Technical Tip: FortiGate prefix-list example to advertise in RIP only a default route and drop all received RIP updates
Description
- Advertise in RIP only a default route on interface DMZ1.
- Drop all RIP received advertisement on interface DMZ1.
Scope
FortiGate or VDOM running in NAT mode.
Solution
| Notes - Rules are parsed from lowest to highest rule ID number sequence and not by order.(i.e. if you have Rule ID 100 at the top of the list and Rule ID 5 at the bottom, Rule ID 5 will be read first) - Prefix-list follows a 'stop on match' logic : when a rule has matched (defined by prefix/ge/le), the specified action is used and no further rules are inspected. - There is an implicit block rules at the end of the rules list. - Keywords 'ge' and 'le' may be used to define a pattern using the prefix as a border. - Keyword 'any' as prefix (#1) may be used as a "match all" filter. - To match a default route only, a prefix list must be used ; an access list can not be used to match a default route. |
| Step 1: Configure the appropriate prefix-list.
# config router prefix-list edit "default_only" config rule edit 1 set prefix 0.0.0.0 0.0.0.0 unset ge unset le next edit 2 set action deny set prefix any unset ge unset le next end next edit "drop_all" config rule edit 1 set action deny set prefix any (#1) unset ge unset le next end next end |
| Step 2: Configure RIP to use those prefix-list.
# config router rip set default-information-originate enable # config distribute-list edit 1 set interface "dmz1" set listname "default_only" set status enable next edit 2 set direction in <----- The default is "direction out", as used in the list above. set interface "dmz1" set listname "drop_all" set status enable next end |
Related Articles
Technical Note: How to enable RIP on FortiGate interfaces
How to advertise an Aggregate Route in RIP on a FortiGate
Technical Note: Advertising only a Default Route in RIP with prefix-list and distribute-list