Fortinet white logo
Fortinet white logo

Administration Guide

RIP

RIP

NOTE: You must have an advanced features license to use RIP routing.

The Routing Information Protocol (RIP) is a distance-vector routing protocol that works best in small networks that have no more than 15 hops. Each router maintains a routing table by sending out its routing updates and by asking neighbors for their routes. RIP is relatively simple to configure on FortiSwitch units but slow to respond to network outages. RIP routing is better than static routing but less scalable than open shortest path first (OSPF) routing.

The FortiSwitch unit supports RIP version 1 and RIP version 2:

  • RIP version 1 uses classful addressing and broadcasting to send out updates to router neighbors. It does not support different sized subnets or classless inter-domain routing (CIDR) addressing.
  • RIP version 2 supports classless routing and subnets of various sizes. Router authentication supports MD5 and authentication keys. Version 2 uses multicasting to reduce network traffic.

RIP uses three timers:

  • The update timer determines the interval between routing updates. The default setting is 30 seconds.
  • The timeout timer is the maximum time that a route is considered reachable while no updates are received for the route. The default setting is 180 seconds. The timeout timer setting should be at least three times longer than the update timer setting.
  • The garbage timer is the is the how long that the FortiSwitch unit advertises a route as being unreachable before deleting the route from the routing table. The default setting is 120 seconds.

You can enable bidirectional forwarding detection (BFD) with RIP. BFD is used to quickly locate hardware failures in the network. Routers running BFD communicate with each other, and, if a timer runs out on a connection, that router is declared to be down. BFD then communicates this information to RIP, and the routing information is updated.

When you configure RIP routing, you can choose the strategy the access list uses to permit or deny IP addresses:

  • Prefix—Specify the IP address and bit mask to allow or block.
  • Wildcard—Specify the Cisco-style filter to allow or block.

For additional information about RIP routing, see the RIP section of the FortiOS Administration Guide.

Terminology

Access list: A list of IP addresses and the action to take for each one. Access lists provide basic route and network filtering.

Active RIP interface: Each RIP router sends and receives updates by actively communicating with its neighbors.

Keychain: A list of one or more authentication keys including its lifetime, which is how long each key is valid.

Metric: RIP uses hop count as the metric for choosing the best route. A hop count of 1 represents a network that is connected directly to the FortiSwitch unit. A hop count of 16 represents a network that cannot be reached.

Passive RIP interface: The RIP router listens to updates from other routers but does not send out updates. A passive RIP interface reduces network traffic.

Prefix list: A more powerful prefix-based filtering mechanism. A prefix is an IP address and netmask.

Split horizon: A way to avoid routing loops.

Configuring RIP routing

NOTE: You must create a keychain first before you can use the MD5 authentication mode with RIP version 2.

To add a new keychain using the CLI:

config router key-chain

edit <keychain identifier>

next

end

Using the GUI and the prefix strategy:
  1. Create a switch virtual interface (SVI). See Switch virtual interfaces .
  2. Go to Router > Config > RIP > Settings.

    1. Select whether you want to use RIP version 1 or RIP version 2. RIP version 2 is the default.
    2. If you want to use BFD, select Bidirectional Forwarding Detection.
    3. If you want to use a default route, select Default Information Originate.
    4. If you want to change the default timer values, enter the number of seconds in the Update, Timeout, and Garbage fields.
    5. If you want to redistribute non-RIP routes, select Enable under Connected, Static, OSPF, BGP, or ISIS.
      • If you select Enable under Connected, enter the routing metric to use.
      • If you select Enable under Static, OSPF, BGP, or ISIS, select Override Metric if you do not want to use the default routing metric and then enter the routing metric to use.
    6. Enter the default routing metric to use for static routing, OSPF, BGP, and ISIS.
  3. Go to Router > Config > Access Lists and select Add Access List.
    1. Enter an identifier with one or more alphabetic characters.
    2. Enter an optional description of the access list.
    3. Select Add.
    4. Select Config Rules in the row for the access list that you just created.
    5. Select Add Rule.
    6. Enter an identifier (1-65535), select Deny or Permit to specify if the rule will block or allow the specified IP addresses, and enter the prefix.
    7. If you entered the complete IP address, select the Exact Match checkbox.
    8. Select Add Rule if you want to add more rules.
    9. After you have added all of the rules that you want in the access list, select Update to save the rules you added.
  4. Go to Router > Config > RIP > Distances and select Add RIP Distance.

    1. Enter the distance identifier in the Distance ID field.
    2. Enter the distance.
    3. Select the access list that you added in the previous step.
    4. Enter the IP address and netmask, separated with a space or with a slash. For example, enter 1.2.3.4/5 or 1.2.3.4 248.0.0.0.
    5. Select Add.
  5. Go to Router > Config > RIP > Networks and select Add Network.

    1. Enter a unique value to identify this network configuration.
    2. Enter an IP address and netmask for your RIP network, separated with a slash, and select Add. For example, enter 172.168.200.0/255.255.255.0. NOTE: Select an IP address for a network that includes all SVIs that you want to use. You can configure multiple network ranges to cover all SVIs that will be using RIP routing.
  6. Go to Router > Config > RIP > Interfaces and select Configure RIP for the appropriate interface.

    1. If you want to change the RIP version used to send and receive routing updates, select from the Send Version and Receive Version drop-down menus.
    2. If you do not want to send RIP updates from this interface, select Passive Interface.
    3. If you want to use authentication, select Text or MD5.
    4. Select Add.
Using the GUI and the wildcard strategy:
  1. Create a switch virtual interface (SVI). See Switch virtual interfaces .
  2. Go to Router > Config > RIP > Settings.

    1. Select whether you want to use RIP version 1 or RIP version 2. RIP version 2 is the default.
    2. If you want to use BFD, select Bidirectional Forwarding Detection.
    3. If you want to use a default route, select Default Information Originate.
    4. If you want to change the default timer values, enter the number of seconds in the Update, Timeout, and Garbage fields.
    5. If you want to redistribute non-RIP routes, select Enable under Connected, Static, OSPF, BGP, or ISIS.
      • If you select Enable under Connected, enter the routing metric to use.
      • If you select Enable under Static, OSPF, BGP, or ISIS, select Override Metric if you do not want to use the default routing metric and then enter the routing metric to use.
    6. Enter the default routing metric to use for static routing, OSPF, BGP, and ISIS.
  3. Go to Router > Config > Access Lists and select Add Access List.

    1. Enter an identifier with all digits (in the range of 1-99).
    2. Enter an optional description of the access list.
    3. Select Add.
    4. Select Config Rules in the row for the access list that you just created.
    5. Select Add Rule.
    6. Enter an identifier (1-65535), select Deny or Permit to specify if the rule will block or allow the specified IP addresses, and enter the Cisco-style wildcard filter.
    7. Select Add Rule if you want to add more rules.
    8. After you have added all of the rules that you want in the access list, select Update to save the rules you added.
  4. Go to Router > Config > RIP > Distances and select Add RIP Distance.

    1. Enter the distance identifier in the Distance ID field.
    2. Enter the distance.
    3. Select the access list that you added in the previous step.
    4. Enter the IP address and netmask, separated with a space or with a slash. For example, enter 1.2.3.4/5 or 1.2.3.4 248.0.0.0.
    5. Select Add.
  5. Go to Router > Config > RIP > Networks and select Add Network.

    1. Enter a unique value to identify this network configuration.
    2. Enter an IP address and netmask for your RIP network, separated with a slash, and select Add. For example, enter 172.168.200.0/255.255.255.0. NOTE: Select an IP address for a network that includes all SVIs that you want to use. You can configure multiple network ranges to cover all SVIs that will be using RIP routing.
  6. Go to Router > Config > RIP > Interfaces and select Configure RIP for the appropriate interface.

    1. If you want to change the RIP version used to send and receive routing updates, select from the Send Version and Receive Version drop-down menus.
    2. If you do not want to send RIP updates from this interface, select Passive Interface.
    3. If you want to use authentication, select Text or MD5.
    4. Select Add.
Using the CLI for IPv4 traffic:

config router access-list

edit <access_list_name>

set comments <comments>

config rule

edit <rule_int>

set action {deny | permit}

set prefix {<xxx.xxx.xxx.xxx> <xxx.xxx.xxx.xxx> | any}

set wildcard <IP_address>

set exact-match {enable | disable}

end

end

config router rip

set bfd {disable | enable}

set default-information-originate {disable | enable}

set garbage-timer <5-2147483647 seconds>

set timeout-timer <5-2147483647 seconds>

set update-timer <5-2147483647 seconds>

set default-metric <1-16>

config redistribute {bgp | connected | isis | ospf | static}

set status {disable | enable}

set metric <0-16>

end

config distance

edit <distance_ID>

set access-list <access_list_name>

set distance <1-255>

set prefix <IPv4_address> <netmask>

end

config network

edit <network identifier>

set prefix <IPv4_address> <netmask>

end

config interface

edit <interface_name>

set auth-keychain <keychain_str>

set auth-mode {md5 | none |text}

set auth-string <password_str>

set receive-version {1 | 2 | both | global}

set send-version {1 | 2 | both | global}

end

end

end

Using the CLI for IPv6 traffic:

config router access-list6

edit <access_list_name>

set comments <comments>

config rule

edit <rule_int>

set action {deny | permit}

set prefix6 {<xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx> | any}

set exact-match {enable | disable}

end

end

config router ripng

set bfd {disable | enable}

set default-information-originate {disable | enable}

set garbage-timer <5-2147483647 seconds>

set timeout-timer <5-2147483647 seconds>

set update-timer <5-2147483647 seconds>

set default-metric <1-16>

config redistribute {bgp | connected | isis | ospf6 | static}

set status {disable | enable}

set metric <0-16>

end

config offset-list

edit <offset-list_name>

set access-list6 <access-list_name>

set direction {in | out}

set interface {in | out}

set offset <1-16>

set status {disable | enable}

end

config aggregate-address

edit <aggregate-address_entry_ID>

set prefix6 <xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx>

end

config interface

edit <interface_name>

set passive {disable | enable}

set split-horizon-statsus {disable | enable}

set split-horizon {poisoned |regular}

end

end

end

Checking the RIP configuration

The get router info rip and get router info6 rip commands have options to display different aspects of the RIP configuration and status. For example, there are options to display the RIP general information and the RIP database:

get router info rip status

get router info6 rip status

get router info rip database

get router info6 rip database

Example configuration

The following example shows a very simple RIP network:

Switch 1: Configure the switch interface

config switch interface

edit "port9"

set allowed-vlans 35

next

edit "port7"

set allowed-vlans 85

next

end

Switch 1: Configure the system interface

config system interface

edit "vlan35"

set ip 170.38.65.1/24

set allowaccess ping https http ssh snmp telnet

set vlanid 35

next

edit "vlan85"

set ip 180.1.1.1/24

set allowaccess ping https http ssh snmp telnet

set vlanid 85

next

end

Switch 1: Configure the RIP router; add authentication between FortiSwitch 1 and FortiSwitch 2

config router rip

config network

edit 1

set prefix 170.38.65.0/24

next

edit 2

set prefix 180.1.1.0/24

next

end

config interface

edit "vlan35"

set auth-mode text

set auth-string simplepw1

next

end

end

Switch 1: Add a static route and redistribute it

config router static

edit 1

set dst 39.3.2.0 255.255.255.0

set gateway 180.1.1.2

set status enable

next

end

config router rip

config redistribute "static"

set status enable

next

end

Switch 2: Configure the switch interface

config switch interface

edit "port10"

set allowed-vlans 35

next

edit "port25"

set allowed-vlans 70

next

end

Switch 2: Configure the system interface

config system interface

edit "vlan35"

set ip 170.38.65.2/24

set allowaccess ping https http ssh snmp telnet

set vlanid 35

next

edit "vlan70"

set ip 128.8.2.1/16

set allowaccess ping https http ssh snmp telnet

set vlanid 70

next

end

Switch 2: Configure the RIP router; add authentication between FortiSwitch 1 and FortiSwitch 2

config router rip

config network

edit 1

set prefix 170.38.65.0/24

next

edit 2

set prefix 128.8.0.0/16

next

end

config interface

edit "vlan35"

set auth-mode text

set auth-string simplepw1

next

end

end

Switch 2: Add a connected route and redistribute it

config switch interface

edit "port6"

set allowed-vlans 25

next

end

config system interface

edit "vlan25"

set ip 100.20.40.1/24

set allowaccess ping https http ssh snmp telnet

set vlanid 25

next

end

config router rip

config redistribute "connected"

set status enable

next

end

RIP

RIP

NOTE: You must have an advanced features license to use RIP routing.

The Routing Information Protocol (RIP) is a distance-vector routing protocol that works best in small networks that have no more than 15 hops. Each router maintains a routing table by sending out its routing updates and by asking neighbors for their routes. RIP is relatively simple to configure on FortiSwitch units but slow to respond to network outages. RIP routing is better than static routing but less scalable than open shortest path first (OSPF) routing.

The FortiSwitch unit supports RIP version 1 and RIP version 2:

  • RIP version 1 uses classful addressing and broadcasting to send out updates to router neighbors. It does not support different sized subnets or classless inter-domain routing (CIDR) addressing.
  • RIP version 2 supports classless routing and subnets of various sizes. Router authentication supports MD5 and authentication keys. Version 2 uses multicasting to reduce network traffic.

RIP uses three timers:

  • The update timer determines the interval between routing updates. The default setting is 30 seconds.
  • The timeout timer is the maximum time that a route is considered reachable while no updates are received for the route. The default setting is 180 seconds. The timeout timer setting should be at least three times longer than the update timer setting.
  • The garbage timer is the is the how long that the FortiSwitch unit advertises a route as being unreachable before deleting the route from the routing table. The default setting is 120 seconds.

You can enable bidirectional forwarding detection (BFD) with RIP. BFD is used to quickly locate hardware failures in the network. Routers running BFD communicate with each other, and, if a timer runs out on a connection, that router is declared to be down. BFD then communicates this information to RIP, and the routing information is updated.

When you configure RIP routing, you can choose the strategy the access list uses to permit or deny IP addresses:

  • Prefix—Specify the IP address and bit mask to allow or block.
  • Wildcard—Specify the Cisco-style filter to allow or block.

For additional information about RIP routing, see the RIP section of the FortiOS Administration Guide.

Terminology

Access list: A list of IP addresses and the action to take for each one. Access lists provide basic route and network filtering.

Active RIP interface: Each RIP router sends and receives updates by actively communicating with its neighbors.

Keychain: A list of one or more authentication keys including its lifetime, which is how long each key is valid.

Metric: RIP uses hop count as the metric for choosing the best route. A hop count of 1 represents a network that is connected directly to the FortiSwitch unit. A hop count of 16 represents a network that cannot be reached.

Passive RIP interface: The RIP router listens to updates from other routers but does not send out updates. A passive RIP interface reduces network traffic.

Prefix list: A more powerful prefix-based filtering mechanism. A prefix is an IP address and netmask.

Split horizon: A way to avoid routing loops.

Configuring RIP routing

NOTE: You must create a keychain first before you can use the MD5 authentication mode with RIP version 2.

To add a new keychain using the CLI:

config router key-chain

edit <keychain identifier>

next

end

Using the GUI and the prefix strategy:
  1. Create a switch virtual interface (SVI). See Switch virtual interfaces .
  2. Go to Router > Config > RIP > Settings.

    1. Select whether you want to use RIP version 1 or RIP version 2. RIP version 2 is the default.
    2. If you want to use BFD, select Bidirectional Forwarding Detection.
    3. If you want to use a default route, select Default Information Originate.
    4. If you want to change the default timer values, enter the number of seconds in the Update, Timeout, and Garbage fields.
    5. If you want to redistribute non-RIP routes, select Enable under Connected, Static, OSPF, BGP, or ISIS.
      • If you select Enable under Connected, enter the routing metric to use.
      • If you select Enable under Static, OSPF, BGP, or ISIS, select Override Metric if you do not want to use the default routing metric and then enter the routing metric to use.
    6. Enter the default routing metric to use for static routing, OSPF, BGP, and ISIS.
  3. Go to Router > Config > Access Lists and select Add Access List.
    1. Enter an identifier with one or more alphabetic characters.
    2. Enter an optional description of the access list.
    3. Select Add.
    4. Select Config Rules in the row for the access list that you just created.
    5. Select Add Rule.
    6. Enter an identifier (1-65535), select Deny or Permit to specify if the rule will block or allow the specified IP addresses, and enter the prefix.
    7. If you entered the complete IP address, select the Exact Match checkbox.
    8. Select Add Rule if you want to add more rules.
    9. After you have added all of the rules that you want in the access list, select Update to save the rules you added.
  4. Go to Router > Config > RIP > Distances and select Add RIP Distance.

    1. Enter the distance identifier in the Distance ID field.
    2. Enter the distance.
    3. Select the access list that you added in the previous step.
    4. Enter the IP address and netmask, separated with a space or with a slash. For example, enter 1.2.3.4/5 or 1.2.3.4 248.0.0.0.
    5. Select Add.
  5. Go to Router > Config > RIP > Networks and select Add Network.

    1. Enter a unique value to identify this network configuration.
    2. Enter an IP address and netmask for your RIP network, separated with a slash, and select Add. For example, enter 172.168.200.0/255.255.255.0. NOTE: Select an IP address for a network that includes all SVIs that you want to use. You can configure multiple network ranges to cover all SVIs that will be using RIP routing.
  6. Go to Router > Config > RIP > Interfaces and select Configure RIP for the appropriate interface.

    1. If you want to change the RIP version used to send and receive routing updates, select from the Send Version and Receive Version drop-down menus.
    2. If you do not want to send RIP updates from this interface, select Passive Interface.
    3. If you want to use authentication, select Text or MD5.
    4. Select Add.
Using the GUI and the wildcard strategy:
  1. Create a switch virtual interface (SVI). See Switch virtual interfaces .
  2. Go to Router > Config > RIP > Settings.

    1. Select whether you want to use RIP version 1 or RIP version 2. RIP version 2 is the default.
    2. If you want to use BFD, select Bidirectional Forwarding Detection.
    3. If you want to use a default route, select Default Information Originate.
    4. If you want to change the default timer values, enter the number of seconds in the Update, Timeout, and Garbage fields.
    5. If you want to redistribute non-RIP routes, select Enable under Connected, Static, OSPF, BGP, or ISIS.
      • If you select Enable under Connected, enter the routing metric to use.
      • If you select Enable under Static, OSPF, BGP, or ISIS, select Override Metric if you do not want to use the default routing metric and then enter the routing metric to use.
    6. Enter the default routing metric to use for static routing, OSPF, BGP, and ISIS.
  3. Go to Router > Config > Access Lists and select Add Access List.

    1. Enter an identifier with all digits (in the range of 1-99).
    2. Enter an optional description of the access list.
    3. Select Add.
    4. Select Config Rules in the row for the access list that you just created.
    5. Select Add Rule.
    6. Enter an identifier (1-65535), select Deny or Permit to specify if the rule will block or allow the specified IP addresses, and enter the Cisco-style wildcard filter.
    7. Select Add Rule if you want to add more rules.
    8. After you have added all of the rules that you want in the access list, select Update to save the rules you added.
  4. Go to Router > Config > RIP > Distances and select Add RIP Distance.

    1. Enter the distance identifier in the Distance ID field.
    2. Enter the distance.
    3. Select the access list that you added in the previous step.
    4. Enter the IP address and netmask, separated with a space or with a slash. For example, enter 1.2.3.4/5 or 1.2.3.4 248.0.0.0.
    5. Select Add.
  5. Go to Router > Config > RIP > Networks and select Add Network.

    1. Enter a unique value to identify this network configuration.
    2. Enter an IP address and netmask for your RIP network, separated with a slash, and select Add. For example, enter 172.168.200.0/255.255.255.0. NOTE: Select an IP address for a network that includes all SVIs that you want to use. You can configure multiple network ranges to cover all SVIs that will be using RIP routing.
  6. Go to Router > Config > RIP > Interfaces and select Configure RIP for the appropriate interface.

    1. If you want to change the RIP version used to send and receive routing updates, select from the Send Version and Receive Version drop-down menus.
    2. If you do not want to send RIP updates from this interface, select Passive Interface.
    3. If you want to use authentication, select Text or MD5.
    4. Select Add.
Using the CLI for IPv4 traffic:

config router access-list

edit <access_list_name>

set comments <comments>

config rule

edit <rule_int>

set action {deny | permit}

set prefix {<xxx.xxx.xxx.xxx> <xxx.xxx.xxx.xxx> | any}

set wildcard <IP_address>

set exact-match {enable | disable}

end

end

config router rip

set bfd {disable | enable}

set default-information-originate {disable | enable}

set garbage-timer <5-2147483647 seconds>

set timeout-timer <5-2147483647 seconds>

set update-timer <5-2147483647 seconds>

set default-metric <1-16>

config redistribute {bgp | connected | isis | ospf | static}

set status {disable | enable}

set metric <0-16>

end

config distance

edit <distance_ID>

set access-list <access_list_name>

set distance <1-255>

set prefix <IPv4_address> <netmask>

end

config network

edit <network identifier>

set prefix <IPv4_address> <netmask>

end

config interface

edit <interface_name>

set auth-keychain <keychain_str>

set auth-mode {md5 | none |text}

set auth-string <password_str>

set receive-version {1 | 2 | both | global}

set send-version {1 | 2 | both | global}

end

end

end

Using the CLI for IPv6 traffic:

config router access-list6

edit <access_list_name>

set comments <comments>

config rule

edit <rule_int>

set action {deny | permit}

set prefix6 {<xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx> | any}

set exact-match {enable | disable}

end

end

config router ripng

set bfd {disable | enable}

set default-information-originate {disable | enable}

set garbage-timer <5-2147483647 seconds>

set timeout-timer <5-2147483647 seconds>

set update-timer <5-2147483647 seconds>

set default-metric <1-16>

config redistribute {bgp | connected | isis | ospf6 | static}

set status {disable | enable}

set metric <0-16>

end

config offset-list

edit <offset-list_name>

set access-list6 <access-list_name>

set direction {in | out}

set interface {in | out}

set offset <1-16>

set status {disable | enable}

end

config aggregate-address

edit <aggregate-address_entry_ID>

set prefix6 <xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx>

end

config interface

edit <interface_name>

set passive {disable | enable}

set split-horizon-statsus {disable | enable}

set split-horizon {poisoned |regular}

end

end

end

Checking the RIP configuration

The get router info rip and get router info6 rip commands have options to display different aspects of the RIP configuration and status. For example, there are options to display the RIP general information and the RIP database:

get router info rip status

get router info6 rip status

get router info rip database

get router info6 rip database

Example configuration

The following example shows a very simple RIP network:

Switch 1: Configure the switch interface

config switch interface

edit "port9"

set allowed-vlans 35

next

edit "port7"

set allowed-vlans 85

next

end

Switch 1: Configure the system interface

config system interface

edit "vlan35"

set ip 170.38.65.1/24

set allowaccess ping https http ssh snmp telnet

set vlanid 35

next

edit "vlan85"

set ip 180.1.1.1/24

set allowaccess ping https http ssh snmp telnet

set vlanid 85

next

end

Switch 1: Configure the RIP router; add authentication between FortiSwitch 1 and FortiSwitch 2

config router rip

config network

edit 1

set prefix 170.38.65.0/24

next

edit 2

set prefix 180.1.1.0/24

next

end

config interface

edit "vlan35"

set auth-mode text

set auth-string simplepw1

next

end

end

Switch 1: Add a static route and redistribute it

config router static

edit 1

set dst 39.3.2.0 255.255.255.0

set gateway 180.1.1.2

set status enable

next

end

config router rip

config redistribute "static"

set status enable

next

end

Switch 2: Configure the switch interface

config switch interface

edit "port10"

set allowed-vlans 35

next

edit "port25"

set allowed-vlans 70

next

end

Switch 2: Configure the system interface

config system interface

edit "vlan35"

set ip 170.38.65.2/24

set allowaccess ping https http ssh snmp telnet

set vlanid 35

next

edit "vlan70"

set ip 128.8.2.1/16

set allowaccess ping https http ssh snmp telnet

set vlanid 70

next

end

Switch 2: Configure the RIP router; add authentication between FortiSwitch 1 and FortiSwitch 2

config router rip

config network

edit 1

set prefix 170.38.65.0/24

next

edit 2

set prefix 128.8.0.0/16

next

end

config interface

edit "vlan35"

set auth-mode text

set auth-string simplepw1

next

end

end

Switch 2: Add a connected route and redistribute it

config switch interface

edit "port6"

set allowed-vlans 25

next

end

config system interface

edit "vlan25"

set ip 100.20.40.1/24

set allowaccess ping https http ssh snmp telnet

set vlanid 25

next

end

config router rip

config redistribute "connected"

set status enable

next

end