routers and access servers in the network should have the same RIP timer settings.

The update timer interval can not be larger than the garbage timer interval.

passive-interface

Block RIP broadcasts on the specified interface. You can use “config neighbor” and the passive interface command to allow RIP to send unicast updates to the specified neighbor while blocking broadcast updates on the specified interface.

timeout-timer

The time interval in seconds after which a route is declared unreachable. The route is removed from the routing table. RIP holds the route until the garbage timer expires and then deletes the route. If RIP receives an update for the route before the timeout timer expires, then the timeout-timer is restarted. If RIP receives an update for the route after the timeout timer expires but before the garbage timer expires then the entry is switched back to reachable. The value of the timeout timer should be at least three times the value of the update timer.

RIP timer defaults are effective in most configurations. All routers and access servers in the network should have the same RIP timer settings.

The update timer interval can not be larger than the timeout timer interval.

update-timer

The time interval in seconds between RIP updates.

RIP timer defaults are effective in most configurations. All routers and access servers in the network should have the same RIP timer settings.

The update timer interval can not be larger than timeout or garbage timer intervals.

version

Enable sending and receiving

  • RIP version 1 packets
  • RIP version 2 packets
  • Both vresions for all RIP-enabled interfaces.

You can override this setting on a per interface basis using the receive-version and send-version fields described under “config interface”.

note icon

Example

This example shows how to enable the advertising of a default static route into RIP, enable the sending and receiving of RIP version 1 packets, and raise the preference of local routes in the static routing table (the default metric) from the default of 1 to 5 - those routes well be less preferred.

config router rip

set default-information-originate enable

set version 1

set default-metric 5

end

config distance

Use this subcommand to specify an administrative distance. When different routing protocols provide multiple routes to the same destination, the administrative distance sets the priority of those routes. The lowest administrative distance indicates the preferred route.

If you specify a prefix, RIP uses the specified distance when the source IP address of a packet matches the prefix.

The distance field is required. All other fields are optional.

access-list

Enter the name of an access list. The distances associated with the routes in the access list will be modified. To create an access list, see router {access-list | access-list6}.

distance

Enter a number from 1 to 255, to set the administrative distance.

This field is required.

prefix

Optionally enter a prefix to apply the administrative distance to.

note icon

Example:

This example shows how to change the administrative distance to 10 for all IP addresses that match the internal_example access-list.

config router rip

config distance

edit 1

set distance 10

set access-list internal_example

end

end

config distribute-list

Use this subcommand to filter incoming or outgoing updates using an access list or a prefix list. If you do not specify an interface, the filter will be applied to all interfaces. You must configure the access list or prefix list that you want the distribution list to use before you configure the distribution list. For more information on configuring access lists and prefix lists, see router {access-list | access-list6} and router {prefix-list | prefix-list6}.

The direction and listname fields are required. All other fields are optional.

direction

Set the direction for the filter.

  • in - to filter incoming packets that originate from other routers.
  • out - to filter outgoing packets the FortiGate unit is sending to other routers.

interface

Enter the name of the interface to apply this distribution list to. If you do not specify an interface, this distribution list will be used for all interfaces.

listname

Enter the name of the access list or prefix list to use for this distribution list.

The prefix or access list used must be configured before configuring the distribute-list.

status

Enable or disable this distribution list.

note icon

Example

This example shows how to configure and enable a distribution list to use an access list named allowed_routers for incoming updates on the external interface.

config router rip

config distribute-list

edit 0

set direction in

set interface external

set listname allowed_routers

set status enable

end

end

config interface

Use this subcommand to configure RIP version 2 authentication, RIP version send and receive for the specified interface, and to configure and enable split horizon.

Authentication is only available for RIP version 2 packets sent and received by an interface. You must set auth-mode to none when receive-version or send-version are set to 1 or 1 2 (both are set to 1 by default).

A split horizon occurs when a router advertises a route it learns over the same interface it learned it on. In this case the router that gave the learned route to the last router now has two entries to get to another location. However, if the primary route fails that router tries the second route to find itself as part of the route and an infinite loop is created. A poisoned split horizon will still advertise the route on the interface it received it on, but it will mark the route as unreachable. Any unreachable routes are automatically removed from the routing table. This is also called split horizon with poison reverse.

auth-keychain

Enter the name of the key chain to use for authentication for RIP version 2 packets sent and received by this interface. Use key chains when you want to configure multiple keys. For information on how to configure key chains, see router key-chain.

auth-mode

Use the auth-mode field to define the authentication used for RIP version 2 packets sent and received by this interface. Choose one of:

  • none — no authentication is used.
  • text — the authentication key is sent as plain text.
  • md5 — the authentication key is used to generate an MD5 hash.

Both text mode and MD5 mode only guarantee the authenticity of the update packet, not the confidentiality of the routing information in the packet.

In text mode the key is sent in clear text over the network. Text mode is usually used only to prevent network problems that can occur if an unwanted or misconfigured router is mistakenly added to the network.

Use the auth-string field to specify the key.

auth-string

Enter a single key to use for authentication for RIP version 2 packets sent and received by this interface. Use auth-string when you only want to configure one key. The key can be up to 35 characters long.

receive-version

RIP routing messages are UDP packets that use port 520. Choose one of:

  • 1 - configure RIP to listen for RIP version 1 messages on an interface.
  • 2 - configure RIP to listen for RIP version 2 messages on an interface.
  • 1 2 - configure RIP to listen for both RIP version 1 and RIP version 2 messages on an interface.

send-version

RIP routing messages are UDP packets that use port 520.

Choose one of:

  • 1 - configure RIP to send for RIP version 1 messages on an interface.
  • 2 - configure RIP to send for RIP version 2 messages on an interface.
  • 1 2 - configure RIP to send for both RIP version 1 and RIP version 2 messages on an interface.

send-version2-broadcast

Enable or disable sending broadcast updates from an interface configured for RIP version 2.

RIP version 2 normally multicasts updates. RIP version 1 can only receive broadcast updates.

split-horizon

Configure RIP to use either regular or poisoned split horizon on this interface. Choose one of:

  • regular - prevent RIP from sending updates for a route back out on the interface from which it received that route.
  • poisoned - send updates with routes learned on an interface back out the same interface but mark those routes as unreachable.

split-horizon-status

Enable or disable split horizon for this interface. Split horizon is enabled by default.

Disable split horizon only if there is no possibility of creating a counting to infinity loop when network topology changes.

note icon

Example

This example shows how to configure the external interface to send and receive RIP version 2, to use MD5 authentication, and to use a key chain called test1.

config router rip config interface edit external set receive-version 2 set send-version 2 set auth-mode md5 set auth-keychain test1 end end

config neighbor

Use this subcommand to enable RIP to send unicast routing updates to the router at the specified address. You can use the neighbor subcommand and the passive-interface setting to allow RIP to send unicast updates to the specified neighbor while blocking broadcast updates on the specified interface. You can configure multiple neighbors.

The ip field is required. All other fields are optional.

ip

Enter the IPv4 address of the neighboring router to which to send unicast updates.

note icon

Example

This example shows how to specify that the router at 192.168.21.20 is a neighbor.

config router rip

config neighbor

edit 0

set ip 192.168.21.20

end

end

config network

Use this subcommand to identify the networks for which to send and receive RIP updates. If a network is not specified, interfaces in that network will not be advertised in RIP updates. The prefix field is optional.

prefix

Enter the IPv4 address and netmask for the RIP network.

note icon

Example

Use the following command to enable RIP for the interfaces attached to networks specified by the IP address 10.0.0.0 and the netmask 255.255.255.0.

config router rip

config network

edit 0

set prefix 10.0.0.0 255.255.255.0

end

end

config offset-list

Use this subcommand to add the specified offset to the metric (hop count) of a route from the offset list. The access-list, direction, and offset fields are required. All other fields are optional.

access-list

Enter the name of the access list to use for this offset list. The access list is used to determine which routes to add the metric to. For more information, see router {access-list | access-list6}.

direction

Enter in to apply the specified offset to the metrics of routes originating on other routers - incoming routes.

Enter out to apply the specified offset to the metrics of routes leaving from the FortiGate unit - outgoing routes.

interface

Enter the name of the interface to match for this offset list.

offset

Enter the offset number to add to the metric. The metric is the hop count. The acceptable value range is an integer from 1 to 16, with 16 being unreachable.

For example if a route has already has a metric of 5, an offset of 10 will increase the metric to 15 for that route.

status

Enable or disable this offset list.

 

note icon

Example

This example shows how to configure and enable offset list ID number 5. This offset list entry adds a metric of 3 to incoming routes that match the access list named acc_list1 on the external interface.

config router rip

config offset-list

edit 5 set access-list acc_list1

set direction in

set interface external

set offset 3

set status enable

end

end

config redistribute

Use this subcommand to advertise routes learned from OSPF, BGP, static routes, or a direct connection to the destination network.

The RIP redistribution table contains four static entries. You cannot add entries to the table. The entries are defined as follows:

  • bgp - Redistribute routes learned from BGP.
  • connected - Redistribute routes learned from a direct connection to the destination network.
  • isis - Redistribute routes learned from ISIS.
  • ospf - Redistribute routes learned from OSPF.
  • static - Redistribute the static routes defined in the FortiGate unit routing table.

When you enter the subcommand, end the command with one of the four static entry names (that is, config redistribute {bgp | connected | isis | ospf | static}). All fields are optional.

metric

Enter the metric value to be used for the redistributed routes. The acceptable value range is an integer from 0 to 16.

routemap

Enter the name of the route map to use for the redistributed routes. For information on how to configure route maps, see router route-map.

 

router rip

Use this command to configure the Routing Information Protocol (RIP) on the FortiGate unit. RIP is a distance-vector routing protocol intended for small, relatively homogeneous networks. RIP uses hop count as its routing metric. Each network is usually counted as one hop. The network diameter is limited to 15 hops with 16 hops.

The FortiOS implementation of RIP supports RIP version 1 (see RFC 1058) and RIP version 2 (see RFC 2453). RIP version 2 enables RIP messages to carry more information, and to support simple authentication and subnet masks.

note icon update_timer cannot be larger than timeout_timer and garbage_timer. Attempts to do so will generate an error.

History

The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.

Command Description

config redistribute

edit <name>

set metric <integer>

next

...

Updated the metric option's maximum-range value to 16.

config router rip
    set default-information-originate {enable | disable}   Enable/disable generation of default route.
    set default-metric {integer}   Default metric. range[1-16]
    set max-out-metric {integer}   Maximum metric allowed to output(0 means 'not set'). range[0-15]
    set recv-buffer-size {integer}   Receiving buffer size. range[8129-2147483647]
    config distance
        edit {id}
        # distance
            set id {integer}   Distance ID. range[0-4294967295]
            set prefix {ipv4 classnet any}   Distance prefix.
            set distance {integer}   Distance (1 - 255). range[1-255]
            set access-list {string}   Access list for route destination. size[35] - datasource(s): router.access-list.name
        next
    config distribute-list
        edit {id}
        # Distribute list.
            set id {integer}   Distribute list ID. range[0-4294967295]
            set status {enable | disable}   status
            set direction {in | out}   Distribute list direction.
                    in   Filter incoming packets.
                    out  Filter outgoing packets.
            set listname {string}   Distribute access/prefix list name. size[35] - datasource(s): router.access-list.name,router.prefix-list.name
            set interface {string}   Distribute list interface name. size[15] - datasource(s): system.interface.name
        next
    config neighbor
        edit {id}
        # neighbor
            set id {integer}   Neighbor entry ID. range[0-4294967295]
            set ip {ipv4 address}   IP address.
        next
    config network
        edit {id}
        # network
            set id {integer}   Network entry ID. range[0-4294967295]
            set prefix {ipv4 classnet}   Network prefix.
        next
    config offset-list
        edit {id}
        # Offset list.
            set id {integer}   Offset-list ID. range[0-4294967295]
            set status {enable | disable}   status
            set direction {in | out}   Offset list direction.
                    in   Filter incoming packets.
                    out  Filter outgoing packets.
            set access-list {string}   Access list name. size[35] - datasource(s): router.access-list.name
            set offset {integer}   offset range[1-16]
            set interface {string}   Interface name. size[15] - datasource(s): system.interface.name
        next
    config passive-interface
        edit {name}
        # Passive interface configuration.
            set name {string}   Passive interface name. size[64] - datasource(s): system.interface.name
        next
    config redistribute
        edit {name}
        # Redistribute configuration.
            set name {string}   Redistribute name. size[35]
            set status {enable | disable}   status
            set metric {integer}   Redistribute metric setting. range[1-16]
            set routemap {string}   Route map name. size[35] - datasource(s): router.route-map.name
        next
    set update-timer {integer}   Update timer in seconds. range[5-2147483647]
    set timeout-timer {integer}   Timeout timer in seconds. range[5-2147483647]
    set garbage-timer {integer}   Garbage timer in seconds. range[5-2147483647]
    set version {1 | 2}   RIP version.
            1  Version 1.
            2  Version 2.
    config interface
        edit {name}
        # RIP interface configuration.
            set name {string}   Interface name. size[35] - datasource(s): system.interface.name
            set auth-keychain {string}   Authentication key-chain name. size[35] - datasource(s): router.key-chain.name
            set auth-mode {none | text | md5}   Authentication mode.
                    none  None.
                    text  Text.
                    md5   MD5.
            set auth-string {password_string}   Authentication string/password. size[16]
            set receive-version {1 | 2}   Receive version.
                    1  Version 1.
                    2  Version 2.
            set send-version {1 | 2}   Send version.
                    1  Version 1.
                    2  Version 2.
            set send-version2-broadcast {disable | enable}   Enable/disable broadcast version 1 compatible packets.
            set split-horizon-status {enable | disable}   Enable/disable split horizon.
            set split-horizon {poisoned | regular}   Enable/disable split horizon.
                    poisoned  Poisoned.
                    regular   Regular.
            set flags {integer}   flags range[0-255]
        next
end

Additional information

The following section is for those options that require additional explanation.

 

default-information-originate

Enter enable to advertise a default static route into RIP.

default-metric

For non-default routes in the static routing table and directly connected networks the default metric is the metric that the FortiGate unit advertises to adjacent routers. This metric is added to the metrics of learned routes. The default metric can be a number from 1 to 16.

garbage-timer

The time in seconds that must elapse after the timeout interval for a route expires, before RIP deletes the route. If RIP receives an update for the route after the timeout timer expires but before the garbage timer expires then the entry is switched back to reachable.

RIP timer defaults are effective in most configurations. All routers and access servers in the network should have the same RIP timer settings.

The update timer interval can not be larger than the garbage timer interval.

passive-interface

Block RIP broadcasts on the specified interface. You can use “config neighbor” and the passive interface command to allow RIP to send unicast updates to the specified neighbor while blocking broadcast updates on the specified interface.

timeout-timer

The time interval in seconds after which a route is declared unreachable. The route is removed from the routing table. RIP holds the route until the garbage timer expires and then deletes the route. If RIP receives an update for the route before the timeout timer expires, then the timeout-timer is restarted. If RIP receives an update for the route after the timeout timer expires but before the garbage timer expires then the entry is switched back to reachable. The value of the timeout timer should be at least three times the value of the update timer.

RIP timer defaults are effective in most configurations. All routers and access servers in the network should have the same RIP timer settings.

The update timer interval can not be larger than the timeout timer interval.

update-timer

The time interval in seconds between RIP updates.

RIP timer defaults are effective in most configurations. All routers and access servers in the network should have the same RIP timer settings.

The update timer interval can not be larger than timeout or garbage timer intervals.

version

Enable sending and receiving

  • RIP version 1 packets
  • RIP version 2 packets
  • Both vresions for all RIP-enabled interfaces.

You can override this setting on a per interface basis using the receive-version and send-version fields described under “config interface”.

note icon

Example

This example shows how to enable the advertising of a default static route into RIP, enable the sending and receiving of RIP version 1 packets, and raise the preference of local routes in the static routing table (the default metric) from the default of 1 to 5 - those routes well be less preferred.

config router rip

set default-information-originate enable

set version 1

set default-metric 5

end

config distance

Use this subcommand to specify an administrative distance. When different routing protocols provide multiple routes to the same destination, the administrative distance sets the priority of those routes. The lowest administrative distance indicates the preferred route.

If you specify a prefix, RIP uses the specified distance when the source IP address of a packet matches the prefix.

The distance field is required. All other fields are optional.

access-list

Enter the name of an access list. The distances associated with the routes in the access list will be modified. To create an access list, see router {access-list | access-list6}.

distance

Enter a number from 1 to 255, to set the administrative distance.

This field is required.

prefix

Optionally enter a prefix to apply the administrative distance to.

note icon

Example:

This example shows how to change the administrative distance to 10 for all IP addresses that match the internal_example access-list.

config router rip

config distance

edit 1

set distance 10

set access-list internal_example

end

end

config distribute-list

Use this subcommand to filter incoming or outgoing updates using an access list or a prefix list. If you do not specify an interface, the filter will be applied to all interfaces. You must configure the access list or prefix list that you want the distribution list to use before you configure the distribution list. For more information on configuring access lists and prefix lists, see router {access-list | access-list6} and router {prefix-list | prefix-list6}.

The direction and listname fields are required. All other fields are optional.

direction

Set the direction for the filter.

  • in - to filter incoming packets that originate from other routers.
  • out - to filter outgoing packets the FortiGate unit is sending to other routers.

interface

Enter the name of the interface to apply this distribution list to. If you do not specify an interface, this distribution list will be used for all interfaces.

listname

Enter the name of the access list or prefix list to use for this distribution list.

The prefix or access list used must be configured before configuring the distribute-list.

status

Enable or disable this distribution list.

note icon

Example

This example shows how to configure and enable a distribution list to use an access list named allowed_routers for incoming updates on the external interface.

config router rip

config distribute-list

edit 0

set direction in

set interface external

set listname allowed_routers

set status enable

end

end

config interface

Use this subcommand to configure RIP version 2 authentication, RIP version send and receive for the specified interface, and to configure and enable split horizon.

Authentication is only available for RIP version 2 packets sent and received by an interface. You must set auth-mode to none when receive-version or send-version are set to 1 or 1 2 (both are set to 1 by default).

A split horizon occurs when a router advertises a route it learns over the same interface it learned it on. In this case the router that gave the learned route to the last router now has two entries to get to another location. However, if the primary route fails that router tries the second route to find itself as part of the route and an infinite loop is created. A poisoned split horizon will still advertise the route on the interface it received it on, but it will mark the route as unreachable. Any unreachable routes are automatically removed from the routing table. This is also called split horizon with poison reverse.

auth-keychain

Enter the name of the key chain to use for authentication for RIP version 2 packets sent and received by this interface. Use key chains when you want to configure multiple keys. For information on how to configure key chains, see router key-chain.

auth-mode

Use the auth-mode field to define the authentication used for RIP version 2 packets sent and received by this interface. Choose one of:

  • none — no authentication is used.
  • text — the authentication key is sent as plain text.
  • md5 — the authentication key is used to generate an MD5 hash.

Both text mode and MD5 mode only guarantee the authenticity of the update packet, not the confidentiality of the routing information in the packet.

In text mode the key is sent in clear text over the network. Text mode is usually used only to prevent network problems that can occur if an unwanted or misconfigured router is mistakenly added to the network.

Use the auth-string field to specify the key.

auth-string

Enter a single key to use for authentication for RIP version 2 packets sent and received by this interface. Use auth-string when you only want to configure one key. The key can be up to 35 characters long.

receive-version

RIP routing messages are UDP packets that use port 520. Choose one of:

  • 1 - configure RIP to listen for RIP version 1 messages on an interface.
  • 2 - configure RIP to listen for RIP version 2 messages on an interface.
  • 1 2 - configure RIP to listen for both RIP version 1 and RIP version 2 messages on an interface.

send-version

RIP routing messages are UDP packets that use port 520.

Choose one of:

  • 1 - configure RIP to send for RIP version 1 messages on an interface.
  • 2 - configure RIP to send for RIP version 2 messages on an interface.
  • 1 2 - configure RIP to send for both RIP version 1 and RIP version 2 messages on an interface.

send-version2-broadcast

Enable or disable sending broadcast updates from an interface configured for RIP version 2.

RIP version 2 normally multicasts updates. RIP version 1 can only receive broadcast updates.

split-horizon

Configure RIP to use either regular or poisoned split horizon on this interface. Choose one of:

  • regular - prevent RIP from sending updates for a route back out on the interface from which it received that route.
  • poisoned - send updates with routes learned on an interface back out the same interface but mark those routes as unreachable.

split-horizon-status

Enable or disable split horizon for this interface. Split horizon is enabled by default.

Disable split horizon only if there is no possibility of creating a counting to infinity loop when network topology changes.

note icon

Example

This example shows how to configure the external interface to send and receive RIP version 2, to use MD5 authentication, and to use a key chain called test1.

config router rip config interface edit external set receive-version 2 set send-version 2 set auth-mode md5 set auth-keychain test1 end end

config neighbor

Use this subcommand to enable RIP to send unicast routing updates to the router at the specified address. You can use the neighbor subcommand and the passive-interface setting to allow RIP to send unicast updates to the specified neighbor while blocking broadcast updates on the specified interface. You can configure multiple neighbors.

The ip field is required. All other fields are optional.

ip

Enter the IPv4 address of the neighboring router to which to send unicast updates.

note icon

Example

This example shows how to specify that the router at 192.168.21.20 is a neighbor.

config router rip

config neighbor

edit 0

set ip 192.168.21.20

end

end

config network

Use this subcommand to identify the networks for which to send and receive RIP updates. If a network is not specified, interfaces in that network will not be advertised in RIP updates. The prefix field is optional.

prefix

Enter the IPv4 address and netmask for the RIP network.

note icon

Example

Use the following command to enable RIP for the interfaces attached to networks specified by the IP address 10.0.0.0 and the netmask 255.255.255.0.

config router rip

config network

edit 0

set prefix 10.0.0.0 255.255.255.0

end

end

config offset-list

Use this subcommand to add the specified offset to the metric (hop count) of a route from the offset list. The access-list, direction, and offset fields are required. All other fields are optional.

access-list

Enter the name of the access list to use for this offset list. The access list is used to determine which routes to add the metric to. For more information, see router {access-list | access-list6}.

direction

Enter in to apply the specified offset to the metrics of routes originating on other routers - incoming routes.

Enter out to apply the specified offset to the metrics of routes leaving from the FortiGate unit - outgoing routes.

interface

Enter the name of the interface to match for this offset list.

offset

Enter the offset number to add to the metric. The metric is the hop count. The acceptable value range is an integer from 1 to 16, with 16 being unreachable.

For example if a route has already has a metric of 5, an offset of 10 will increase the metric to 15 for that route.

status

Enable or disable this offset list.

 

note icon

Example

This example shows how to configure and enable offset list ID number 5. This offset list entry adds a metric of 3 to incoming routes that match the access list named acc_list1 on the external interface.

config router rip

config offset-list

edit 5 set access-list acc_list1

set direction in

set interface external

set offset 3

set status enable

end

end

config redistribute

Use this subcommand to advertise routes learned from OSPF, BGP, static routes, or a direct connection to the destination network.

The RIP redistribution table contains four static entries. You cannot add entries to the table. The entries are defined as follows:

  • bgp - Redistribute routes learned from BGP.
  • connected - Redistribute routes learned from a direct connection to the destination network.
  • isis - Redistribute routes learned from ISIS.
  • ospf - Redistribute routes learned from OSPF.
  • static - Redistribute the static routes defined in the FortiGate unit routing table.

When you enter the subcommand, end the command with one of the four static entry names (that is, config redistribute {bgp | connected | isis | ospf | static}). All fields are optional.

metric

Enter the metric value to be used for the redistributed routes. The acceptable value range is an integer from 0 to 16.

routemap

Enter the name of the route map to use for the redistributed routes. For information on how to configure route maps, see router route-map.