On FGT1.
-------------
Has to advertise both 10.220.0.0/20 and 10.210.0.0/20 to EBGP neighbor 'FGT2' such that ->
10.220.0.0/20 – advertised with community '7922:100'.
10.210.0.0/20 – advertised with community '7922:290'.# config router access-listVerification:
edit "add-community"
# config rule
edit 1
set prefix 10.220.0.0 255.255.240.0
next
end
next
edit "add-community-2"
# config rule
edit 1
set prefix 10.210.0.0 255.255.240.0
next
end
# config router route-map
edit "add-community"
# config rule
edit 1
set match-ip-address "add-community" <----- 10.220.0.0/20.
set set-community "7922:100"
set action permit
next
edit 2
set match-ip-address "add-community-2" <----- 10.210.0.0/20.
set set-community "7922:290"
set action permit
next
FGT1 # sh router bgp
# config router bgp
set as 65100
set router-id 10.5.22.116
# config neighbor
edit "10.5.27.164"
set soft-reconfiguration enable
set remote-as 65200
set route-map-out "add-community" <-----
next
------------
On FGT1.FGT1 # get router info bgp community-infoOn FGT2.
Address Refcnt Community
[0x7f3826d23b68] (1) 7922:290
[0x7f3826d23bb0] (1) 7922:100
FGT1 # get router info bgp neighbors "10.5.27.164" advertised-routes
Network Next Hop Metric LocPrf Weight RouteTag Path
*> 10.210.0.0/20 10.5.22.116 100 32768 0 i <-/->
*> 10.220.0.0/20 10.5.22.116 100 32768 0 i <-/->FGT2 # get router info bgp community 7922:100On FGT2.
Network Next Hop Metric LocPrf Weight RouteTag Path
*> 10.220.0.0/20 10.5.22.116 0 0 0 65100 i <-/1>
Total number of prefixes 1
FGT2 # get router info bgp community 7922:290
Network Next Hop Metric LocPrf Weight RouteTag Path
*> 10.210.0.0/20 10.5.22.116 0 0 0 65100 i <-/1>
-------------
Only advertise the routes with community '7922:100' to FGT3.FGT2 # sh router community-listVerification.
# config router community-list
edit "community-100"
# config rule
edit 1
set action permit
set match "7922:100"
next
# config router route-map
edit "only-community-100"
# config rule
edit 1
set match-community "community-100"
set action permit
next
edit 2
set action deny --
next
# config router bgp
set as 65200
# config neighbor
edit "10.5.19.214"
set remote-as 65300
set route-map-out "only-community-100" <-----
next
end
-------------
On FGT3.FGT3# get router info bgp community-info
Address Refcnt Community
[0x7f4c02777898] (1) 7922:100
FGT3 # get router info bgp neighbors "10.5.27.164" received-routes
Network Next Hop Metric LocPrf Weight RouteTag Path
*> 10.220.0.0/20 10.5.22.116 0 0 0 65200 65100 i <-/1>
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.