router : ospf : config ospf-interface
 
config ospf-interface
Use this subcommand to configure interface related OSPF settings.
The interface field is required. All other fields are optional. If you configure authentication for the interface, authentication for areas is not used.
Variable
Description
Default
edit <ospf_interface_name>
Enter a descriptive name for this OSPF interface configuration. To apply this configuration to a FortiGate unit interface, set the interface <name_str> attribute.
No default.
authentication {md5 | none | text}
Define the authentication used for OSPF packets sent and received by this interface. Choose one of:
none — no authentication is used.
text — the authentication key is sent as plain text.
md5 — the authentication key is used to generate an MD5 hash.
Both text mode and MD5 mode only guarantee the authenticity of the update packet, not the confidentiality of the routing information in the packet.
In text mode the key is sent in clear text over the network, and is only used only to prevent network problems that can occur if a misconfigured router is mistakenly added to the network.
All routers on the network must use the same authentication type.
none
authentication-key <password_str>
This field is available when authentication is set to text.
Enter the password to use for text authentication.
The authentication-key must be the same on all neighboring routers.
The maximum length for the authentication-key is 15 characters.
No default.
bfd {enable | disable}
Select to enable Bi-directional Forwarding Detection (BFD). It is used to quickly detect hardware problems on the network.
This command enables this service on this interface.
 
cost <cost_integer>
Specify the cost (metric) of the link. The cost is used for shortest path first calculations.
10
database-filter-out {enable | disable}
Enable or disable flooding LSAs out of this interface.
disable
dead-interval <seconds_integer>
The time, in seconds, to wait for a hello packet before declaring a router down. The value of the dead-interval should be four times the value of the hello-interval.
All routers on the network must use the same value for dead-interval.
The valid range for seconds_integer is 1 to 65535.
40
hello-interval <seconds_integer>
The time, in seconds, between hello packets.
All routers on the network must use the same value for hello-interval.
The value of the dead-interval should be four times the value of the hello-interval.
The valid range for seconds_integer is 1 to 65535.
10
hello-multiplier <int>
Enter the number of hello packets to send within the dead interval. Range 3-10. 0 disables.
0
interface <name_str>
Enter the name of the interface to associate with this OSPF configuration. The interface might be a virtual IPSec or GRE interface.
Null.
ip <address_ipv4>
Enter the IP address of the interface named by the interface field.
It is possible to apply different OSPF configurations for different IP addresses defined on the same interface.
0.0.0.0
md5-key <id_integer> <key_str>
This field is available when authentication is set to md5.
Enter the key ID and password to use for MD5 authentication. Example:
set md5-key 6 "ENC yYKaPSrY89CeXn66WUybbLZQ5YM="
You can add more than one key ID and key pair per interface. However, you cannot unset one key without unsetting all of the keys.
The key ID and key must be the same on all neighboring routers.
The valid range for id_integer is 1 to 255. key_str is an alphanumeric string of up to 16 characters.
No default.
mtu <mtu_integer>
Change the Maximum Transmission Unit (MTU) size included in database description packets sent out this interface. The valid range for mtu_integer is 576 to 65535.
1500
mtu-ignore {enable | disable}
Use this command to control the way OSPF behaves when the Maximum Transmission Unit (MTU) in the sent and received database description packets does not match.
When mtu-ignore is enabled, OSPF will stop detecting mismatched MTUs and go ahead and form an adjacency.
When mtu-ignore is disabled, OSPF will detect mismatched MTUs and not form an adjacency.
mtu-ignore should only be enabled if it is not possible to reconfigure the MTUs so that they match on both ends of the attempted adjacency connection.
disable
network-type <type>
Specify the type of network to which the interface is connected.
OSPF supports four different types of network. This command specifies the behavior of the OSPF interface according to the network type. Choose one of:
broadcast
non-broadcast
point-to-multipoint
point-to-multipoint-non-broadcast
point-to-point
If you specify non-broadcast, you must also configure neighbors using “config neighbor”.
broadcast
prefix-length <int>
Set the size of the OSPF hello network mask. Range 0 to 32.
0
priority <priority_integer>
Set the router priority for this interface.
Router priority is used during the election of a designated router (DR) and backup designated router (BDR).
An interface with router priority set to 0 can not be elected DR or BDR. The interface with the highest router priority wins the election. If there is a tie for router priority, router ID is used.
Point-to-point networks do not elect a DR or BDR; therefore, this setting has no effect on a point-to-point network.
The valid range for priority_integer is 0 to 255.
1
resync-timeout <integer>
Enter the synchronizing timeout for graceful restart interval in seconds. This is the period for this interface to synchronize with a neighbor.
40
retransmit-interval <seconds_integer>
The time, in seconds, to wait before sending a LSA retransmission. The value for the retransmit interval must be greater than the expected round-trip delay for a packet. The valid range for seconds_integer is 1 to 65535.
5
status {enable | disable}
Enable or disable OSPF on this interface.
enable
transmit-delay <seconds_integer>
The estimated time, in seconds, required to send a link state update packet on this interface.
OSPF increments the age of the LSAs in the update packet to account for transmission and propagation delays on the interface.
Increase the value for transmit-delay on low speed links.
The valid range for seconds_integer is 1 to 65535.
1
Example
This example shows how to assign an OSPF interface configuration named test to the interface named internal and how to configure text authentication for this interface.
config router ospf
config ospf-interface
edit test
set interface internal
set ip 192.168.20.3
set authentication text
set authentication-key a2b3c4d5e
end
end