config router
Use the config router
commands to configure options related to routing protocols and packet forwarding:
- config router access-list
- config router access-list6
- config router aspath-list
- config router bgp
- config router community-list
- config router isis
- config router key-chain
- config router multicast
- config router multicast-flow
- config router ospf
- config router ospf6
- config router policy
- config router prefix-list
- config router prefix-list6
- config router rip
- config router ripng
- config router route-map
- config router setting
- config router static
- config router static6
- config router vrf
config router access-list
Use this command to configure an IPv4 access list. An access list is a list of IP addresses and the action to take for each one. Access lists provide basic route and network filtering.
Syntax
config router access-list
edit <list_str>
set comments <comment_str>
config rule
edit <rule_int>
set action {deny | permit}
set prefix {<xxx.xxx.xxx.xxx> <xxx.xxx.xxx.xxx> | any}
set wildcard <IP_address>
set exact-match {enable | disable}
end
end
Variable |
Description |
Default |
<list_str> |
Enter the name of the access list.
|
No default |
comments <comment_str> |
Enter a descriptive comment. |
No default |
config rule |
Configure the access-list rule. |
|
<rule_int> |
The rule identifier. |
No default |
action {deny | permit} |
Set whether the rule allows or denies the IPv4 address. |
permit |
prefix {<xxx.xxx.xxx.xxx> <xxx.xxx.xxx.xxx> | any} |
Set the prefix to define regular filter criteria, such as NOTE: The access list name must contain at least one alphabetic character. |
any |
wildcard <IP_address> |
Define Cisco-style wildcard filter criteria. NOTE: The access list name must be a digit in the range of 1-99. Strings are not supported. |
No default |
exact-match {enable | disable} |
Set whether the rule looks for an exact match with the value in the prefix field. |
disable |
Example
This example shows how to configure an access list:
config router access-list
edit mylist
set comments "access list for RIP 1"
config rule
edit 1
set action permit
set prefix xxx.xx.xx.xx xxx.xxx.xxx.x
end
end
config router access-list6
Use this command to configure an IPv6 access list. An access list is a list of IP addresses and the action to take for each one. Access lists provide basic route and network filtering.
Syntax
config router access-list6
edit <name_of_IPv6_access_list>
set comments <string>
config rule
edit <rule_ID>
set action {deny | permit}
set prefix6 {<xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx> | any}
set exact-match {enable | disable}
next
end
end
Variable |
Description |
Default |
<name_of_IPv6_access_list> |
Enter the name of the IPv6 access list. |
No default |
comments <string> |
Enter a descriptive comment. |
No default |
config rule |
Configure the IPv6 access-list rule. |
|
<rule_ID> |
The rule identifier. |
No default |
action {deny | permit} |
Set whether the rule allows or denies the IPv6 address. |
permit |
prefix6 {<xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx> | any} |
Set the IPv6 prefix to define regular filter criteria, such as |
any |
exact-match {enable | disable} |
Set whether the rule looks for an exact match with the value in the prefix field. |
disable |
Example
This example shows how to configure an IPv6 access list:
config router access-list6
edit accesslist1
set comments "IPv6 access list"
config rule
edit 1
set action permit
set prefix6 fe80::a5b:eff:fef1:95e5
set exact-match disable
next
end
end
config router aspath-list
Use this command to set or unset Border Gateway Protocol (BGP) AS-path list parameters. By default, BGP uses an ordered list of Autonomous System (AS) numbers to describe the route that a packet takes to reach its destination. A list of these AS numbers is called the AS path. You can filter BGP routes using AS path lists.
Use the config router aspath-list
command to define an access list that examines the AS_PATH attributes of BGP routes to match routes. Each entry in the list defines a rule for matching and selecting routes based on the setting of the AS_PATH attribute.
Syntax
config router aspath-list
edit <AS_path_list_name>
config rule
edit <rule_identifier>
set action {deny | permit}
set regexp <string>
end
end
Variable |
Description |
Default |
<AS_path_list_name> |
Enter the name of the AS path list. |
No default |
config rule |
Configure the AS path list rule. |
|
<rule_identifier> |
Enter a rule identifier. |
No default |
action {deny | permit} |
Set whether to permit or deny route-based operations, based on the routeʼs AS_PATH attribute. |
No default |
regexp <string> |
Specify the regular expression that will be compared to the AS_PATH attribute (for example, ^730$). The value is used to match AS numbers. Enclose a complex regular expression value within double-quotation marks. |
No default |
config router bgp
Use this command to configure Border Gateway Protocol version-4 (BGP-4) routing parameters. BGP can be used to perform Classless Interdomain Routing (CIDR) and to route traffic between different autonomous systems or domains using an alternative route if a link between a FortiSwitch unit and a BGP peer (such as an ISP router) fails.
The following RFCs are supported:
- RFC1771—A Border Gateway Protocol 4 (BGP-4)
- RFC1965—Autonomous System Confederations for BGP
- RFC1997—BGP Communities Attribute
- RFC2545—Use of BGP-4 Multiprotocol Extensions for IPv6 Inter-Domain Routing
- RFC2796—BGP Route Reflection An alternative to full mesh IBGP
- RFC2858—Multiprotocol Extensions for BGP-4
- RFC2842—Capabilities Advertisement with BGP-4
- RFC2439—BGP Route Flap Damping
Syntax
config router bgp
set as <MANDATORY_router_AS_number>
set router-id <MANDATORY_IP_address>
set keepalive-timer <0-65535>
set holdtime-timer <0, 3-65535>
set always-compare-med {disable | enable}
set bestpath-as-path-ignore {disable | enable}
set bestpath-cmp-confed-aspath {disable | enable}
set bestpath-cmp-routerid {disable | enable}
set bestpath-med-confed {disable | enable}
set bestpath-med-missing-as-worst {disable | enable}
set client-to-client-reflection {disable | enable}
set dampening {disable | enable}
set dampening-reachability-half-life <1-45>
set dampening-reuse <1-20000>
set dampening-suppress <1-20000>
set dampening-max-suppress-time <1-255>
set deterministic-med {disable | enable}
set enforce-first-as {disable | enable}
set fast-external-failover {disable | enable}
set log-neighbour-changes {disable | enable}
set cluster-id <IP_address>
set confederation-identifier <1-4294967295>
set default-local-preference <0-4294967295>
set scan-time <5-60>
set maximum-paths-ebgp <1-64>
set bestpath-aspath-multipath-relax {disable | enable}
set maximum-paths-ibgp <1-64>
set distance-external <1-255>
set distance-internal <1-255>
set distance-local <1-255>
set graceful-stalepath-time <1-3600>
config admin-distance
edit <identifier>
set distance <1-255>
set neighbour-prefix <IP_address_netmask>
set route-list <string>
end
config aggregate-address
edit <identifier>
set as-set {disable | enable}
set prefix <IPv4_address_netmask>
set summary-only {disable | enable}
end
config aggregate-address6
edit <identifier>
set as-set {disable | enable}
set prefix <IPv6_address_netmask>
set summary-only {disable | enable}
end
config neighbor
edit "<IPv4_IPv6_address>"
set advertisement-interval <0-600>
set allowas-in-enable {disable | enable}
set allowas-in <1-10>
set allowas-in-enable6 {disable | enable}
set allowas-in6 <1-10>
set attribute-unchanged {as-path | MED | next-hop}
set attribute-unchanged6 {as-path | MED | next-hop}
set activate {disable | enable}
set activate6 {disable | enable}
set bfd {disable | enable}
set capability-dynamic {disable | enable}
set capability-orf {both | none | receive | send}
set capability-orf6 {both | none | receive | send}
set capability-default-originate {disable | enable}
set capability-default-originate6 {disable | enable}
set dont-capability-negotiate {disable | enable}
set ebgp-enforce-multihop {disable | enable}
set ebgp-multihop-ttl <1-255>
set ebgp-ttl-security-hops <1-254>
set next-hop-self {disable | enable}
set next-hop-self6 {disable | enable}
set override-capability {disable | enable}
set passive {disable | enable}
set remove-private-as {disable | enable}
set remove-private-as6 {disable | enable}
set route-reflector-client {disable | enable}
set route-reflector-client6 {disable | enable}
set route-server-client {disable | enable}
set route-server-client6 {disable | enable}
set shutdown {disable | enable}
set soft-reconfiguration {disable | enable}
set soft-reconfiguration6 {disable | enable}
set as-override {disable | enable}
set as-override6 {disable | enable}
set strict-capability-match {disable | enable}
set description <string>
set distribute-list-in <string>
set distribute-list-in6 <string>
set distribute-list-out <string>
set distribute-list-out6 <string>
set filter-list-in <string>
set filter-list-in6 <string>
set filter-list-out <string>
set filter-list-out6 <string>
set interface <interface_name>
set maximum-prefix <1-4294967295>
set maximum-prefix6 <1-4294967295>
set prefix-list-in <string>
set prefix-list-in6 <string>
set prefix-list-out <string>
set prefix-list-out6 <string>
set remote-as <MANDATORY_1-4294967295>
set route-map-in <string>
set route-map-in6 <string>
set route-map-out <string>
set route-map-out6 <string>
set send-community {both | disable | extended | standard}
set send-community6 {both | disable | extended | standard}
set keep-alive-timer <0-65535>
set holdtime-timer <0, 3-65535>
set connect-timer <0-65535>
set unsuppress-map <string>
set unsuppress-map6 <string>
set update-source {interface_name}
set weight <0-65535>
end
config network
edit <identifier>
set backdoor {disable | enable}
set prefix <IPv4_address_netmask>
set route-map <string>
end
config network6
edit <identifier>
set backdoor {disable | enable}
set prefix6 <IPv6_address_netmask>
set route-map <string>
end
config redistribute {connected | isis | ospf | rip | static}
set status {disable | enable}
set route-map <string>
end
config redistribute6 {connected | isis | ospf | rip | static}
set status {disable | enable}
set route-map <string>
end
end
Variable |
Description |
Default |
as <MANDATORY_router_AS_number> |
Mandatory. Enter an integer to specify the local autonomous system (AS) number of the FortiSwitch unit. The range is from 1 to 4 294 967 295. A value of 0 disables BGP (disabled by default). |
0 |
router-id <MANDATORY_IP_address> |
Mandatory. Specify a fixed identifier for the FortiSwitch unit. A value of 0.0.0.0 is not allowed. |
0.0.0.0 |
keepalive-timer <0-65535> |
How often (in seconds) the router sends out keepalive messages to neighbor routers to maintain those sessions. |
60 |
holdtime-timer <0, 3-65535> |
How long (in seconds) the router will wait for a keepalive message before declaring a router offline. A shorter time will find an off-line router faster. |
180 |
always-compare-med {disable | enable} |
Always compare Multi-Exit Discriminator (MED). |
disable |
bestpath-as-path-ignore {disable | enable} |
AS_PATH is the BGP attribute that keeps track of each AS that a route advertisement has passed through; it helps prevent routing loops. Enable this option if you want BGP to not use the best AS path. Disable this option if you want BGP to use the best AS path. |
disable |
bestpath-cmp-confed-aspath {disable | enable} |
Enable or disable the comparison of the AS_CONFED_SEQUENCE attribute, which defines an ordered list of AS numbers representing a path from the FortiSwitch unit through autonomous systems within the local confederation. |
disable |
bestpath-cmp-routerid {disable | enable} |
Compare router ID for identical external BGP (EBGP) paths. |
disable |
bestpath-med-confed {disable | enable} |
Compare MED among confederation paths. |
disable |
bestpath-med-missing-as-worst {disable | enable} |
Enable or disable (by default) treating any confederation path with a missing MED metric as the least preferred path. |
disable |
client-to-client-reflection {disable | enable} |
Enable (by default) or disable client-to-client route reflection between internal BGP (IBGP) peers. |
enable |
dampening {disable | enable} |
Enable or disable (by default) route-flap dampening on all BGP routes. A flapping route is unstable and continually transitions down and up (see RFC 2439). |
disable |
dampening-reachability-half-life <1-45> |
If you enable dampening, set the maximum time that a route can be suppressed (in minutes). A route can continue to accumulate penalties while it is suppressed. However, the route cannot be suppressed longer than the maximum time. |
15 |
dampening-reuse <1-20000> |
If you enable dampening, set a dampening reuse limit based on the number of accumulated penalties. If the penalty assigned to a flapping route decreases enough to fall below the specified limit, the route is not suppressed. |
750 |
dampening-suppress <1-20000> |
If you enable dampening, set a dampening-suppression limit based on the number of accumulated penalties. A route is suppressed (not advertised) when its penalty exceeds the specified limit. |
2000 |
dampening-max-suppress-time <1-255> |
If you enable dampening, set the maximum time that a route can be suppressed. A route can continue to accumulate penalties while it is suppressed. However, the route cannot be suppressed longer than the maximum time. |
60 |
deterministic-med {disable | enable} |
Enforce deterministic comparison of MED. |
disable |
enforce-first-as {disable | enable} |
Enforce first AS for EBGP routes. |
disable |
fast-external-failover {disable | enable} |
Reset peer BGP session if link goes down. |
enable |
log-neighbour-changes {disable | enable} |
Enable or disable logging of BGP neighborʼs changes. |
enable |
cluster-id <IP_address> |
Route reflector cluster ID. |
0.0.0.0 |
confederation-identifier <1-4294967295> |
Confederation identifier. |
0 |
default-local-preference <0-4294967295> |
Default local preference. |
100 |
scan-time <5-60> |
Background scanner interval (seconds). |
60 |
maximum-paths-ebgp <1-64> |
Set the maximum number of paths for equal-cost multi-path (ECMP) routing using the External Border Gateway Protocol (EBGP). |
1 |
bestpath-aspath-multipath-relax {disable | enable} |
Enable or disable load sharing across routes that are the same length but have different autonomous system (AS) paths. |
disable |
maximum-paths-ibgp <1-64> |
Set the maximum number of paths for equal-cost multi-path (ECMP) routing using the Internal Border Gateway Protocol (IBGP). |
1 |
distance-external <1-255> |
Distance for routes external to the AS. |
20 |
distance-internal <1-255> |
Distance for routes internal to the AS. |
200 |
distance-local <1-255> |
Distance for routes local to the AS. |
200 |
graceful-stalepath-time <1-3600> |
Time to hold stale paths of restarting neighbor(sec). |
360 |
config admin-distance |
Configure administrative distance modifications. |
|
<identifier> |
Enter an identifier to set administrative distance modifications for BGP routes. |
No default |
distance <1-255> |
Set the administrative distance to apply. |
0 |
neighbour-prefix <IP_address_netmask> |
Neighbor address prefix. Enter the class IP address and netmask with correction. |
0.0.0.0 0.0.0.0 |
route-list <string> |
The access list of routes this distance will be applied to. |
No default |
config aggregate-address |
Configure the table of BGP IPv4 aggregate addresses. |
|
<identifier> |
Enter a BGP aggregate entry in the routing table. When you aggregate routes, routing becomes less precise because path details are not readily available for routing purposes. The aggregate address represents addresses in several autonomous systems. Aggregation reduces the length of the network mask until it masks only the bits that are common to all of the addresses being summarized. |
No default |
as-set {disable | enable} |
Enable or disable the generation of an unordered list of AS numbers to include in the path information. |
disable |
prefix <IPv4_address_netmask> |
Aggregate IPv4 prefix. The prefix 0.0.0.0 0.0.0.0 is not allowed. |
No default |
summary-only {disable | enable} |
Enable or disable filtering more specific routes from updates. |
disable |
config aggregate-address6 |
Configure the table of BGP IPv6 aggregate addresses. |
|
<identifier> |
Enter a BGP aggregate entry in the routing table. When you aggregate routes, routing becomes less precise because path details are not readily available for routing purposes. The aggregate address represents addresses in several autonomous systems. Aggregation reduces the length of the network mask until it masks only the bits that are common to all of the addresses being summarized. |
No default |
as-set {disable | enable} |
Enable or disable the generation of an unordered list of AS numbers to include in the path information. |
disable |
prefix6 <IPv6_address_netmask> |
Aggregate IPv6 prefix. |
No default |
summary-only {disable | enable} |
Enable or disable filtering more specific routes from updates. |
disable |
config neighbor |
Configure the BGP neighbor table. |
|
<IPv4_IPv6_address> |
Enter the IPv4 or IPv6 address of the BGP neighbor. |
No default |
advertisement-interval <0-600> |
Set the minimum amount of time (in seconds) that the FortiSwitch unit waits before sending a BGP routing update to the BGP neighbor. |
30 |
allowas-in-enable {disable | enable} |
Enable to allow my AS-in-AS path (for IPv4). |
disable |
allowas-in <1-10> |
If you enable |
No default |
allowas-in-enable6 {disable | enable} |
Enable to allow my AS-in-AS path (for IPv6). |
disable |
allowas-in6 <1-10> |
If you enable |
No default |
attribute-unchanged {as-path | MED | next-hop} |
Propagate unchanged BGP attributes to the BGP neighbor using one of the following methods (for IPv4):
|
No default |
attribute-unchanged6 {as-path | MED | next-hop} |
Propagate unchanged BGP attributes to the BGP neighbor using one of the following methods (for IPv6):
|
No default |
activate {disable | enable} |
Enable address family IPv4 for this neighbor. |
enable |
activate6 {disable | enable} |
Enable address family IPv6 for this neighbor. |
enable |
bfd {disable | enable} |
Enable BFD for this neighbor. |
disable |
capability-dynamic {disable | enable} |
Advertise dynamic capability to this neighbor. |
disable |
capability-orf {both | none | receive | send} |
Enable advertising of Outbound Routing Filter (ORF) prefix-list capability to the BGP neighbor using one of the following methods (for IPv4):
|
none |
capability-orf6 {both | none | receive | send} |
Enable advertising of ORF prefix-list capability to the BGP neighbor using one of the following methods (for IPv6):
|
none |
capability-default-originate {disable | enable} |
Advertise the default IPv4 route to this neighbor. |
disable |
capability-default-originate6 {disable | enable} |
Advertise the default IPv6 route to this neighbor. |
disable |
dont-capability-negotiate {disable | enable} |
Do not negotiate capabilities with this neighbor. |
disable |
ebgp-enforce-multihop {disable | enable} |
Enable or disable the allowance of multi-hop EBGP neighbors. |
disable |
ebgp-multihop-ttl <1-255> |
If you enable |
255 |
ebgp-ttl-security-hops <1-254> |
If you enable ebgp-enforce-multihop, specify the maximum number of hops to the EBGP peer. |
0 |
next-hop-self {disable | enable} |
Enable or disable IPv4 next-hop calculation for this neighbor. |
disable |
next-hop-self6 {disable | enable} |
Enable or disable IPv6 next-hop calculation for this neighbor. |
disable |
override-capability {disable | enable} |
Enable or disable the overriding of the result of the capability negotiation. |
disable |
passive {disable | enable} |
Enable or disable sending of open messages to this neighbor. |
disable |
remove-private-as {disable | enable} |
Enable or disable the removal of the private AS number from the IPv4 outbound updates. |
disable |
remove-private-as6 {disable | enable} |
Enable or disable the removal of the private AS number from the IPv6 outbound updates. |
disable |
route-reflector-client {disable | enable} |
Enable or disable the IPv4 AS route reflector client. |
disable |
route-reflector-client6 {disable | enable} |
Enable or disable the IPv6 AS route reflector client. |
disable |
route-server-client {disable | enable} |
Enable or disable the IPv4 AS route server client. |
disable |
route-server-client6 {disable | enable} |
Enable or disable the IPv6 AS route server client. |
disable |
shutdown {disable | enable} |
Enable or disable the shutting down of this neighbor. |
disable |
soft-reconfiguration {disable | enable} |
Enable or disable the allowance of IPv4 inbound soft reconfiguration. |
disable |
soft-reconfiguration6 {disable | enable} |
Enable or disable the allowance of IPv6 inbound soft reconfiguration. |
disable |
as-override {disable | enable} |
Enable or disable the replacement of the peer AS with own AS for IPv4. |
disable |
as-override6 {disable | enable} |
Enable or disable the replacement of the peer AS with own AS for IPv6. |
disable |
strict-capability-match {disable | enable} |
Enable or disable strict capability matching. |
disable |
description <string> |
Enter a description of this neighbor. |
No default |
distribute-list-in <string> |
Limit route updates from the BGP neighbor based on the Network Layer Reachability Information (NLRI) prefixes defined in the specified IPv4 access list. You must create the access list before it can be selected here. See config router access-list. |
No default |
distribute-list-in6 <string> |
Limit route updates from the BGP neighbor based on the Network Layer Reachability Information (NLRI) prefixes defined in the specified IPv6 access list. You must create the access list before it can be selected here. See config router access-list6. |
No default |
distribute-list-out <string> |
Limit route updates to the BGP neighbor based on the NLRI defined in the specified IPv4 access list. You must create the access list before it can be selected here. See config router access-list. |
No default |
distribute-list-out6 <string> |
Limit route updates to the BGP neighbor based on the NLRI defined in the specified IPv6 access list. You must create the access list before it can be selected here. See config router access-list6. |
No default |
filter-list-in <string> |
BGP AS path filter for IPv4 inbound routes. You must create the AS path list before it can be selected here. See config router aspath-list. |
No default |
filter-list-in6 <string> |
BGP AS path filter for IPv6 inbound routes. You must create the AS path list before it can be selected here. See config router aspath-list. |
No default |
filter-list-out <string> |
BGP AS path filter for IPv4 outbound routes. You must create the AS path list before it can be selected here. See config router aspath-list. |
No default |
filter-list-out6 <string> |
BGP AS path filter for IPv6 outbound routes. You must create the AS path list before it can be selected here. See config router aspath-list. |
No default |
interface <interface_name> |
Set the interface. |
No default |
maximum-prefix <1-4294967295> |
Enter the maximum number of IPv4 prefixes to accept from this peer. |
unset |
maximum-prefix6 <1-4294967295> |
Enter the maximum number of IPv6 prefixes to accept from this peer. |
unset |
prefix-list-in <string> |
Limit route updates from a BGP neighbor based on the Network Layer Reachability Information (NLRI) in the specified IPv4 prefix list. The prefix list defines the NLRI prefix and length advertised in a route. You must create the prefix list before it can be selected here. See config router prefix-list. |
No default |
prefix-list-in6 <string> |
Limit route updates from a BGP neighbor based on the Network Layer Reachability Information (NLRI) in the specified IPv6 prefix list. The prefix list defines the NLRI prefix and length advertised in a route. You must create the prefix list before it can be selected here. See config router prefix-list6. |
No default |
prefix-list-out <string> |
Limit route updates to a BGP neighbor based on the NLRI in the specified IPv4 prefix list. The prefix list defines the NLRI prefix and length advertised in a route. You must create the prefix list before it can be selected here. See config router prefix-list. |
No default |
prefix-list-out6 <string> |
Limit route updates to a BGP neighbor based on the NLRI in the specified IPv6 prefix list. The prefix list defines the NLRI prefix and length advertised in a route. You must create the prefix list before it can be selected here. See config router prefix-list6. |
No default |
remote-as <MANDATORY_1-4294967295> |
Mandatory. Adds a BGP neighbor to the FortiSwitch configuration and sets the AS number of the neighbor. If the number is identical to the AS number of the FortiSwitch unit, the FortiSwitch unit communicates with the neighbor using internal BGP (IBGP). Otherwise, the neighbor is an external peer, and the FortiSwitch unit uses EBGP to communicate with the neighbor. |
0 |
route-map-in <string> |
Limit route updates or change the attributes of route updates from the BGP neighbor according to the specified IPv4 route map. Only the route maps for this protocol are listed. You must create the route map before it can be selected here. See config router route-map. |
No default |
route-map-in6 <string> |
Limit route updates or change the attributes of route updates from the BGP neighbor according to the specified IPv6 route map. Only the route maps for this protocol are listed. You must create the route map before it can be selected here. See config router route-map. |
No default |
route-map-out <string> |
Limit route updates or change the attributes of route updates to the BGP neighbor according to the specified IPv4 route map. Only the route maps for this protocol are listed. You must create the route map before it can be selected here. See config router route-map. |
No default |
route-map-out6 <string> |
Limit route updates or change the attributes of route updates to the BGP neighbor according to the specified IPv6 route map. Only the route maps for this protocol are listed. You must create the route map before it can be selected here. See config router route-map. |
No default |
send-community {both | disable | extended | standard} |
Enable sending the COMMUNITY attribute to the BGP neighbor using one of the following methods (for IPv4):
|
both |
send-community6 {both | disable | extended | standard} |
Enable sending the COMMUNITY attribute to the BGP neighbor using one of the following methods (for IPv6):
|
both |
keep-alive-timer <0-65535> |
How often (in seconds) the router sends out keepalive messages to neighbor routers to maintain those sessions. |
No default |
holdtime-timer <0, 3-65535> |
How long (in seconds) the router will wait for a keepalive message before declaring a router offline. A shorter time will find an off-line router faster. |
No default |
connect-timer <0-65535> |
Interval (in seconds) for connect timer. |
No default |
unsuppress-map <string> |
Specify the name of the IPv4 route map to selectively unsuppress suppressed routes. Only the route maps for this protocol are listed. You must create the route map before it can be selected here. See config router route-map. |
No default |
unsuppress-map6 <string> |
Specify the name of the IPv6 route map to selectively unsuppress suppressed routes. Only the route maps for this protocol are listed. You must create the route map before it can be selected here. See config router route-map. |
No default |
update-source {interface_name} |
Interface to use as source IP/IPv6 address of TCP connections. |
No default |
weight <0-65535> |
Neighbor weight. |
No default |
config network |
Configure the BGP IPv4 network table. |
|
<identifier> |
Enter an identifier. |
No default |
backdoor {disable | enable} |
Enable route as backdoor. |
disable |
prefix <IPv4_address_netmask> |
Set the network IPv4 prefix. Use the class IPv4 address and netmask with correction. |
0.0.0.0 0.0.0.0 |
route-map <string> |
Specify the name of the route map. Only the route maps for this protocol are listed. See config router route-map. |
No default |
config network6 |
Configure the BGP IPv6 network table. |
|
<identifier> |
Enter an identifier. |
No default |
backdoor {disable | enable} |
Enable route as backdoor. |
disable |
prefix <IPv6_address_netmask> |
Set the network IPv6 prefix. Use the class IPv6 address and netmask with correction. |
No default |
route-map <string> |
Specify the name of the route map. Only the route maps for this protocol are listed. See config router route-map. |
No default |
config redistribute {connected | isis | ospf | rip | static} |
Configure the BGP IPv4 redistribute table. |
|
status {disable | enable} |
You can enable BGP to provide connectivity between connected, static, RIP, and/or OSPF IPv4 routes. BGP redistributes the routes from one protocol to another. When a large internetwork is divided into multiple routing domains, use the subcommand to redistribute routes to the various domains. |
disable |
route-map <string> |
Specify the name of the route map that identifies the routes to redistribute. If a route map is not specified, all routes are redistributed to BGP. Only the route maps for this protocol are listed. You must create the route map before it can be selected here. See config router route-map. |
No default |
config redistribute6 {connected | isis | ospf | rip | static} |
Configure the BGP IPv6 redistribute table. |
|
status {disable | enable} |
You can enable BGP to provide connectivity between connected, static, RIP, and/or OSPF IPv6 routes. BGP redistributes the routes from one protocol to another. When a large internetwork is divided into multiple routing domains, use the subcommand to redistribute routes to the various domains. |
disable |
route-map <string> |
Specify the name of the route map that identifies the routes to redistribute. If a route map is not specified, all routes are redistributed to BGP. Only the route maps for this protocol are listed. You must create the route map before it can be selected here. See config router route-map. |
No default |
Example
This example shows how to configure internal BGP routing:
config router bgp
set as 6500
set router-id 1.2.3.4
config neighbor
edit "172.168.111.5"
set remote-as 6500
next
end
config network
edit 1
set prefix 192.168.2.0 255.255.255.0
next
end
config redistribute "connected"
end
end
end
config router community-list
Use this command to identify BGP routes according to their COMMUNITY attributes (see RFC 1997). Each entry in the community list defines a rule for matching and selecting routes based on the setting of the COMMUNITY attribute.
Syntax
config router community-list
edit <community_list_name>
set type {expanded | standard}
config rule
edit <rule_identifier>
set action {deny | permit}
set regexp <regular_expression>
set match <community_number | internet | local-AS | no-advertise | no-export>
end
end
Variable |
Description |
Default |
<community_list_name> |
Enter a name for the community list. NOTE: If the community list name is a number in the range of 1-99, the |
No default |
type {expanded | standard} |
Specify the type of community to match. NOTE: This field is valid only when the community list name is not numeric. |
standard |
config rule |
Configure the community list rule. |
|
<rule_identifier> |
Enter a rule identifier. |
No default |
action {deny | permit} |
Permit or deny route-based operations, based on the routeʼs COMMUNITY attribute. |
No default |
regexp <regular_expression> |
If you select an expanded community, specify an ordered list of COMMUNITY attributes as a regular expression. The value or values are used to match a community. Enclose a complex regular expression value within double-quotation marks. |
No default |
match <community_number | internet | local-AS | no-advertise | no-export> |
If you select a standard community, specify the criteria for matching a reserved community:
|
No default |
config router isis
Intermediate System to Intermediate System Protocol (IS-IS) allows routing of ISO’s OSI protocol stack Connectionless Network Service (CLNS). IS-IS is an Interior Gateway Protocol (IGP) that is not intended to be used between Autonomous Systems (AS).
Syntax
config router isis
set auth-keychain-area <string>
set auth-keychain-domain <string>
set auth-mode-area {md5 | password}
set auth-mode-domain {md5 | password}
set auth-password-area <password>
set auth-password-domain <password>
set auth-sendonly-area {enable | disable}
set auth-sendonly-domain {enable | disable}
set default-information-level {level-1 | level-1-2 | level-2}
set default-information-level6 {level-1 | level-1-2 | level-2}
set default-information-metric <0-4261412864>
set default-information-metric6 <0-4261412864>
set default-information-originate {always | disable | enable}
set default-information-originate6 {always | disable | enable}
set ignore-attached-bit {disable | enable}
set is-type {level-1 | level-1-2 | level-2-only}
set log-neighbour-changes {disable | enable}
set lsp-gen-interval-l1 <1-120>
set lsp-gen-interval-l2 <1-120>
set lsp-refresh-interval <1-65535>
set max-lsp-lifetime <350-65535>
set metric-style {narrow | transition | wide}
set overload-bit {disable | enable}
set redistribute-l1 {disable | enable}
set redistribute-l1-list <string>
set redistribute6-l1 {disable | enable}
set redistribute6-l1-list <string>
set router-id <IP_address>
set spf-interval-exp-l1 <1-120>
set spf-interval-exp-l2 <1-120>
config interface
edit <IS-IS interface name>
set auth-keychain-hello <string>
set auth-mode-hello {md5 | password}
set auth-password-hello <password>
set bfd {enable | disable}
set bfd6 {enable | disable}
set circuit-type {level-1 | level-1-2 | level-2}
set csnp-interval-l1 <1-65535 seconds>
set csnp-interval-l2 <1-65535 seconds>
set hello-interval-l1 <1-65535 seconds; 0 to use 1-second hold time>
set hello-interval-l2 <1-65535 seconds; 0 to use 1-second hold time>
set hello-multiplier-l1 <2-100>
set hello-multiplier-l2 <2-100>
set hello-padding {disable | enable}
set metric-l1 <1-63>
set metric-l2 <1-63>
set passive {disable | enable}
set priority-l1 <0-127>
set priority-l2 <0-127>
set status {disable | enable}
set status6 {disable | enable}
set wide-metric-l1 <1-16777214>
set wide-metric-l2 <1-16777214>
end
config net
edit <identifier>
set <IS-IS net xx.xxxx. ... .xxxx.xx>
end
config redistribute {bgp | connected | ospf | rip | static}
set status {disable | enable}
set metric <0-4261412864>
set metric-type {external | internal}
set level {level-1 | level-1-2 | level-2}
set routemap <string>
end
config redistribute6 {bgp6 | connected | ospf6 | ripng | static}
set status {disable | enable}
set metric <0-4261412864>
set level {level-1 | level-1-2 | level-2}
set routemap <string>
end
config summary-address
edit <summary address entry identifier>
set level {level-1 | level-1-2 | level-2}
set prefix <IPv4 address and netmask>
end
config summary-address6
edit <summary address entry identifier>
set level {level-1 | level-1-2 | level-2}
set prefix6 <IPv6 address and netmask>
end
end
Variable |
Description |
Default |
auth-keychain-area <string> |
IS-IS area (level-1) authentication keychain. This command is applicable when the areaʼs authentication mode is |
No default |
auth-keychain-domain <string> |
IS-IS domain (level-2) authentication key-chain. This command is applicable when domainʼs auth mode is |
No default |
auth-mode-area {md5 | password} |
IS-IS area (level-1) authentication mode. |
password |
auth-mode-domain {md5 | password} |
IS-IS domain (level-2) authentication mode. |
password |
auth-password-area <password> |
IS-IS area (level-1) authentication password. This command is applicable when areaʼs authentication mode is |
No default |
auth-password-domain <password> |
IS-IS domain (level-2) authentication password. This command is applicable when domainʼs authentication mode is |
No default |
auth-sendonly-area {enable | disable} |
IS-IS area (level-1) authentication send-only. |
disable |
auth-sendonly-domain {enable | disable} |
IS-IS domain (level-2) authentication send-only. |
disable |
default-information-level {level-1 | level-1-2 | level-2} |
Distribute default IPv4 route into levelʼs link-state packet (LSP). |
level-2 |
default-information-level6 {level-1 | level-1-2 | level-2} |
Distribute default IPv6 route into levelʼs LSP. |
level-2 |
default-information-metric <0-4261412864> |
Default IPv4 information metric. |
10 |
default-information-metric6 <0-4261412864> |
Default IPv6 information metric. |
10 |
default-information-originate {always | disable | enable} |
Enable or disable the generation of an IPv4 default route. |
disable |
default-information-originate6 {always | disable | enable} |
Enable or disable the generation of an IPv6 default route. |
disable |
ignore-attached-bit {disable | enable} |
Ignore attached bit on incoming level-1 LSP. |
disable |
is-type {level-1 | level-1-2 | level-2-only} |
Set the IS-IS level to use:
|
level-1-2 |
log-neighbour-changes {disable | enable} |
Enable logging of IS-IS neighborʼs changes |
enable |
lsp-gen-interval-l1 <1-120> |
Minimum interval for level-1 LSP regenerating. |
1 |
lsp-gen-interval-l2 <1-120> |
Minimum interval for level-2 LSP regenerating. |
1 |
lsp-refresh-interval <1-65535> |
LSP refresh time in seconds. |
900 |
max-lsp-lifetime <350-65535> |
Maximum LSP lifetime in seconds. |
1200 |
metric-style {narrow | transition | wide} |
Use old-style (ISO 10589) or new-style packet formats.
|
narrow |
overload-bit {disable | enable} |
Signal other routers not to use this bit in shortest-path-first (SPF). |
disable |
redistribute-l1 {disable | enable} |
Redistribute level-1 IPv4 routes into level 2. |
enable |
redistribute-l1-list <string> |
Access-list for redistributing level-1 IPv4 routes to level 2. |
No default |
redistribute6-l1 {disable | enable} |
Redistribute level-1 IPv6 routes into level 2. |
enable |
redistribute6-l1-list <string> |
Access-list for redistributing level-1 IPv6 routes to level 2. |
No default |
router-id <IP_address> |
Router identifier. |
0.0.0.0 |
spf-interval-exp-l1 <1-120> |
Level-1 SPF minimum calculation delay in seconds. |
1 |
spf-interval-exp-l2 <1-120> |
Level-2 SPF minimum calculation delay in seconds. |
1 |
config interface |
Configure the IS-IS interface. |
|
<IS-IS interface name> |
Select the IS-IS interface name to configure. |
No default |
auth-keychain-hello <string> |
Hello protocol data unit (PDU) authentication keychain. This command is applicable when the hello packetʼs authentication mode is |
No default |
auth-mode-hello {md5 | password} |
Hello PDU authentication mode. |
password |
auth-password-hello <password> |
Hello PDU authentication password. This command is applicable when hello's authentication mode is |
No default |
bfd {enable | disable} |
Enable or disable bidirectional forwarding detection (BFD) for IPv4 traffic. |
disable |
bfd6 {enable | disable} |
Enable or disable BFD for IPv6 traffic. |
disable |
circuit-type {level-1 | level-1-2 | level-2} |
Set the IS-IS circuit type to use for this interface:
|
level-1-2 |
csnp-interval-l1 <1-65535> |
Level-1 complete sequence number PDU (CSNP) interval, in number of seconds. |
10 |
csnp-interval-l2 <1-6553> |
Level-2 CSNP interval, in number of seconds. |
10 |
hello-interval-l1 <1-65535> |
Level-1 hello packet interval, in number of seconds. Use 0 for a 1-second hold time. |
10 |
hello-interval-l2 <1-65535> |
Level-2 hello packet interval, in number of seconds. Use 0 for a 1-second hold time. |
10 |
hello-multiplier-l1 <2-100> |
Level-1 multiplier for hello packet holding time. |
3 |
hello-multiplier-l2 <2-100> |
Level-2 multiplier for hello packet holding time. |
3 |
hello-padding {disable | enable} |
Enable padding to IS-IS hello packets. |
enable |
metric-l1 <1-63> |
Level-1 metric for interface. |
10 |
metric-l2 <1-63> |
Level-2 metric for interface. |
10 |
passive {disable | enable} |
Set this interface as passive. |
disable |
priority-l1 <0-127> |
Level-1 priority. |
64 |
priority-l2 <0-127> |
Level-2 priority. |
64 |
status {disable | enable} |
Enable or disable the interface for IS-IS for IPv4 traffic. |
enable |
status6 {disable | enable} |
Enable or disable the interface for IS-IS for IPv6 traffic. |
enable |
wide-metric-l1 <1-16777214> |
Level-1 wide metric for interface. |
10 |
wide-metric-l2 <1-16777214> |
Level-2 wide metric for interface. |
10 |
config net |
Configure the IS-IS network. |
|
<identifier> |
An integer identifier; 0 is the lowest available identifier. |
No default |
<IS-IS net xx.xxxx. ... .xxxx.xx> |
Set the IS-IS network. |
No default |
config redistribute {bgp | connected | ospf | rip | static} |
Configure the IS-IS redistribute IPv4 protocols. |
|
status {disable | enable} |
Enable or disable the redistribution of routes from other routing protocols using IS-IS. |
disable |
metric <0-4261412864> |
Redistribution metric. |
10 |
metric-type {external | internal} |
Select |
external |
level {level-1 | level-1-2 | level-2} |
Set the IS-IS level to use for redistributing routes:
|
level1-2 |
routemap <string> |
Enter the route map name. Only the route maps for this protocol are listed. You must create the route map before selecting it. See config router route-map. |
No default |
config redistribute6 {bgp6 | connected | ospf6 | ripng | static} |
Configure the IS-IS redistribute IPv6 protocols. | |
status {disable | enable} |
Enable or disable the redistribution of routes from other routing protocols using IS-IS. |
disable |
metric <0-4261412864> |
Redistribution metric. |
10 |
level {level-1 | level-1-2 | level-2} |
Set the IS-IS level to use for redistributing routes:
|
level1-2 |
routemap <string> |
Enter the route map name. Only the route maps for this protocol are listed. You must create the route map before selecting it. See config router route-map. |
No default |
config summary-address |
Configure the summarizing IPv4 address ranges in the IS-IS routing table. | |
<summary address entry identifier> |
Enter the summary address entry ID. The value range is 0-4294967295. |
No default |
level {level-1 | level-1-2 | level-2} |
Set the IS-IS level to use for the summary database:
|
level-2 |
prefix <IPv4 address and netmask> |
Set the IPv4 address and netmask for the prefix. |
No default |
config summary-address6 |
Configure the summarizing IPv6 address ranges in the IS-IS routing table. | |
<summary address entry identifier> |
Enter the summary address entry ID. The value range is 0-4294967295. |
No default |
level {level-1 | level-1-2 | level-2} |
Set the IS-IS level to use for the summary database:
|
level-2 |
prefix6 <IPv6 address and netmask> |
Set the IPv6 address and netmask for the prefix. |
No default |
Example
The following is an example of an IS-IS configuration for IPv4 traffic:
config router isis
set default-information-metric 60
config interface
edit "vlan100"
set circuit-type level-1
set priority-l1 80
set wide-metric-l1 200
next
edit "vlan102"
set circuit-type level-2
next
end
config net
edit 1
set net 49.0002.0000.0000.1048.00
next
end
set metric-style wide
config redistribute "connected"
set status enable
end
config redistribute "rip"
end
config redistribute "ospf"
end
config redistribute "bgp"
end
config redistribute "static"
end
end
config router key-chain
Use this command to configure a keychain. A keychain is a list of one or more authentication keys including its lifetime, which is how long each key is valid. Use keys with overlapping lifetimes to prevent the failure of routing updates.
Syntax
config router key-chain
edit <keychain_name>
config key
edit <keychain_int>
set key-string <key_str>
set accept-lifetime <START> <END>
set send-lifetime <START> <END>
end
end
end
Variable |
Description |
Default |
<keychain_name> |
Enter a name for your keychain. |
No default |
config key |
Configure the key. |
|
<keychain_int> |
Enter the keychain identifier. |
No default |
key-string <key_str> |
Enter a password string for the key. |
No default |
accept-lifetime <START> <END> |
Enter the lifetime of a received authentication key. START and END use the format of HH:MM:SS DAY MONTH YEAR where:
infinite or <duration>, which is the number of seconds that the key is valid. the range of <duration> is 1-2147483646. |
No default |
send-lifetime <START> <END> |
Enter the lifetime of a sent authentication key. START and END use the format of HH:MM:SS DAY MONTH YEAR where:
infinite or <duration>, which is the number of seconds that the key is valid. the range of <duration> is 1-2147483646. |
No default |
Example
This example shows how to add a key to a new keychain:
config router key-chain
edit keychain1
config key
edit 1
set key-string 1234567890
set accept-lifetime 01:02:03 1 8 2017 infinite
set send-lifetime 01:02:03 1 8 2017 infinite
end
end
config router multicast
A FortiSwitch unit can operate as a Protocol Independent Multicast (PIM) version-4 router. FortiSwitchOS supports PIM source-specific multicast (SSM) and version 3 of Internet Group Management Protocol (IGMP).
You can configure a FortiSwitch unit to support PIM using the config router multicast
CLI command. When PIM is enabled, the FortiSwitch unit allocates memory to manage mapping information. The FortiSwitch unit communicates with neighboring PIM routers to acquire mapping information and, if required, processes the multicast traffic associated with specific multicast groups.
Syntax
config router multicast
set multicast-routing {disable | enable}
config interface
edit {interface_name | internal | mgmt}
set pim-mode ssm-mode
set hello-interval <1-180 seconds>
set dr-priority <1-4294967295>
set multicast-flow <string>
config igmp
set query-interval <1-1800 seconds>
set query-max-response-time <1-25 seconds>
end
end
Variable |
Description |
Default |
multicast-routing {disable | enable} |
Enable or disable multicast routing. |
disable |
{interface_name | internal | mgmt} |
Set which interface to configure for multicast routing. |
No default |
pim-mode ssm-mode |
Set the PIM operation mode to SSM mode. |
ssm-mode |
hello-interval <1-180 seconds> |
Specify the amount of time that the FortiSwitch unit waits between sending hello messages to neighboring PIM routers. |
30 |
dr-priority <1-4294967295> |
Assign a priority to the FortiSwitch unit Designated Router (DR) candidacy. The value is compared to that of other DR interfaces connected to the same network segment, and the router having the highest DR priority is selected to be the DR. If two DR priority values are the same, the interface having the highest IP address is selected. |
1 |
multicast-flow <string> |
Connect the named multicast flow to this interface. You must create the multicast flow before it can be selected here. See config router multicast-flow. |
No default |
config igmp |
Configure the multicast-flow entries. |
|
query-interval <1-1800 seconds> |
Set the interval between queries to IGMP hosts. |
125 |
query-max-response-time <1-25 seconds> |
Set the maximum time to wait for an IGMP query response. |
10 |
config router multicast-flow
Use this command to configure the source allowed for a multicast flow when using PIM-SM or PIM-SSM.
Syntax
config router multicast-flow
edit <name>
set comments <string>
config flows
edit <muliticast-flow_entry_identifier>
set group-addr <224-239.xxx.xxx.xxx>
set group-addr-end <224-239.xxx.xxx.xxx>
set source-addr <IP_address>
end
end
Variable |
Description |
Default |
<name> |
Name of the multicast flow. |
No default |
<string> |
Enter an optional description of the multicast flow. |
No default |
<muliticast-flow_entry_identifier> |
Enter the multicast-flow entry identifier. |
No default |
group-addr <224-239.xxx.xxx.xxx> |
Enter the starting multicast group address (IPv4). |
0.0.0.0 |
group-addr-end <224-239.xxx.xxx.xxx> |
Optional. Enter the ending multicast group address (IPv4). The range must not overlap other defined ranges. |
0.0.0.0 |
source-addr <IP_address> |
Enter an IP address for the multicast source (IPv4). |
0.0.0.0 |
config router ospf
Use this command to configure OSPF routing for IPv4.
NOTE: You must have an advanced features license to use OSPF routing.
Syntax
config router ospf
set router-id <router_ipv4>
set abr-type {cisco | ibm | shortcut | standard}
set database-overflow {enable | disable}
set database-overflow-max-external-lsa <integer>
set database-overflow-time-to-recover <integer>
set distance-external <external_int>
set distance-inter-area <inter_int>
set distance-intra-area <intra_int>
set default-information-originate {always | disable | enable}
set default-information-metric <metric_int>
set default-information-metric-type {1 | 2}
set distance <distance_int>
set rfc1583-compatible {disable | enable}
set spf-timers <delay_int> <hold_int>
set log-neighbour-changes {disable | enable}
set passive-interface <name_str>
config area
edit <area_ipv4>
set shortcut {default | disable | enable}
set type {nssa | regular | stub}
set default-cost <cost_int>
set stub-type {no-summary | summary}
set nssa-translator-role {always | candidate | never}
config filter-list
edit <filter_int>
set direction {in | out}
set list <list_str>
end
end
config range
edit <range_int>
set advertise {enable | disable}
set prefix <xxx.xxx.xxx.xxx> <xxx.xxx.xxx.xxx>
set substitute <xxx.xxx.xxx.xxx> <xxx.xxx.xxx.xxx>
set substitute-status {enable | disable}
end
end
config virtual-link
edit <virtual_int>
set authentication {md5 | none | text}
set dead-interval <dead_int>
set hello-interval <hello_int>
set peer <peer_ipv4>
set retransmit-interval <retransmit_int>
set transmit-delay <transmit_int>
next
end
next
end
config interface
edit <interface_str>
set authentication {md5 | none | text}
set cost <cost_int>
set dead-interval <dead_int>
set hello-interval <hello_int>
set mtu <mtu_int>
set mtu-ignore {disable | enable}
set priority <pritority_int>
set retransmit-interval <retransmit_int>
set transmit-delay <transmit_int>
set ucast-ttl <1-255>
config md5-keys
edit <key_ID>
set key <MD5_key>
next
end
next
end
config network
edit <network_int>
set area <area_ipv4>
set prefix <xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx>
end
end
config summary-address
edit <summary_int>
set prefix <xxx.xxx.xxx.xxx> <xxx.xxx.xxx.xxx>
set tag <tag_int>
next
end
config distribute-list
edit <distribute_int>
set access-list <access_str>
set protocol {bgp | connected | isis | rip | static}
next
end
config redistribute {bgp | connected | isis | rip | static}
set status {disable | enable}
set metric <metric_int>
set routemap <routemap_str>
set metric-type {1 | 2}
set tag <0-2147483647>
end
config vrf
edit <VRF_ID>
set abr-type {cisco | ibm | shortcut | standard}
set database-overflow {enable | disable}
set database-overflow-max-external-lsa <integer>
set database-overflow-time-to-recover <integer>
set default-information-metric <metric_int>
set default-information-metric-type {1 | 2}
set default-information-originate {always | disable | enable}
set distance <distance_int>
set distance-external <external_int>
set distance-inter-area <inter_int>
set distance-intra-area <intra_int>
set log-neighbour-changes {disable | enable}
set passive-interface <name_str>
set rfc1583-compatible {disable | enable}
set router-id <router_ipv4>
set spf-timers <delay_int> <hold_int>
config area
edit <area_ipv4>
set shortcut {default | disable | enable}
set type {nssa | regular | stub}
set default-cost <cost_int>
set stub-type {no-summary | summary}
set nssa-translator-role {always | candidate | never}
config filter-list
edit <filter_int>
set direction {in | out}
set list <list_str>
end
end
config range
edit <range_int>
set advertise {enable | disable}
set prefix <xxx.xxx.xxx.xxx> <xxx.xxx.xxx.xxx>
set substitute <xxx.xxx.xxx.xxx> <xxx.xxx.xxx.xxx>
set substitute-status {enable | disable}
end
end
config virtual-link
edit <virtual_int>
set authentication {none | text}
set dead-interval <dead_int>
set hello-interval <hello_int>
set peer <peer_ipv4>
set retransmit-interval <retransmit_int>
set transmit-delay <transmit_int>
next
end
next
end
config interface
edit <interface_str>
set authentication {none | text}
set cost <cost_int>
set dead-interval <dead_int>
set hello-interval <hello_int>
set mtu <mtu_int>
set mtu-ignore {disable | enable}
set priority <pritority_int>
set retransmit-interval <retransmit_int>
set transmit-delay <transmit_int>
config md5-keys
edit <key_ID>
set key <MD5_key>
next
end
next
end
config network
edit <network_int>
set area <area_ipv4>
set prefix <xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx>
end
end
config summary-address
edit <summary_int>
set prefix <xxx.xxx.xxx.xxx> <xxx.xxx.xxx.xxx>
set tag <tag_int>
next
end
config distribute-list
edit <distribute_int>
set access-list <access_str>
set protocol {bgp | connected | isis | rip | static}
next
end
config redistribute {connected | rip | static}
set status {disable | enable}
set metric <metric_int>
set routemap <routemap_str>
set metric-type {1 | 2}
set tag <0-2147483647>
next
end
next
end
Variable |
Description |
Default |
router-id <router_ipv4> |
Required. Enter the IPv4 address of the OSPF router. |
No default |
abr-type {cisco | ibm | shortcut | standard} |
Enter the area border router (ABR) type. Set |
cisco |
database-overflow {enable | disable} |
Enable or disable protection against link-state database overflow. |
disable |
database-overflow-max-external-lsa <integer> |
Set the maximum number of external link-state advertisements (LSAs) that are allowed in the link-state database. The value range is 0-2147483647. This option is available only if |
10000 |
database-overflow-time-to-recover <integer> |
Set the number of seconds before the router originates any external LSAs. The value range is 0-65535 seconds. This option is available only if |
300 |
distance-external <external_int> |
Set the OSPF route administrative external distance. The value range is from 0 to 255. |
No default |
distance-inter-area <inter_int> |
Set the OSPF route administrative inter-area distance. The value range is from 0 to 255. |
No default |
distance-intra-area <intra_int> |
Set the OSPF route administrative intra-area distance. The value range is from 0 to 255. |
No default |
default-information-originate {always | disable | enable} |
Enable or disable the generation of the default route into all external routing capable areas using the metric specified by the |
disable |
default-information-metric <metric_int> |
Set the metric value for the default route. The value range is from 1 to 16777214. |
10 |
default-information-metric-type {1 | 2} |
Set the metric type for the default route. |
2 |
distance <distance_int> |
Set the OSPF route administrative distance. The value range is from 1 to 255. |
110 |
rfc1583-compatible {disable | enable} |
Enable or disable RFC1583 compatibility. |
disable |
spf-timers <delay_int> <hold_int> |
Set the number of seconds before the shortest path first (SPF) is calculated and the number of seconds between consecutive SPF calculations. The range for each value is from 0 to 600. |
5 10 |
log-neighbour-changes {disable | enable} |
Enable or disable the logging of changes to the OSPF neighbor. |
enable |
passive-interface <name_str> |
Select which interface to set to passive mode. NOTE: You need to add the interface prefix under the |
No default |
config area |
Configure the OSPF area. |
|
<area_ipv4> |
Enter the IP address for the area. |
No default |
shortcut {default | disable | enable} |
Enable or disable whether shortcuts are allowed in the area. |
default |
type {nssa | regular | stub} |
Set the area type. NOTE: This field is not applicable for the backbone area (0.0.0.0), which is set to |
regular |
default-cost <cost_int> |
If the area type is stub or not-so-stubby area (NSSA), set the cost of default-summary LSAs announced to stubby areas. The value range is 0-2147483647. |
1 |
stub-type {no-summary | summary} |
If the area type is stub or NSSA, set whether inter-area summaries can be used. |
summary |
nssa-translator-role {always | candidate | never} |
If the area type is NSSA, set the type of NSSA translator role. |
candidate |
config filter-list |
Configure the OSPF area filter list. |
|
<filter_int> |
Enter the filter list identifier. |
No default |
direction {in | out} |
Set the direction to or from the area for the prefix list and access list. |
out |
list <list_str> |
Enter the access-list name or prefix-list name for the area. |
No default |
config range |
Configure the OSPF area range. |
|
<range_int> |
Enter the range list identifier. |
No default |
advertise {enable | disable} |
Enable or disable the advertise status. If this option is set to |
enable |
prefix <xxx.xxx.xxx.xxx> <xxx.xxx.xxx.xxx> |
Enter the summary prefix. |
0.0.0.0 0.0.0.0 |
substitute <xxx.xxx.xxx.xxx> <xxx.xxx.xxx.xxx> |
Enter the substitute prefix. |
0.0.0.0 0.0.0.0 |
substitute-status {enable | disable} |
Enable or disable whether the substitute prefix is used instead of the prefix. |
disable |
config virtual-link |
Configure the OSPF virtual link. |
|
<virtual_int> |
Enter the virtual-link identifier. |
No default |
authentication {md5 | none | text} |
Set the authentication type. |
none |
dead-interval <dead_int> |
Enter the dead interval. |
40 |
hello-interval <hello_int> |
Enter the hello interval. |
10 |
peer <peer_ipv4> |
Enter the IP address of the virtual link neighbor. |
0.0.0.0 |
retransmit-interval <retransmit_int> |
Set the time between retransmitting lost link-state advertisement packets. |
5 |
transmit-delay <transmit_int> |
Enter the link-state packet transmit delay. |
1 |
config md5-keys |
These commands are applicable only when the virtual-link |
|
<key_ID> |
Enter the MD5 key identifier. |
No default |
<MD5_key> |
Enter a string up to 16 characters. |
No default |
config interface |
Configure the OSPF interface. |
|
<interface_str> |
Enter the OSPF interface name. |
No default |
authentication {md5 | none | text} |
Set the authentication type for OSPF packets. |
none |
bfd {disable | enable} |
Enable or disable BFD on this interface. |
disable |
cost <cost_int> |
Enter the link cost on this interface. The value range is 0-65535. Set this option to 0 for auto-cost. |
10 |
dead-interval <dead_int> |
Enter the dead interval. |
40 |
hello-interval <hello_int> |
Enter the hello interval. |
10 |
mtu <mtu_int> |
Enter the maximum transmission unit (MTU) size in bytes for the database description packets. The value range is 576-65535. |
Not set |
mtu-ignore {disable | enable} |
Set whether to use the MTU size. |
disable |
priority <priority_int> |
Set the router priority for this interface. the router with the highest priority is more eligible to become the designated router. Setting the option to 0 makes the router ineligible to become the designated router. The value range is 0-255. |
1 |
retransmit-interval <retransmit_int> |
Set the time between retransmitting lost link-state advertisement packets. |
5 |
transmit-delay <transmit_int> |
Enter the link-state transmit delay. |
1 |
ucast-ttl <1-255> |
Specify how many seconds unicast messages are kept. |
0 |
config md5-keys |
Use these commands to add MD5 keys for the OSPF interface. These commands are applicable only when the interface |
|
<key_ID> |
Enter the MD5 key identifier. |
No default |
<MD5_key> |
Enter a string up to 16 characters. |
No default |
config network |
Use these commands to enable or disable OSPF on an IP network. |
|
<network_int> |
Enter the network identifier. |
No default |
<area_ipv4> |
Enter the IPv4 address for the area. |
No default |
prefix <xxx.xxx.xxx.xxx> <xxx.xxx.xxx.xxx> |
Enter the IPv4 address and netmask. |
No default |
config summary-address |
Configure the aggregate address for redistributed routes. |
|
<summary_int> |
Enter the identifier for the summary address. |
No default |
prefix <xxx.xxx.xxx.xxx> <xxx.xxx.xxx.xxx> |
Enter the IPv4 address and netmask. |
No default |
set tag <tag_int> |
Enter the tag value. The range is 0-2147483647. |
0 |
config distribute-list |
Confgure the redistribute routes filter. |
|
<distribute_int> |
Enter the distribute list identifier. |
No default |
access-list <access_str> |
Enter the access list name. |
No default |
protocol {bgp | connected | isis | rip | static} |
Set the protocol type. |
connected |
config redistribute {bgp | connected | isis | rip | static} |
Use these commands for the redistribute configuration. |
|
redistribute {bgp | connected | isis | rip | static} |
Set the type of network to redistribute. |
No default |
status {disable | enable} |
Enable or disable the redistribution. |
disable |
metric <metric_int> |
Enter the metric for redistributed routes. |
10 |
routemap <routemap_str> |
Enter the route map name to filter the redistributed routes. Only the route maps for this protocol are listed. |
No default |
metric-type {1 | 2} |
Set the metric type of redistributed routes. |
2 |
tag <0-2147483647> |
Set the tag value. |
No default |
config vrf |
Use these commands to create multiple routing tables within the same router.
|
|
<VRF_ID> |
Use the same VRF identifier that was configured under the |
No default |
Example
This example shows how to set the router identifier, create an area, configure the OSPF interface, create the network (set the network prefix and associate with an area), configure the IPv4 address summary, and redistribute the routes:
config router ospf
set router-id 20.1.1.1
config area
edit 0.0.0.0
next
edit 0.0.0.1
next
end
config interface
edit "ospf_1"
set interface "vlan10"
next
edit "ospf_2"
set interface "vlan20"
next
end
config network
edit 1
set area 0.0.0.1
set prefix 20.1.1.0 255.255.255.0
next
edit 2
set area 0.0.0.0
set prefix 10.1.1.0 255.255.255.0
next
end
config summary-address
edit 1
set prefix 40.1.0.0 255.255.0.0
next
end
config redistribute "connected"
set status enable
end
end
config router ospf6
Use this command to configure open shortest path first (OSPF) routing for IPv6.
NOTE: You must have an advanced features license to use OSPF routing.
Syntax
config router ospf6
set router-id <router_ipv4>
set spf-timers <delay_int> <hold_int> <max_int>
set log-neighbor-changes {disable | enable}
config area
edit <area_ipv4>
set type {regular | stub}
set stub-type {summary | no-summary}
config filter-list
edit <filter_int>
set direction {in | out}
set list <list_str>
next
end
config range
edit <range_int>
set advertise {enable | disable}
set prefix <xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx>
next
end
next
end
config interface
edit <interface_str>
set area-id <Required_IPv4_address>
set bfd {disable | enable}
set cost <cost_int>
set dead-interval <dead_int>
set hello-interval <hello_int>
set passive {disable | enable}
set priority <pritority_int>
set retransmit-interval <retransmit_int>
set status {enable | disable}
set transmit-delay <transmit_int>
next
end
config redistribute {connected | static}
set status {disable | enable}
set routemap <routemap_str>
end
end
Variable |
Description |
Default |
router-id <router_ipv4> |
Required. Enter the IPv4 address of the OSPF router. |
No default |
spf-timers <delay_int> <hold_int> <max_int> |
Set the number of milliseconds to delay before the shortest path first (SPF) is calculated, the initial number of milliseconds between consecutive SPF calculations, and the maximum number of milliseconds between consecutive SPF calculations. The range for each value is from 0 to 600. |
5 10 10 |
log-neighbor-changes {disable | enable} |
Enable or disable the logging of changes to the OSPF neighbor |
enable |
config area |
Configure the OSPF6 area. |
|
<area_ipv4> |
Enter the IPv4 address for the area. |
No default |
type {regular | stub} |
Set the area type to regular or stub. |
regular |
stub-type {summary | no-summary} |
If the |
summary |
config filter-list |
Configure the OSPF6 area filter list. |
|
<filter_int> |
Enter the filter list identifier. |
No default |
direction {in | out} |
Set the direction to or from the area for the prefix list and access list. |
out |
list <list_str> |
Enter the IPv6 access-list name or IPv6 prefix-list name for the area. |
No default |
config range |
Configure the OSPF6 area range. |
|
<range_int> |
Enter the range list identifier. |
No default |
advertise {enable | disable} |
Enable or disable the advertise status. If this option is set to |
enable |
prefix <xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx> |
Required. Enter the IPv6 prefix. |
No default |
config interface |
Configure the OSPF6 interface. |
|
<interface_str> |
Enter the OSPF interface name. |
No default |
area-id <IPv4_address> |
Required. Enter the IPv4 address of the area. |
none |
bfd {disable | enable} |
Enable or disable bidirectional forwarding detection (BFD). |
disable |
cost <cost_int> |
Enter the link cost on this interface. The value range is 0-65535. |
10 |
dead-interval <dead_int> |
Enter the dead interval. |
40 |
hello-interval <hello_int> |
Enter the hello interval. |
10 |
passive {disable | enable} |
Enable or disable the passive interface. |
disable |
priority <priority_int> |
Set the router priority for this interface. the router with the highest priority is more eligible to become the designated router. Setting the option to 0 makes the router ineligible to become the designated router. The value range is 0-255. |
1 |
retransmit-interval <retransmit_int> |
Enter the time between retransmitting lost link-state advertisement packets. |
5 |
status {enable | disable} |
Enable or disable the IPv6 OSPF routing on this interface. |
enable |
transmit-delay <transmit_int> |
Enter the link-state transmit delay. |
1 |
config redistribute {connected | static} |
Use these commands for the redistribute configuration. |
|
status {disable | enable} |
Enable or disable the redistribution. |
disable |
routemap <routemap_str> |
Enter the route map name to filter the redistributed routes. Only the route maps for this protocol are listed. |
No default |
Example
This example shows how to set the router identifier, create an area, configure the OSPF interface, and redistribute the routes:
config router ospf6 set router-id 10.11.101.1 config area edit 0.0.0.1 config filter-list edit 1 set direction in set list access1 next end config range edit 1 set advertise disable set prefix 3f2e:6a8b:78a3:0d82:1725:6a2f:0370:6234/96 next end end config interface edit vlan35 set area 0.0.0.1 set cost 100 set priority 100 set status enable next end config redistribute connected set status enable end end
config router policy
Use this command to create a policy to control routing.
Syntax
config router policy
config nexthop-group
edit <name_of_next-hop_group>
config nexthop
edit <configuration_identifier>
set nexthop-ip <IPv4_address>
set nexthop-vrf-name <string>
next
end
next
end
config pbr-map
edit <PBR_map_name>
set comments <string>
config rule
edit <rule_sequence_number>
set src <IPv4_address_mask>
set dst <IPv4_address_mask>
set nexthop-ip <IPv4_address>
set nexthop-vrf-name <string>
set nexthop-group name <string>
next
end
next
end
config interface
edit <interface_name>
set pbr-map-name <PBR_policy_map_name>
next
end
end
Variable |
Description |
|
config nexthop-group | Configure the next-hop group using equal-cost multi-path (ECMP) routing. | |
<name_of_next-hop_group> | Enter the name of the next-hop group. | No default |
config nexthop | Configure the next hop. | |
<configuration_identifier> | Enter the configuration identifier. | No default |
nexthop-ip <IPv4_address> | Enter the IPv4 address of the next hop. | 0.0.0.0 |
nexthop-vrf-name <string> | Enter the virtual routing and forwarding (VRF) instance name. | No default |
config pbr-map | Configure the policy-based routing (PBR) map . | |
<PBR_map_name> | Enter the name of the PBR map. | No default |
comments <string> | Enter a descriptive comment. | No default |
config rule | Configure the PBR rule. | |
<rule_sequence_number> | Enter a rule identifier. The range of values is 1-10000. | No default |
src <IPv4_address_mask> | Enter the source IPv4 address and mask. | 0.0.0.0 0.0.0.0 |
dst <IPv4_address_mask> | Enter the destination IPv4 address and mask. | 0.0.0.0 0.0.0.0 |
nexthop-ip <IPv4_address> | Enter the IPv4 address of the next hop. | 0.0.0.0 |
nexthop-vrf-name <string> | Enter the name of the VRF instance that the next-hop address belongs to. If the name is not specified, the default VRF is used. | No default |
nexthop-group name <string> | Enter the next-hop group name. This setting is used for ECMP. | No default |
config interface | Configure the interface. | |
<interface_name> | Enter the name of the interface to configure. | No default |
pbr-map-name <PBR_map_name> | Enter the name of the PBR map. The PBR map is created with the config pbr-map command. |
No default |
Example
This example creates the “pbrmap1” policy for vlan10, which is an ingress switch virtual interface (SVI). The policy has three rules:
- Rule 1 finds packets with a source address of 22.1.1.0/24 and forwards them to the next hop, 12.1.1.2, which belongs to the default VRF instance.
- Rule 2 finds packets with a destination address of 33.1.1.0/24 and forwards them to the ECMP route with the two next-hop IP addresses in the next-hop group . Both next hops belong to the default VRF instance.
- Rule 3 finds packets with a destination address of 11.1.1.0/24 and forwards them to the next hop, 13.1.1.2, which belongs to the “vrfv4” VRF instance.
config router policy
config nexthop-group
edit "nhgroup1"
config nexthop
edit 1
set nexthop-ip 12.1.1.4
next
edit 2
set nexthop-ip 12.1.1.5
next
end
next
end
config pbr-map
edit "pbrmap1"
config rule
edit 1
set src 22.1.1.0 255.255.255.0
set nexthop-ip 12.1.1.2
next
edit 2
set dst 33.1.1.0 255.255.255.0
set nexthop-group-name "nhgroup1"
next
edit 3
set src 11.1.1.0 255.255.255.0
set nexthop-ip 13.1.1.2
set nexthop-vrf-name "vrfv4"
next
end
next
end
config interface
edit "vlan10"
set pbr-map-name "pbrmap1"
next
end
end
config router prefix-list
Use this command to configure IPv4 prefix-based filtering.
Syntax
config router prefix-list
edit <list_int>
set comments <comment_str>
config rule
edit <rule_int)
set action {deny | permit}
set prefix {<xxx.xxx.xxx.xxx> <xxx.xxx.xxx.xxx> | any}
set ge <ge_int>
set le <le_int>
end
end
end
Variable |
Description |
Default |
<list_int> |
Enter the prefix list identifier. |
No default |
comments <comment_str> |
Enter a descriptive comment. |
No default |
config rule |
Configure the prefix-list rule. |
|
<rule_int> |
Enter the rule identifier. |
No default |
action {deny | permit} |
Set the action to |
permit |
prefix {<xxx.xxx.xxx.xxx> <xxx.xxx.xxx.xxx> | any} |
Set the prefix to define regular filter criteria, such as any or subnets. |
0.0.0.0 0.0.0.0 |
ge <ge_int> |
Enter the minimum IPv4 prefix length to be matched. The value range is between 0 and 32. The prefix list is used if the prefix length is greater than or equal to this value. |
No default |
le <le_int> |
Enter the maximum IPv4 prefix length to be matched. The value range is between 0 and 32. The prefix list is used if the prefix length is less than or equal to this value. |
No default |
config router prefix-list6
Use this command to configure IPv6 prefix-based filtering.
Syntax
config router prefix-list6
edit <name_of_IPv6_prefix_list>
set comments <string>
config rule
edit <rule_ID>
set action {deny | permit}
set prefix6 {<IPv6_prefix> | any}
set ge <0-128>
set le <0-128>
next
end
end
Variable |
Description |
Default |
<name_of_IPv6_prefix_list> |
Enter the name of the IPv6 prefix list. |
No default |
comments <string> |
Enter a descriptive comment. |
No default |
config rule |
Configure the IPv6 prefix list rule. |
|
<rule_ID> |
Enter the rule identifier. |
No default |
action {deny | permit} |
Set the action to |
permit |
prefix6 {<IPv6_prefix> | any} |
Enter the IPV6 prefix to match or |
No default |
ge <0-128> |
Enter the minimum IPv6 prefix length to be matched. The IPv6 prefix list is used if the prefix length is greater than or equal to this value. |
No default |
le <0-128> |
Enter the maximum IPv6 prefix length to be matched. The IPv6 prefix list is used if the prefix length is less than or equal to this value. |
No default |
Example
This example shows how to specify which IPv6 prefixes are allowed in RA messages:
config router prefix-list6
edit "r4"
config rule
edit 1
set action deny
set prefix6 "2001:4:4:4::4/64"
set ge 65
set le 128
next
edit 2
set action permit
set prefix6 "any"
next
end
next
end
config router rip
Use these commands to configure RIP routing with IPv4 addresses.
NOTE: You must have an advanced features license to use RIP routing.
Syntax
config router rip
set bfd {disable | enable}
set default-information-originate {disable | enable}
set default-metric <defaultmetric_int>
set garbage-timer <garbage_int>
set passive-interface <name_str>
set timeout-timer <timeout_int>
set update-timer <update_int>
set version {1 | 2}
config distance
edit <distanceid_int>
set access-list <access_string>
set distance <distance_int>
set prefix <xxx.xxx.xxx.xxx> <xxx.xxx.xxx.xxx>
end
config distribute-list
edit <distribute_int>
set direction {in | out}
set interface <interface_str>
set listname <listname_str>
set status {disable | enable}
end
config interface
edit <interface_str>
set auth-keychain <keychain_str>
set auth-mode {md5 | none |text}
set auth-string <password_str>
set receive-version {1 | 2 | both | global}
set send-version {1 | 2 | both | global}
set split-horizon-status {disable | enable}
set split-horizon {poisoned | regular}
end
config neighbor
edit <neighbor_int>
set <neighbor_ipv4>
end
config network
edit <network_int>
set prefix <xxx.xxx.xxx.xxx> <xxx.xxx.xxx.xxx>
end
config offset-list
edit <offsetlist_int>
set access-list <accesslist_str>
set direction {in | out}
set interface {in | out}
set offset <offset_int>
set status {disable | enable}
end
config redistribute {bgp | connected | isis | ospf | static}
set status {disable | enable}
set metric <metric_int>
set routemap <routemap_str>
end
end
Variable |
Description |
Default |
bfd {disable | enable} |
Enable or disable BFD. |
disable |
default-information-originate {disable | enable} |
Enable or disable whether a default route is advertised. |
disable |
default-metric <defaultmetric_int> |
Enter the default metric for redistributed routes. This setting does not affect connected routes. The range of values is 1-16. Use the |
1 |
garbage-timer <garbage_int> |
Enter the number of seconds before a route is removed from the routing table. The range of values is 5-2147483647. |
120 |
passive-interface <name_str> |
Specify which interface to set to passive mode. You need to add the interface prefix under |
No default |
timeout-timer <timeout_int> |
Enter the number of seconds before a route is no longer valid. The route is not removed from the routing table until the neighboring RIP routers are notified that the route has been dropped. The range of values is 5-2147483647. |
180 |
update-timer <update_int> |
Enter the number of seconds between when the complete routing table is sent to neighboring RIP routers. The range of values is 5-2147483647. |
30 |
version {1 | 2} |
Set the RIP version for receiving and sending RIP packets. |
2 |
config distance |
Set the admin distance based on the route prefix and RIP neighbor IP. |
|
<distanceid_int> |
Enter the distance identifier. |
No default |
access-list <access_string> |
Enter the access list to match RIP routes. |
No default |
distance <distance_int> |
Enter the RIP admin distance. The value range is from 1 to 255. |
120 |
prefix <xxx.xxx.xxx.xxx> <xxx.xxx.xxx.xxx> |
Enter the RIP neighbor IP prefix. Enter 0.0.0.0/0 to match all RIP neighbors. |
0.0.0.0 0.0.0.0 |
config distribute-list |
Filter networks from routing updates. |
|
<distribute_int> |
Enter the distribute list identifier. |
No default |
direction {in | out} |
Set the list direction. |
out |
interface <interface_str> |
Enter the RIP interface name for the distribute list. |
No default |
listname <listname_str> |
Enter the access or prefix list name. |
No default |
status {disable | enable} |
Enable or disable whether the distribute list is used. |
disable |
config interface |
RIP interface configuration. |
|
<interface_str> |
Enter the interface name. |
No default |
auth-keychain <keychain_str> |
Enter the name of the keychain to use for this interface. |
No default |
auth-mode {md5 | none | text} |
Set the authentication mode used for packets.
RIP version 1 does not use authentication. If
NOTE: You must create a keychain first before you can use the MD5 authentication mode with RIP version 2. |
none |
auth-string <password_str> |
If the |
No default |
receive-version {1 | 2 | both | global} |
Set which version of RIP packets are accepted on this interface. Setting this option to |
global |
send-version {1 | 2 | both | global} |
Set which version of RIP packets are sent for this interface. Setting this option to |
global |
split-horizon-status {disable | enable} |
Enable or disable split horizon. |
enable |
split-horizon {poisoned | regular} |
Set the split-horizon type. |
regular |
config neighbor |
Specify a neighbor router. These commands are required only when OSPF runs on nonbroadcast media. |
|
<neighbor_int> |
Enter a RIP neighbor identifier. |
No default |
<neighbor_ipv4> |
Enter an IP address for a RIP neighbor. Use this command if a RIP neighbor does not accept multicast packets. |
0.0.0.0 |
config network |
Enable RIP routing on an IP network. |
|
<network_int> |
Enter a network identifier. |
No default |
prefix <xxx.xxx.xxx.xxx> <xxx.xxx.xxx.xxx> |
Enter the prefix. |
No default |
config offset-list |
Configure the offset list to modify the RIP metric. |
|
<offsetlist_int> |
Enter the offset list identifier. |
No default |
<accesslist_str> |
Enter the name of the access list. |
No default |
direction {in | out} |
Set the list direction. |
out |
interface {in | out} |
Set whether to filter incoming or outgoing packets. |
No default |
offset <offset_int> |
Enter the offset for incoming and outgoing metrics to routes learned using RIP. The value range is between 1 and 16. |
0 |
status {disable | enable} |
Enable or disable whether the offset list is used. |
enable |
config redistribute {bgp | connected | isis | ospf | static} |
Redistribute configuration. |
|
redistribute {bgp | connected | isis | ospf | staticc} |
Redistribute routes so that they are included in RIP routing. |
No default |
status {disable | enable} |
Enable or disable whether the routes are redistributed. |
disable |
metric <metric_int> |
Enter the metric of the redistributed routes. The value range is between 0 and 16. |
0 |
routemap <routemap_str> |
Enter the route map name to filter the redistributed routes. Only the route maps for this protocol are listed. |
No default |
Example
This example shows how to configure the RIP router and add authentication:
config router rip
config network
edit 1
set prefix 170.38.65.0/24
next
edit 2
set prefix 128.8.0.0/16
next
end
config interface
edit "vlan35"
set auth-mode text
set auth-string simplepw1
next
end
end
config router ripng
Use these commands to configure RIP routing with IPv6 addresses.
NOTE: You must have an advanced features license to use RIP routing.
Syntax
config router ripng
set bfd {disable | enable}
set default-information-originate {disable | enable}
set default-metric <defaultmetric_int>
set garbage-timer <garbage_int>
set timeout-timer <timeout_int>
set update-timer <update_int>
config aggregate-address
edit <aggregate-address_entry_ID_int>
set prefix6 <xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx>
end
config distribute-list
edit <distribute_int>
set direction {in | out}
set interface <interface_str>
set listname <listname_str>
set status {disable | enable}
end
config interface
edit <interface_str>
set passive {disable | enable}
set split-horizon-status {disable | enable}
set split-horizon {poisoned | regular}
end
config offset-list
edit <offsetlist_int>
set access-list6 <accesslist_str>
set direction {in | out}
set interface {in | out}
set offset <offset_int>
set status {disable | enable}
end
config redistribute {bgp | connected | isis | ospf6 | static}
set status {disable | enable}
set metric <metric_int>
set routemap <routemap_str>
end
end
Variable |
Description |
Default |
bfd {disable | enable} |
Enable or disable BFD. |
disable |
default-information-originate {disable | enable} |
Enable or disable whether a default route is advertised. |
disable |
default-metric <defaultmetric_int> |
Enter the default metric for redistributed routes. This setting does not affect connected routes. Use the |
1 |
garbage-timer <garbage_int> |
Enter the number of seconds before a route is removed from the routing table after it is no longer valid. The range of values is 5-2147483647. |
120 |
timeout-timer <timeout_int> |
Enter the number of seconds before a route is no longer valid. The route is not removed from the routing table until the garbage timer expires. The range of values is 5-2147483647. |
180 |
update-timer <update_int> |
Enter the number of seconds between when the complete routing table is sent to neighboring RIP routers. The range of values is 5-2147483647. |
30 |
config aggregate-address |
Set the aggregate RIPng route announcement. |
|
<aggregate-address_entry_ID_int> |
Enter the identifier for the aggregate-address entry. |
No default |
prefix6 <xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx> |
Enter the IPv6 prefix. |
No default |
config distribute-list |
Filter networks in routing updates. |
|
<distribute_int> |
Enter the distribute list identifier. |
No default |
direction {in | out} |
Set the list direction. |
out |
interface <interface_str> |
Enter the RIP interface name for the distribute list. |
No default |
listname <listname_str> |
Enter the IPv6 access or prefix list name. |
No default |
status {disable | enable} |
Enable or disable whether the distribute list is used. |
enable |
config interface |
RIPng interface configuration. |
|
<interface_str> |
Enter the interface name. |
No default |
passive {disable | enable} |
Enable or disable whether to suppress routing updates on an interface. |
disable |
split-horizon-status {disable | enable} |
Enable or disable split horizon. |
enable |
split-horizon {poisoned | regular} |
Set the split-horizon type. |
regular |
config offset-list |
Configure the offset list to modify the RIPng metric. |
|
<offsetlist_int> |
Enter the offset list identifier. |
No default |
access-list6 <accesslist_str> |
Enter the name of the IPv6 access list. |
No default |
direction {in | out} |
Set the list direction. |
out |
interface {in | out} |
Set the interface to which the offset-list will be applied. |
No default |
offset <offset_int> |
Enter the offset for incoming and outgoing metrics to routes learned using RIP. The value range is between 1 and 16. |
0 |
status {disable | enable} |
Enable or disable whether the offset list is used. |
enable |
config redistribute {bgp | connected | isis | ospf6 | static} |
Redistribute configuration. |
|
status {disable | enable} |
Enable or disable whether the routes are redistributed. |
disable |
metric <metric_int> |
Enter the metric of the redistributed routes. The value range is between 0 and 16. |
0 |
routemap <routemap_str> |
Enter the route map name to filter the redistributed routes. Only the route maps for this protocol are listed. |
No default |
config router route-map
Use this command to configure a route map for BGP, IS-IS, OSPF, or RIP routing.
NOTE: You must have an advanced features license to use BGP, IS-IS, OSPF, or RIP routing.
Syntax
config router route-map
edit <routemap_str>
set comments <comments_str>
set protocol {bgp | isis | isis6 | ospf | ospf6 | rip | ripng | zebra}
config rule
edit <rule_int>
set action {deny | permit}
set match-as-path <string>
set match-community <string>
set match-interface {<interface_str> | internal | mgmt}
set match-ip-address <address_str>
set match-ip6-address <access-list6 or prefix-list6>
set match-ip-nexthop <nexthop_str>
set match-metric <metric_int>
set match-origin {egp | igp | incomplete | none}
set match-tag <tag_int>
set set-aggregator-as <1-4294967295>
set set-aggregator-ip <IPv4_address>
set set-aspath <1-4294967295>
set set-atomic-aggregate {enable | disable}
set set-community-delete <string>
set set-community <community>
set set-extcommunity-rt <community>
set set-extcommunity-soo <community>
set set-ip-nexthop <class_ipv4>
set set-ip6-nexthop <IPv6_address>
set set-ip6-nexthop-local <IPv6_address>
set set-local-preference <1-4294967295>
set set-metric <setmetric_int>
set set-metric-type {1 | 2}
set set-origin {egp | igp | incomplete | none}
set set-originator-id <IP_address>
set set-tag <settag_int>
set set-weight <0-2147483647>
end
end
end
Variable |
Description |
Default |
<routemap_str> |
Enter the name for the individual route map. |
No default |
comments <comments_str> |
Enter a descriptive comment. |
No default |
protocol {bgp | isis | isis6 | ospf | ospf6 | rip | ripng | zebra} |
Mandatory. Set the protocol to BGP, IS-IS, OSPF (IPv4 or IPv6), RIP (IPv4 or IPv6), or the core router daemon. |
No default |
config rule |
Configure the route-map rule. |
|
<rule_int> |
Enter the rule identifier. |
No default |
action {deny | permit} |
Set whether the rule permits or denies routes that match this rule. |
permit |
match-as-path <string> |
Match the BGP Autonomous System (AS) path list. |
No default |
match-community <string> |
Match the BGP community list. |
No default |
match-interface {<interface_str> | internal | mgmt} |
Set which interface will be matched. |
No default |
match-ip-address <address_str> |
Match the IPv4 address permitted by the IPv4 access list or IPv4 prefix list. |
No default |
match-ip6-address <access-list6 or prefix-list6> |
Match the IPv6 address permitted by the IPv6 access list or IPv6 prefix list. |
No default |
match-ip-nexthop <nexthop_str> |
Match the next-hop IP address passed by the access list or prefix list. |
No default |
match-metric <metric_int> |
Enter the metric to be matched for redistributed routes. The value range is 0-2147483647. |
0 |
match-origin {egp | igp | incomplete | none} |
Match the BGP origin code:
|
none |
match-tag <tag_int> |
Enter the tag to be matched. The value range is 0-2147483647. |
0 |
set-aggregator-as <1-4294967295> |
Set the BGP aggregator AS. |
No default |
set-aggregator-ip <IPv4_address> |
Set the IPv4 address for the BGP aggregator.
This option is visible only when set-aggregator-as is set. |
0.0.0.0 |
set-aspath <1-4294967295> |
Prepend the BGP AS path attribute. Use quotation marks for repeating numbers, for example: |
No default |
set-atomic-aggregate {enable | disable} |
Enable or disable the BGP atomic aggregate attribute. |
disable |
set-community-delete <string> |
Delete communities matching the community list. |
No default |
set-community <community> |
Set the BGP community attribute:
|
No default |
set-extcommunity-rt <community> |
Set the Route-Target extended community: AA:NN |
No default |
set-extcommunity-soo <community> |
Set the Site-of-Origin extended community: AA:NN |
No default |
set-ip-nexthop <class_ipv4> |
Enter the IPv4 address of the next hop. |
0.0.0.0 |
set-ip6-nexthop <IPv6_address> |
Enter the IPv6 global address of the next hop. |
No default |
set-ip6-nexthop-local <IPv6_address> |
Enter the IPv6 local address of the next hop. |
No default |
set-local-preference <1-4294967295> |
Set the BGP local-preference path attribute. |
0 |
set-metric <setmetric_int> |
Enter the route metric value. The value range is 0-2147483647. |
0 |
set-metric-type {1 | 2} |
Set the metric type to external-type1 or external-type2. |
external-type1 |
set-origin {egp | igp | incomplete | none} |
Set the BGP origin code:
|
none |
set-originator-id <IP_address> |
Set the BGP originator ID attribute. |
0.0.0.0 |
set-tag <settag_int> |
Enter the route tag value. The value range is 0-2147483647. |
0 |
set-weight <0-2147483647> |
Set the BGP weight for the routing table. |
0 |
Example
This example shows how to configure the RIP router and add authentication:
config router route-map
edit myroutemap
set comments "route map for RIP routing"
set protocol rip
config rule
edit 1
set action permit
set match-interface internal
set match-metric 12
set match-tag 36
set set-ip-nexthop 128.8.0.0
set auth-mode text
set set-metric 48
set set-tag 72
end
end
config router setting
Use this command to filter incoming protocol routes in RIB. You can filter protocol routes so that they are not added in the RIB routing table.
NOTE: You must have an advanced features license to use BGP, IS-IS, OSPF, or RIP routing.
Syntax
config router setting
config filter-list
edit <filter_list_ID>
set protocol {any | any6 | bgp | bgp6 | isis | isis6 | ospf | ospf6 | rip | ripng | static | static6}
set route-map <route_map_name>
end
end
Variable |
Description |
Default |
<filter_list_ID> |
Enter a filter-list identifier. |
No default |
protocol {any | any6 | bgp | bgp6 | isis | isis6 | ospf | ospf6 | rip | ripng | static | static6} |
Specify which protocol routes that the filter will be applied to:
|
No default |
route-map <route_map_name> |
Enter the route map name. Only a route map created with the protocol set to |
No default |
Example
This example shows how to filter incoming protocol routes in RIB:
config router setting
config filter-list
edit 2
set protocol ospf
set route-map myroutemap
end
end
config router static
Use this command to add, edit, or delete static routes for IPv4 traffic.
You add static routes to manually control traffic exiting the FortiSwitch unit. You configure routes by specifying destination IP addresses and network masks and adding gateways for these destination addresses. Gateways are the next-hop routers to which traffic that matches the destination addresses in the route are forwarded.
Syntax
config router static
edit <sequence_number>
set bfd {enable | disable}
set blackhole {enable | disable}
set comment <comment_str>
set device <interface_name>
set distance <1-255>
set dst <destination-address_IPv4mask>
set dynamic-gateway {enable | disable}
set gateway <gateway-address_IPv4>
set status {enable | disable}
set vrf <string>
end
Variable |
Description |
Default |
<sequence_number> |
Enter a sequence number for the static route. |
No default |
bfd {enable | disable} |
Enable or disable Bidirectional Forwarding for the route gateway. |
disable |
blackhole {enable | disable} |
Enable or disable dropping all packets that match this route. |
disable |
comment <comment_str> |
Optionally enter a descriptive comment. |
No default |
device <interface_name> |
Enter the name of the interface through which to route traffic. Enter ‘?’ to see a list of interfaces. |
No default |
distance <1-255> |
Enter the administrative distance for the route. The range is an integer from 1-255. |
10 |
dst <destination-address_IPv4mask> |
Enter the destination IPv4 address and network mask for this route.
You can enter |
0.0.0.0 0.0.0.0 |
dynamic-gateway {enable | disable} |
When enabled, the route gateway IP is obtained using DHCP running on the provided routeʼs device interface. |
disable |
gateway <gateway-address_IPv4> |
Enter the IPv4 address of the next-hop router to which traffic is forwarded. |
No default |
status {enable | disable} |
Enable this setting for the route to be added to the routing table. |
enable |
vrf <string> |
Assign the specified virtual routing and forwarding (VRF) instance to this static route. After the static route is created, the VRF instance cannot be changed or unset. |
No default |
Example
This example shows how to configure a static route:
config router static
edit 1
set gateway 192.168.0.10
set status enable
end
end
config router static6
Use this command to add, edit, or delete static routes for IPv6 traffic.
You add static routes to manually control traffic exiting the FortiSwitch unit. You configure routes by specifying destination IP addresses and network masks and adding gateways for these destination addresses. Gateways are the next-hop routers to which traffic that matches the destination addresses in the route are forwarded.
Syntax
config router static6
edit <sequence_number>
set bfd {enable | disable}
set blackhole {enable | disable}
set comment <comment_str>
set device <interface_name>
set distance <1-255>
set dst <destination-address_IPv6mask>
set gateway <gateway-address_IPv6>
set status {enable | disable}
set vrf <string>
end
|
The |
Variable |
Description |
Default |
<sequence_number> |
Enter a sequence number for the static route. |
No default |
bfd {enable | disable} |
Enable or disable bidirectional forwarding detection (BFD) for the gateway. |
disable |
blackhole {enable | disable} |
Enable or disable dropping all packets that match this route. |
disable |
comment <comment_str> |
Optionally enter a descriptive comment. |
No default |
device <interface_name> |
Enter the name of the interface through which to route traffic. Enter ‘?’ to see a list of interfaces. |
No default |
distance <1-255> |
Enter the administrative distance for the route. The range is an integer from 1-255. |
10 |
dst <destination-address_IPv6mask> |
Enter the destination IPv6 address and network mask for this route. |
::/0 |
gateway <gateway-address_IPv6> |
Enter the IPv6 address of the next-hop router to which traffic is forwarded. |
:: |
status {enable | disable} |
Enable this setting for the route to be added to the routing table. |
enable |
vrf <string> |
Assign the specified virtual routing and forwarding (VRF) instance to this static route. After the static route is created, the VRF instance cannot be changed or unset. |
No default |
Example
This example shows how to configure a static route for IPv6 traffic:
config router static6
edit 1
set dst 5555::/64
set gateway 4000::2
set status enable
end
end
config router vrf
Use these commands to create virtual routing and forwarding (VRF) instances.
Syntax
config router vrf
edit <VRF_name>
set vrfid <integer>
end
Variable |
Description |
Default |
<VRF_name> |
Enter the name of the VRF instance. The name cannot match the name of any switch virtual interface (SVI). |
No default |
vrfid <integer> |
Set the VRF identifier. The range of values is 1-1023. You cannot use 252, 253, 254, or 255. After the VRF instance is created, the VRF ID cannot be changed. |
0 |
Example
This example shows how to configure two VRF instances:
config router vrf
edit vrfv4
set vrfid 1
next
edit vrfv6
set vrfid 2
next
end