router : rip : config interface
 
config interface
Use this subcommand to configure RIP version 2 authentication, RIP version send and receive for the specified interface, and to configure and enable split horizon.
Authentication is only available for RIP version 2 packets sent and received by an interface. You must set auth-mode to none when receive-version or send-version are set to 1 or 1 2 (both are set to 1 by default).
A split horizon occurs when a router advertises a route it learns over the same interface it learned it on. In this case the router that gave the learned route to the last router now has two entries to get to another location. However, if the primary route fails that router tries the second route to find itself as part of the route and an infinite loop is created. A poisoned split horizon will still advertise the route on the interface it received it on, but it will mark the route as unreachable. Any unreachable routes are automatically removed from the routing table. This is also called split horizon with poison reverse.
All fields are optional.
Variable
Description
Default
edit <interface_name>
Type the name of the FortiGate unit interface that is linked to the RIP network. The interface might be a virtual IPSec or GRE interface.
No default.
auth-keychain <name_str>
Enter the name of the key chain to use for authentication for RIP version 2 packets sent and received by this interface. Use key chains when you want to configure multiple keys. For information on how to configure key chains, see “key-chain”.
Null.
auth-mode {none | text | md5}
Use the auth-mode field to define the authentication used for RIP version 2 packets sent and received by this interface. Choose one of:
none — no authentication is used.
text — the authentication key is sent as plain text.
md5 — the authentication key is used to generate an MD5 hash.
Both text mode and MD5 mode only guarantee the authenticity of the update packet, not the confidentiality of the routing information in the packet.
In text mode the key is sent in clear text over the network. Text mode is usually used only to prevent network problems that can occur if an unwanted or misconfigured router is mistakenly added to the network.
Use the auth-string field to specify the key.
none
auth-string <password_str>
Enter a single key to use for authentication for RIP version 2 packets sent and received by this interface. Use auth-string when you only want to configure one key. The key can be up to 35 characters long.
Null
receive-version {1 2}
RIP routing messages are UDP packets that use port 520. Choose one of:
1 — configure RIP to listen for RIP version 1 messages on an interface.
2 — configure RIP to listen for RIP version 2 messages on an interface.
1 2 — configure RIP to listen for both RIP version 1 and RIP version 2 messages on an interface.
No default.
send-version {1 2}
RIP routing messages are UDP packets that use port 520. Choose one of:
1 — configure RIP to send for RIP version 1 messages on an interface.
2 — configure RIP to send for RIP version 2 messages on an interface.
1 2 — configure RIP to send for both RIP version 1 and RIP version 2 messages on an interface.
No default.
send-version2-broadcast {enable | disable}
Enable or disable sending broadcast updates from an interface configured for RIP version 2.
RIP version 2 normally multicasts updates. RIP version 1 can only receive broadcast updates.
disable
split-horizon {poisoned | regular}
Configure RIP to use either regular or poisoned split horizon on this interface. Choose one of:
regular — prevent RIP from sending updates for a route back out on the interface from which it received that route.
poisoned — send updates with routes learned on an interface back out the same interface but mark those routes as unreachable.
poisoned
split-horizon-status {enable | disable}
Enable or disable split horizon for this interface. Split horizon is enabled by default.
Disable split horizon only if there is no possibility of creating a counting to infinity loop when network topology changes.
enable
Example
This example shows how to configure the external interface to send and receive RIP version 2, to use MD5 authentication, and to use a key chain called test1.
config router rip
config interface
edit external
set receive-version 2
set send-version 2
set auth-mode md5
set auth-keychain test1
end
end