Description
The following articles describes an example of how to :
- Advertise in RIP only a default route on interface DMZ1.
- Drop all RIP received advertisement on interface DMZ1.
See the related articles for other examples and more information about configuring RIP.
Scope
FortiGate or VDOM running in NAT mode.
Solution
|
Notes
- Rules are parsed from lowest to highest rule ID number sequence and not by order.(i.e. if you have Rule ID 100 at the top of the list and Rule ID 5 at the bottom, Rule ID 5 will be read first)
- Prefix-list follows a 'stop on match' logic : when a rule has matched (defined by prefix/ge/le), the specified action is used and no further rules are inspected.
- There is an implicit block rules at the end of the rules list.
- Keywords 'ge' and 'le' may be used to define a pattern using the prefix as a border.
- Keyword 'any' as prefix (#1) may be used as a "match all" filter.
- To match a default route only, a prefix list must be used ; an access list can not be used to match a default route.
|
|
Step 1: Configure the appropriate prefix-list.
# config router prefix-list
edit "default_only"
config rule
edit 1
set prefix 0.0.0.0 0.0.0.0
unset ge
unset le
next
edit 2
set action deny
set prefix any
unset ge
unset le
next
end
next
edit "drop_all"
config rule
edit 1
set action deny
set prefix any (#1)
unset ge
unset le
next
end
next
end
|
|
Step 2: Configure RIP to use those prefix-list.
# config router rip
set default-information-originate enable
# config distribute-list
edit 1
set interface "dmz1"
set listname "default_only"
set status enable
next
edit 2
set direction in <----- The default is "direction out", as used in the list above.
set interface "dmz1"
set listname "drop_all"
set status enable
next
end
|
Related Articles
Technical Note: How to enable RIP on FortiGate interfaces
How to advertise an Aggregate Route in RIP on a FortiGate
Technical Note: Advertising only a Default Route in RIP with prefix-list and distribute-list
