Description
This article describes how to enable RIP on some FortiGate interfaces and setup some RIP options.
Scope
All FortiGate or VDOM running in NAT mode.
Diagram
This article is based on the following diagram. The configuration will be given for FGT1.
Expectations, Requirements
- The goal is to enable RIP on all 3 interfaces of FGT1: port1, port2, and port3.
- On port3 however, we want to run RIP1.
- No other subnets should be advertised by RIP (that is: no static route, no routes from BGP, OSPF..)
Note: RIPv2 is enabled by default unless it is specified differently.
Configuration
CLI configuration of FGT1 :
# config router rip
config interface
edit "port3"
set receive-version 1
set send-version 1
next
end
config network
edit 1
set prefix 10.142.0.0 255.255.254.0
next
edit 2
set prefix 10.160.0.0 255.255.254.0
next
edit 3
set prefix 192.168.182.0 255.255.254.0
next
end
config redistribute "connected"
end
config redistribute "static"
end
config redistribute "ospf"
end
config redistribute "bgp"
end
end
Note 1: In order to enable RIP on multiple interfaces at once, set a larger mask in the network prefix. Example : a prefix of 10.0.0.0/8 will enable RIP on ALL interfaces for which the subnets are in this range.
Note 2: See above that Port3 has been created as an interface. This is required ONLY if there is a need to change a default parameter.
To verify the default parameters on a physical interface or a VLAN, type for example :
# config router rip
config interface
edit dmz
get
This will display all default RIP settings for this interface.
GUI configuration of FGT1 :
Verification
Verification on FGT1 with the following commands and results applied to this example :
# get router rip
# get router info routing-table rip
# get router rip
default-information-originate: disable
default-metric : 1
distance:
distribute-list:
garbage-timer : 120
interface:
== [ port3 ]
name: port3 auth-keychain: (null) auth-mode: none
receive-version: 1 send-version: 1 split-horizon-status: enable split-horizon: poisoned
neighbor:network: == [ 1 ]
id: 1 prefix: 10.142.0.0 255.255.254.0
== [ 2 ]
id: 2 prefix: 10.160.0.0 255.255.254.0
== [ 3 ]
id: 3 prefix: 192.168.182.0 255.255.254.0
offset-list:
passive-interface:
redistribute:
== [ connected ]
name: connected status: disable metric: 0 routemap: (null)
== [ static ]
name: static status: disable metric: 0 routemap: (null)
== [ ospf ]
name: ospf status: disable metric: 0 routemap: (null)
== [ bgp ]
name: bgp status: disable metric: 0 routemap: (null)
timeout-timer : 180
update-timer : 30
version : 2
# get router info routing-table rip
R 10.0.0.1/32 [120/2] via 10.160.0.152, port1, 00:24:58
R 10.1.1.2/32 [120/2] via 10.160.0.152, port1, 00:24:58
R 10.1.1.4/32 [120/2] via 10.160.0.152, port1, 00:24:58
R 10.2.2.0/24 [120/2] via 10.160.0.152, port1, 00:24:58
R 10.5.4.0/23 [120/2] via 10.142.0.102, port3, 00:07:15
R 10.126.0.0/23 [120/2] via 192.168.183.27, port2, 00:24:15
R 172.16.201.0/24 [120/3] via 192.168.183.27, port2, 00:24:15
Also, check from the GUI if routes are received; in the example, below there are RIP routes received on port1, port2 and port3.
Troubleshooting
To troubleshooting RIP problems, use the commands 'diagnose ip router rip all enable' and 'diagnose debug enable' ==> this will show all RIP updates sent and received by FortiGate.
To stop it type 'diagnose ip router rip all disable'; keep it running long enough in order to capture some RIP updates from the other routers.
Example of output :
RIP: RECV[internal]: Receive from 10.160.0.205:520
RIP: RECV[internal]: RESPONSE version 2 packet size 24
RIP: 0.0.0.0/0 -> 0.0.0.0 family 2 tag 0 metric 1
RIP: RECV[internal]: Receive from 10.160.0.205:520
Related Articles
Technical Note: Advertising only a Default Route in RIP with prefix-list and distribute-list
