Passive versus active RIP interfaces
Normally the FortiGate unit’s routing table is kept up to date by periodically asking the neighbors for routes, and sending your routing updates out. This has the downside of generating a lot of extra traffic for large networks. The solution to this problem is passive interfaces.
An standard interface that supports RIP is active by default — it both sends and receives updates by actively communicating with its neighbors. A passive RIP interface does not send out updates — it just listens to the updates of other routers. This is useful in reducing network traffic, and if there are redundant routers in the network that would be sending out essentially the same updates all the time.
The following example shows how to create a passive RIP v2 interface on port1, using MD5 authentication and a key-chain called passiveRIPv2 that has already been configured. Note that in the CLI, you enable passive by disabling send-version2-broadcast.
To create a passive RIP interface - web-based manager
1. Go to Router > Dynamic > RIP.
2. Under Interfaces, select Create.
3. Select port1 as the Interface.
4. Select 2 as both the Send Version and Receive Version.
5. Select MD5 for Authentication.
6. Select the passiveRIPv2 Key-chain.
7. Select Passive Interface.
8. Select OK to accept this configuration, and return to the main RIP display page.
To create a passive RIP v2 interface on port1 using MD5 authentication- CLI
config router rip
config interface
edit port1
set send-version2-broadcast disable
set auth-keychain “passiveRIPv2”
set auth-mode md5
set receive-version 2
set send-version 2
end
end