Created on 02-12-2017 07:45 PM Edited on 12-20-2021 07:07 AM By Anonymous
Purpose
Diagram
Expectations, Requirements
Configuration
FGT-1 # show sys int port10
config system interface
edit "port10"
set vdom "root"
set ip 10.10.10.78 255.255.255.0
set allowaccess ping https ssh snmp http telnet fgfm auto-ipsec radius-acct probe-response capwap
set type physical
set snmp-index 10
next
end
FGT-1 # show router rip
config router rip
config network
edit 1
set prefix 192.168.1.0 255.255.255.0
next
edit 2
set prefix 192.168.2.0 255.255.255.0
next
edit 3
set prefix 192.168.3.0 255.255.255.0
next
edit 4
set prefix 192.168.4.0 255.255.255.0
next
edit 5
set prefix 192.168.5.0 255.255.255.0
next
edit 172
set prefix 172.16.0.0 255.255.0.0
next
edit 10
set prefix 10.0.0.0 255.0.0.0
next
end
end
FGT-2 # show sys int port10
config system interface
edit "port10"
set vdom "root"
set ip 10.10.10.79 255.255.255.0
set allowaccess ping https ssh snmp http telnet fgfm radius-acct probe-response capwap
set type physical
set snmp-index 10
next
end
FGT-2 # show router rip
config router rip
config network
edit 10
set prefix 10.0.0.0 255.0.0.0
next
end
Verification
FGT-2 # get router info routing-table rip
R 172.16.0.0/16 [120/2] via 10.10.10.78, port10, 11:19:00 ---> This is the required network
R 192.168.1.0/24 [120/2] via 10.10.10.78, port10, 00:00:22
R 192.168.2.0/24 [120/2] via 10.10.10.78, port10, 00:00:22
R 192.168.3.0/24 [120/2] via 10.10.10.78, port10, 00:00:22
R 192.168.4.0/24 [120/2] via 10.10.10.78, port10, 00:00:22
R 192.168.5.0/24 [120/2] via 10.10.10.78, port10, 00:00:22
# diagnose sniffer packet port10 'src host 10.10.10.78 and udp and port 520' 6 0 a
Troubleshooting
config router access-list
edit "RIP_FILTER_IN"
config rule
edit 1
set prefix 172.6.0.0 255.255.0.0
set exact-match enable
next
end
next
end
config router rip
config distribute-list
edit 1
set status enable
set direction in
set listname "RIP_FILTER_IN"
set interface "port10"
next
end
config router access-list
edit "RIP_FILTER_OUT"
config rule
edit 1
set prefix 172.6.0.0 255.255.0.0
set exact-match enable
next
end
next
end
config router rip
config distribute-list
edit 1
set status enable
set direction in
set listname "RIP_FILTER_OUT"
set interface "port10"
next
end
FGT-2 # get router info routing-table rip
R 172.16.0.0/16 [120/2] via 10.10.10.78, port10, 05:08:08
#diagnose sniffer packet any ‘host 224.0.0.9’ 6 0 a
#diagnose sniffer packet any ‘udp and port 520’ 6 0 a
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.