Fortinet white logo
Fortinet white logo

Administration Guide

Basic RIPng example

Basic RIPng example

In this example, a small network is configured with RIP next generation (RIPng). Two FortiGates are connected to the internal network and the ISP, providing some redundancy to help ensure that the internal network can always reach the internet.

The FortiGates are running in NAT mode with VDOMs disabled, and firewall policies have already been configured to allow traffic to flow across the interfaces.

All of the internal computers and other network devices support IPv6 addressing and are running RIPng (where applicable), so no static routing is required. Internal network devices only need to know the FortiGate's internal interface network addresses.

Router

Interface (alias)

IPv6 address

Router1

port1 (internal)

2002:A0B:6565:0:0:0:0:0

port2 (ISP)

2002:AC14:7865:0:0:0:0:0

Router2

port1 (internal)

2002:A0B:6566:0:0:0:0:0

port2 (ISP)

2002:AC14:7866:0:0:0:0:0

On each FortiGate, the interfaces are configured first, and then RIPng. No redistribution or authentication is configured.

In the RIPng configuration, only the interface names are required. The ISP router and the other FortiGate are configured as neighbors. Declaring the neighbors reduces the discovery traffic when the routers start. There is no specific command to include a subnet in the RIP broadcast, and RIPng can only be configured using the CLI.

To configure Router1:
  1. Configure the interfaces:

    config system interface
        edit port1
            set allowaccess ping https ssh
            set type physical
            set description "Internal RnD network"
            set alias "internal"
            config ipv6
                set ip6-address 2002:a0b:6565::/0
            end
        next
        edit port2
            set allowaccess ping https ssh
            set type physical
            set description "ISP and Internet"
            set alias "ISP"
            config ipv6
                set ip6-address 2002:ac14:7865::/0
            end
        next
    end
  2. Configure RIPng:

    config router ripng
        config neighbor
            edit 1
                set ip6 2002:a0b:6566::
                set interface port1
            next
            edit 2
                set ip6 2002:ac14:7805::
                set interface port2
            next
        end
        config interface
            edit port1
            next
            edit port2
            next
        end
    end
To configure Router2:
  1. Configure the interfaces:

    config system interface
        edit port1
            set allowaccess ping https ssh
            set type physical
            set description "Internal RnD network"
            set alias "internal"
            config ipv6
                set ip6-address 2002:a0b:6566::/0
            end
        next
        edit port2
            set allowaccess ping https ssh
            set type physical
            set description "ISP and Internet"
            set alias "ISP"
            config ipv6
                set ip6-address 2002:ac14:7866::/0
            end
        next
    end
  2. Configure RIPng:

    config router ripng
        config neighbor
            edit 1
                set ip6 2002:a0b:6565::
                set interface port1
            next
            edit 2
                set ip6 2002:ac14:7805::
                set interface port2
            next
        end
        config interface
            edit port1
            next
            edit port2
            next
        end
    end

Testing the configuration

The following commands can be used to check the RIPng information on the FortiGates, and can help track down issues:

To view the local scope IPv6 addresses used as next-hops by RIPng on the FortiGate:

# diagnose ipv6 address list

To view IPv6 addresses that are installed in the routing table:

# diagnose ipv6 route list

To view the IPv6 routing table:

# get router info6 routing-table

This information is similar to the diagnose ipv6 route list command, but it is presented in an easier to read format.

To view the brief output on the RIP information for the interface listed:

# get router info6 rip interface external

This includes information such as, if the interface is up or down, what routing protocol is being used, and whether passive interface or split horizon is enabled.

Basic RIPng example

Basic RIPng example

In this example, a small network is configured with RIP next generation (RIPng). Two FortiGates are connected to the internal network and the ISP, providing some redundancy to help ensure that the internal network can always reach the internet.

The FortiGates are running in NAT mode with VDOMs disabled, and firewall policies have already been configured to allow traffic to flow across the interfaces.

All of the internal computers and other network devices support IPv6 addressing and are running RIPng (where applicable), so no static routing is required. Internal network devices only need to know the FortiGate's internal interface network addresses.

Router

Interface (alias)

IPv6 address

Router1

port1 (internal)

2002:A0B:6565:0:0:0:0:0

port2 (ISP)

2002:AC14:7865:0:0:0:0:0

Router2

port1 (internal)

2002:A0B:6566:0:0:0:0:0

port2 (ISP)

2002:AC14:7866:0:0:0:0:0

On each FortiGate, the interfaces are configured first, and then RIPng. No redistribution or authentication is configured.

In the RIPng configuration, only the interface names are required. The ISP router and the other FortiGate are configured as neighbors. Declaring the neighbors reduces the discovery traffic when the routers start. There is no specific command to include a subnet in the RIP broadcast, and RIPng can only be configured using the CLI.

To configure Router1:
  1. Configure the interfaces:

    config system interface
        edit port1
            set allowaccess ping https ssh
            set type physical
            set description "Internal RnD network"
            set alias "internal"
            config ipv6
                set ip6-address 2002:a0b:6565::/0
            end
        next
        edit port2
            set allowaccess ping https ssh
            set type physical
            set description "ISP and Internet"
            set alias "ISP"
            config ipv6
                set ip6-address 2002:ac14:7865::/0
            end
        next
    end
  2. Configure RIPng:

    config router ripng
        config neighbor
            edit 1
                set ip6 2002:a0b:6566::
                set interface port1
            next
            edit 2
                set ip6 2002:ac14:7805::
                set interface port2
            next
        end
        config interface
            edit port1
            next
            edit port2
            next
        end
    end
To configure Router2:
  1. Configure the interfaces:

    config system interface
        edit port1
            set allowaccess ping https ssh
            set type physical
            set description "Internal RnD network"
            set alias "internal"
            config ipv6
                set ip6-address 2002:a0b:6566::/0
            end
        next
        edit port2
            set allowaccess ping https ssh
            set type physical
            set description "ISP and Internet"
            set alias "ISP"
            config ipv6
                set ip6-address 2002:ac14:7866::/0
            end
        next
    end
  2. Configure RIPng:

    config router ripng
        config neighbor
            edit 1
                set ip6 2002:a0b:6565::
                set interface port1
            next
            edit 2
                set ip6 2002:ac14:7805::
                set interface port2
            next
        end
        config interface
            edit port1
            next
            edit port2
            next
        end
    end

Testing the configuration

The following commands can be used to check the RIPng information on the FortiGates, and can help track down issues:

To view the local scope IPv6 addresses used as next-hops by RIPng on the FortiGate:

# diagnose ipv6 address list

To view IPv6 addresses that are installed in the routing table:

# diagnose ipv6 route list

To view the IPv6 routing table:

# get router info6 routing-table

This information is similar to the diagnose ipv6 route list command, but it is presented in an easier to read format.

To view the brief output on the RIP information for the interface listed:

# get router info6 rip interface external

This includes information such as, if the interface is up or down, what routing protocol is being used, and whether passive interface or split horizon is enabled.