router : ospf : config area
 
config area
Use this subcommand to set OSPF area related parameters. Routers in an OSPF autonomous system (AS) or routing domain are organized into logical groupings called areas. Areas are linked together by area border routers (ABRs). There must be a backbone area that all areas can connect to. You can use a virtual link to connect areas that do not have a physical connection to the backbone. Routers within an OSPF area maintain link state databases for their own areas.
FortiGate units support the three main types of areas—stub areas, Not So Stubby areas (NSSA), and regular areas. A stub area only has a default route to the rest of the OSPF routing domain. NSSA is a type of stub area that can import AS external routes and send them to the backbone, but cannot receive AS external routes from the backbone or other areas. All other areas are considered regular areas.
You can use the config filter-list subcommand to control the import and export of LSAs into and out of an area. For more information, see “config filter-list variables”.
You can use access or prefix lists for OSPF area filter lists. For more information, see router access-list, access-list6 and router prefix-list, prefix-list6.
You can use the config range subcommand to summarize routes at an area boundary. If the network numbers in an area are contiguous, the ABR advertises a summary route that includes all the networks within the area that are within the specified range. See “config range variables”.
You can configure a virtual link using the config virtual-link subcommand to connect an area to the backbone when the area has no direct connection to the backbone (see “config virtual-link variables”). A virtual link allows traffic from the area to transit a directly connected area to reach the backbone. The transit area cannot be a stub area. Virtual links can only be set up between two ABRs.
 
If you define a filter list, the direction and list fields are required. If you define a range, the prefix field is required. If you define a virtual link, the peer field is required. All other fields are optional.
If you configure authentication for interfaces, the authentication configured for the area is overridden.
Variable
Description
Default
edit <area_address_ipv4>
Type the IP address of the area. An address of 0.0.0.0 indicates the backbone area.
No default.
authentication {md5 | none | text}
Define the authentication used for OSPF packets sent and received in this area. Choose one of:
none — no authentication is used.
text — the authentication key is sent as plain text.
md5 — the authentication key is used to generate an MD5 hash.
Both text mode and MD5 mode only guarantee the authenticity of the OSPF packet, not the confidentiality of the information in the packet.
In text mode the key is sent in clear text over the network, and is only used to prevent network problems that can occur if a misconfigured router is mistakenly added to the area.
Authentication passwords or keys are defined per interface. For more information, see “config ospf-interface”.
none
default-cost <cost_integer>
Enter the metric to use for the summary default route in a stub area or not so stubby area (NSSA). A lower default cost indicates a more preferred route.
The valid range for cost_integer is 1 to 16777214.
10
nssa-default-information-originate {enable | disable}
Enter enable to advertise a default route in a not so stubby area. Affects NSSA ABRs or NSSA Autonomous System Boundary Routers only.
disable
nssa-default-information-originate-metric <metric>
Specify the metric (an integer) for the default route set by the nssa-default-information-originate field.
10
nssa-default-information-originate-metric-type {1 | 2}
Specify the OSPF external metric type for the default route set by the nssa-default-information-originate field.
2
nssa-redistribution {enable | disable}
Enable or disable redistributing routes into a NSSA area.
enable
nssa-translator-role {always | candidate | never}
A NSSA border router can translate the Type 7 LSAs used for external route information within the NSSA to Type 5 LSAs used for distributing external route information to other parts of the OSPF routing domain. Usually a NSSA will have only one NSSA border router acting as a translator for the NSSA.
You can set the translator role to always to ensure this FortiGate unit always acts as a translator if it is in a NSSA, even if other routers in the NSSA are also acting as translators.
You can set the translator role to candidate to have this FortiGate unit participate in the process for electing a translator for a NSSA.
You can set the translator role to never to ensure this FortiGate unit never acts as the translator if it is in a NSSA.
candidate
shortcut {default | disable | enable}
Use this command to specify area shortcut parameters.
disable
stub-type
{no-summary | summary}
Enter no-summary to prevent an ABR sending summary LSAs into a stub area. Enter summary to allow an ABR to send summary LSAs into a stub area.
summary
type
{nssa | regular | stub}
Set the area type:
Select nssa for a not so stubby area.
Select regular for a normal OSPF area.
Select stub for a stub area.
This is not available for area 0.0.0.0.
For more information, see “config area”.
regular
config filter-list variables
edit <filter-list_id>
Enter an ID number for the filter list. The number must be an integer.
No default.
direction {in | out}
Set the direction for the filter. Enter in to filter incoming packets. Enter out to filter outgoing packets.
out
list <name_str>
Enter the name of the access list or prefix list to use for this filter list.
Null.
config range variables
edit <range_id>
Enter an ID number for the range. The number must be an integer in the 0 to 4 294 967 295 range.
No default.
advertise
{enable | disable}
Enable or disable advertising the specified range.
enable
prefix <address_ipv4mask>
Specify the range of addresses to summarize.
0.0.0.0 0.0.0.0
substitute <address_ipv4mask>
Enter a prefix to advertise instead of the prefix defined for the range. The prefix 0.0.0.0 0.0.0.0 is not allowed.
0.0.0.0 0.0.0.0
substitute-status {enable | disable}
Enable or disable using a substitute prefix.
disable
config virtual-link variables
edit <vlink_name>
Enter a name for the virtual link.
No default.
authentication
{md5 | none | text}
Define the type of authentication used for OSPF packets sent and received over this virtual link. Choose one of:
none — no authentication is used.
text — the authentication key is sent as plain text.
md5 — the authentication key is used to generate an MD5 hash.
Both text mode and MD5 mode only guarantee the authenticity of the OSPF packet, not the confidentiality of the information in the packet.
In text mode the key is sent in clear text over the network, and is only used only to prevent network problems that can occur if a misconfigured router is mistakenly added to the area.
none
authentication-key <password_str>
Enter the password to use for text authentication. The maximum length for the authentication-key is 15 characters.
The authentication-key used must be the same on both ends of the virtual link.
This field is only available when authentication is set to text.
*
(No default.)
dead-interval <seconds_integer>
The time in seconds to wait for a hello packet before declaring a router down. The value of the dead-interval should be four times the value of the hello-interval.
Both ends of the virtual link must use the same value for dead-interval.
The valid range for seconds_integer is 1 to 65535.
40
hello-interval <seconds_integer>
The time, in seconds, between hello packets.
Both ends of the virtual link must use the same value for hello-interval.
The value for dead-interval should be four times larger than the hello-interval value.
The valid range for seconds_integer is 1 to 65535.
10
md5-key <id_integer><key_str>
This field is available when authentication is set to md5.
Enter the key ID and password to use for MD5 authentication. Example:
set md5-key 6 "ENC yYKaPSrY89CeXn66WUybbLZQ5YM="
Both ends of the virtual link must use the same key ID and key.
The valid range for id_integer is 1 to 255. key_str is an alphanumeric string of up to 16 characters.
No default.
peer <address_ipv4>
The router id of the remote ABR.
0.0.0.0 is not allowed.
0.0.0.0
retransmit-interval <seconds_integer>
The time, in seconds, to wait before sending a LSA retransmission. The value for the retransmit interval must be greater than the expected round-trip delay for a packet. The valid range for seconds_integer is 1 to 65535.
5
transmit-delay <seconds_integer>
The estimated time, in seconds, required to send a link state update packet on this virtual link.
OSPF increments the age of the LSAs in the update packet to account for transmission and propagation delays on the virtual link.
Increase the value for transmit-delay on low speed links.
The valid range for seconds_integer is 1 to 65535.
1
Example
This example shows how to configure a stub area with the id 15.1.1.1, a stub type of summary, a default cost of 20, and MD5 authentication.
config router ospf
config area
edit 15.1.1.1
set type stub
set stub-type summary
set default-cost 20
set authentication md5
end
end
This example shows how to use a filter list named acc_list1 to filter packets entering area 15.1.1.1.
config router ospf
config area
edit 15.1.1.1
config filter-list
edit 1
set direction in
set list acc_list1
end
end
This example shows how to set the prefix for range 1 of area 15.1.1.1.
config router ospf
config area
edit 15.1.1.1
config range
edit 1
set prefix 1.1.0.0 255.255.0.0
end
end
This example shows how to configure a virtual link.
config router ospf
config area
edit 15.1.1.1
config virtual-link
edit vlnk1
set peer 1.1.1.1
end
end