Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

CLI Reference

config router ospf

Use this command to configure OSPF. FortiADC supports OSPF version 2. OSPF (Open Shortest Path First) is described in RFC2328.

OSPF is a link-state interior routing protocol. Compared with RIP, OSPF can provide scalable network support and faster convergence times. OSPF is widely used in large networks such as ISP backbone and enterprise networks.

Before you begin:

  • You must have read-write permission for router settings.

Syntax

config router ospf

set router-id <integer>

set default-metric <integer>

set distance <integer>

set default-information-originate {always|enable|disable}

set default-information-metric-type {1|2}

set default-information-metric <integer>

set redistribute-connected {enable|disable}

set redistribute-connected-metric-type {1|2}

set redistribute-connected-metric <integer>

set redistribute-static {enable|disable}

set redistribute-static-metric-type {1|2}

set redistribute-static-metric <integer>

config area

edit <class_ip>

set authentication {md5|none|text}

set type {regular|stub}

set stub-type {summary|no-summary}

next

end

config network

edit <No.>

set area <datasource>

set prefix <ip&netmask>

next

end

config ospf-interface

edit <name>

set authentication {md5|none|text}

set authentication-md5 <datasource>

set authentication <text>

set cost <integer>

set dead-interval <integer>

set hello-interval <integer>

set interface <datasource>

set mtu-ignore {enable|disable}

set network-type {broadcast | point-to-multipoint | point-to-point}

set priority <integer>

set retransmit-interval <integer>

set transmit-delay <integer>

next

end

end

router-id

32-bit number that identifies the router. The router ID uses dotted decimal notation. sets the router-ID of the OSPF process. The router-ID must be an IP address of the router, and it must be unique within the entire OSPF domain to the OSPF speaker.

default-metric

The default is 10.

distance

The default is 110.

default-information-originate

  • enable—Originate an AS-External (type-5) LSA describing a default route into all external routing capable areas of the specified metric and metric type.
  • always—The default is always advertised, even when there is no default present in the routing table.
  • disable

default-information-metric-type

  • 1
  • 2

default-information-metric

The default is -1.

redistribute-connected

Enable/disable to redistribute connected routes into OSPF, with the metric type and metric set if specified. Redistributed routes are distributed into OSPF as Type-5 External LSAs into links to areas.

redistribute-connected-metric-type

  • 1
  • 2

redistribute-connected-metric

Specify a metric.

redistribute-static

Enable/disable to redistribute static routes into OSPF, with the metric type and metric set if specified. Redistributed routes are distributed into OSPF as Type-5 External LSAs into links to areas.

redistribute-static-metric-type

  • 1
  • 2

redistribute-static-metric

Specify a metric.

config area
<class_id>

32-bit number that identifies the OSPF area. An OSPF area is a smaller part of the larger OSPF AS. Areas are used to limit the link-state updates that are sent out. The flooding used for these updates would overwhelm a large network, so it is divided into these smaller areas for manageability.

authentication

Specify an authentication type: 

  • none—Also called null authentication. No authentication is used. In this case the 16-byte Authentication field is not checked, and can be any value. However checksumming is still used to locate errors.
  • text—A simple password is used. The password is a plain text string of characters. The same password is used for all transactions on a network. The main use of this type of authentication is to prevent routers from accidently joining the network. Simple password authentication is vulnerable to many forms of attack, and is not recommended as a secure form of authentication.
  • md5—Use OSPF cryptographic authentication. A shared secret key is used to authenticate all router traffic on a network. The key is never sent over the network in the clear—a packet is sent and a condensed and encrypted form of the packet is appended to the end of the packet. A non-repeating sequence number is included in the OSPF packet to protect against replay attacks that could try to use already sent packets to disrupt the network. When a packet is accepted as authentic, the authentication sequence number is set to the packet sequence number. If a replay attack is attempted, the packet sent will be out of sequence and ignored.

type

Area type setting:

  • regular—A normal area
  • stub—An area where no router originates routes external to OSPF and hence all external routes are via the ABRs.

stub-type

If using stub area, select a stub summary setting:

  • summary—allow an ABR to send summary LSAs into a stub area
  • no-summary—Prevent an ABR sending summary LSAs into a stub area

config network

area

Specify an area configuration name.

prefix

Address/mask notation to specify the subnet.

config ospf-interface

authentication

Specify an authentication type. All OSPF interfaces that want to learn routes from each other must be configured with the same authentication type and password or MD5 key (one match is enough). Options are: 

  • none—Use the authentication type referenced by the area included in the network configuration.
  • md5—Override the authentication type referenced by the area included in the network configuration with the MD5 configuration specified here.
  • text—Override the authentication type referenced by the area included in the network configuration with the text configuration specified here.
authentication-md5 Specify an MD5 configuration name.
authentication-text Specify a password string. Passwords are limited to 8 characters.

cost

Set link cost for the specified interface. The cost value is set to router-LSA's metric field and used for SPF calculation. The default is 0.

dead-interval

Number of seconds for RouterDeadInterval timer value used for Wait Timer and Inactivity Timer. This value must be the same for all routers attached to a common network. The default is 40 seconds.

hello-interval

Number of seconds between hello packets sent on the configured interface. This value must be the same for all routers attached to a common network. The default is 10 seconds.

interface

Specify the interface to enable OSPF for it.

mtu-ignore

Enable/disable to ignore the interface MTU. Disabled by default.

network-type

  • broadcast
  • point-to-point
  • point-to-multipoint

priority

The router with the highest priority will be more eligible to become Designated Router. Setting the value to 0 makes the router ineligible to become Designated Router. The default is 1.

retransmit-interval

Interval for retransmitting Database Description and Link State Request packets. The default is 5 seconds.

transmit-delay

Increment LSA age by this value when transmitting. The default is 1 second.

Example

FortiADC1

 

FortiADC-VM # config router ospf

FortiADC-VM (ospf) # set router-id 1.1.1.2

FortiADC-VM (ospf) # set default-metric 5

FortiADC-VM (ospf) # config network

FortiADC-VM (network) # edit 1

Add new entry '1' for node 2090

FortiADC-VM (1) # set prefix 1.1.1.1/32

FortiADC-VM (1) # set area 0.0.0.0

FortiADC-VM (1) # end

 

FortiADC-VM (ospf) # get

router-id : 1.1.1.2

default-information-originate: disable

default-information-metric: -1

default-information-metric-type: 2

default-metric : 5

distance : 110

redistribute-connected: disable

redistribute-connected-metric: -1

redistribute-connected-metric-type: 2

redistribute-static : disable

redistribute-static-metric: -1

redistribute-static-metric-type: 2

== [ 1 ]

 

FortiADC-VM (ospf) # show

config router ospf

set router-id 1.1.1.2

set default-metric 5

config network

edit 1

set prefix 1.1.1.1/32

next

end

config ospf-interface

end

end

 

FortiADC2

 

FortiADC-VM # config router ospf

FortiADC-VM (ospf) # set router-id 1.1.1.3

FortiADC-VM (ospf) # config network

FortiADC-VM (network) # edit 1

Add new entry '1' for node 2090

FortiADC-VM (1) # set prefix 1.1.1.1/32

FortiADC-VM (1) # set area 0.0.0.0

FortiADC-VM (1) # end

 

FortiADC-VM (ospf) # get

router-id : 1.1.1.2

default-information-originate: disable

default-information-metric: -1

default-information-metric-type: 2

default-metric : 10

distance : 110

redistribute-connected: disable

redistribute-connected-metric: -1

redistribute-connected-metric-type: 2

redistribute-static : disable

redistribute-static-metric: -1

redistribute-static-metric-type: 2

== [ 1 ]

 

FortiADC-VM (ospf) # show

config router ospf

set router-id 1.1.1.2

config network

edit 1

set prefix 1.1.1.1/32

next

end

config ospf-interface

end

end

See Also

config router ospf

Use this command to configure OSPF. FortiADC supports OSPF version 2. OSPF (Open Shortest Path First) is described in RFC2328.

OSPF is a link-state interior routing protocol. Compared with RIP, OSPF can provide scalable network support and faster convergence times. OSPF is widely used in large networks such as ISP backbone and enterprise networks.

Before you begin:

  • You must have read-write permission for router settings.

Syntax

config router ospf

set router-id <integer>

set default-metric <integer>

set distance <integer>

set default-information-originate {always|enable|disable}

set default-information-metric-type {1|2}

set default-information-metric <integer>

set redistribute-connected {enable|disable}

set redistribute-connected-metric-type {1|2}

set redistribute-connected-metric <integer>

set redistribute-static {enable|disable}

set redistribute-static-metric-type {1|2}

set redistribute-static-metric <integer>

config area

edit <class_ip>

set authentication {md5|none|text}

set type {regular|stub}

set stub-type {summary|no-summary}

next

end

config network

edit <No.>

set area <datasource>

set prefix <ip&netmask>

next

end

config ospf-interface

edit <name>

set authentication {md5|none|text}

set authentication-md5 <datasource>

set authentication <text>

set cost <integer>

set dead-interval <integer>

set hello-interval <integer>

set interface <datasource>

set mtu-ignore {enable|disable}

set network-type {broadcast | point-to-multipoint | point-to-point}

set priority <integer>

set retransmit-interval <integer>

set transmit-delay <integer>

next

end

end

router-id

32-bit number that identifies the router. The router ID uses dotted decimal notation. sets the router-ID of the OSPF process. The router-ID must be an IP address of the router, and it must be unique within the entire OSPF domain to the OSPF speaker.

default-metric

The default is 10.

distance

The default is 110.

default-information-originate

  • enable—Originate an AS-External (type-5) LSA describing a default route into all external routing capable areas of the specified metric and metric type.
  • always—The default is always advertised, even when there is no default present in the routing table.
  • disable

default-information-metric-type

  • 1
  • 2

default-information-metric

The default is -1.

redistribute-connected

Enable/disable to redistribute connected routes into OSPF, with the metric type and metric set if specified. Redistributed routes are distributed into OSPF as Type-5 External LSAs into links to areas.

redistribute-connected-metric-type

  • 1
  • 2

redistribute-connected-metric

Specify a metric.

redistribute-static

Enable/disable to redistribute static routes into OSPF, with the metric type and metric set if specified. Redistributed routes are distributed into OSPF as Type-5 External LSAs into links to areas.

redistribute-static-metric-type

  • 1
  • 2

redistribute-static-metric

Specify a metric.

config area
<class_id>

32-bit number that identifies the OSPF area. An OSPF area is a smaller part of the larger OSPF AS. Areas are used to limit the link-state updates that are sent out. The flooding used for these updates would overwhelm a large network, so it is divided into these smaller areas for manageability.

authentication

Specify an authentication type: 

  • none—Also called null authentication. No authentication is used. In this case the 16-byte Authentication field is not checked, and can be any value. However checksumming is still used to locate errors.
  • text—A simple password is used. The password is a plain text string of characters. The same password is used for all transactions on a network. The main use of this type of authentication is to prevent routers from accidently joining the network. Simple password authentication is vulnerable to many forms of attack, and is not recommended as a secure form of authentication.
  • md5—Use OSPF cryptographic authentication. A shared secret key is used to authenticate all router traffic on a network. The key is never sent over the network in the clear—a packet is sent and a condensed and encrypted form of the packet is appended to the end of the packet. A non-repeating sequence number is included in the OSPF packet to protect against replay attacks that could try to use already sent packets to disrupt the network. When a packet is accepted as authentic, the authentication sequence number is set to the packet sequence number. If a replay attack is attempted, the packet sent will be out of sequence and ignored.

type

Area type setting:

  • regular—A normal area
  • stub—An area where no router originates routes external to OSPF and hence all external routes are via the ABRs.

stub-type

If using stub area, select a stub summary setting:

  • summary—allow an ABR to send summary LSAs into a stub area
  • no-summary—Prevent an ABR sending summary LSAs into a stub area

config network

area

Specify an area configuration name.

prefix

Address/mask notation to specify the subnet.

config ospf-interface

authentication

Specify an authentication type. All OSPF interfaces that want to learn routes from each other must be configured with the same authentication type and password or MD5 key (one match is enough). Options are: 

  • none—Use the authentication type referenced by the area included in the network configuration.
  • md5—Override the authentication type referenced by the area included in the network configuration with the MD5 configuration specified here.
  • text—Override the authentication type referenced by the area included in the network configuration with the text configuration specified here.
authentication-md5 Specify an MD5 configuration name.
authentication-text Specify a password string. Passwords are limited to 8 characters.

cost

Set link cost for the specified interface. The cost value is set to router-LSA's metric field and used for SPF calculation. The default is 0.

dead-interval

Number of seconds for RouterDeadInterval timer value used for Wait Timer and Inactivity Timer. This value must be the same for all routers attached to a common network. The default is 40 seconds.

hello-interval

Number of seconds between hello packets sent on the configured interface. This value must be the same for all routers attached to a common network. The default is 10 seconds.

interface

Specify the interface to enable OSPF for it.

mtu-ignore

Enable/disable to ignore the interface MTU. Disabled by default.

network-type

  • broadcast
  • point-to-point
  • point-to-multipoint

priority

The router with the highest priority will be more eligible to become Designated Router. Setting the value to 0 makes the router ineligible to become Designated Router. The default is 1.

retransmit-interval

Interval for retransmitting Database Description and Link State Request packets. The default is 5 seconds.

transmit-delay

Increment LSA age by this value when transmitting. The default is 1 second.

Example

FortiADC1

 

FortiADC-VM # config router ospf

FortiADC-VM (ospf) # set router-id 1.1.1.2

FortiADC-VM (ospf) # set default-metric 5

FortiADC-VM (ospf) # config network

FortiADC-VM (network) # edit 1

Add new entry '1' for node 2090

FortiADC-VM (1) # set prefix 1.1.1.1/32

FortiADC-VM (1) # set area 0.0.0.0

FortiADC-VM (1) # end

 

FortiADC-VM (ospf) # get

router-id : 1.1.1.2

default-information-originate: disable

default-information-metric: -1

default-information-metric-type: 2

default-metric : 5

distance : 110

redistribute-connected: disable

redistribute-connected-metric: -1

redistribute-connected-metric-type: 2

redistribute-static : disable

redistribute-static-metric: -1

redistribute-static-metric-type: 2

== [ 1 ]

 

FortiADC-VM (ospf) # show

config router ospf

set router-id 1.1.1.2

set default-metric 5

config network

edit 1

set prefix 1.1.1.1/32

next

end

config ospf-interface

end

end

 

FortiADC2

 

FortiADC-VM # config router ospf

FortiADC-VM (ospf) # set router-id 1.1.1.3

FortiADC-VM (ospf) # config network

FortiADC-VM (network) # edit 1

Add new entry '1' for node 2090

FortiADC-VM (1) # set prefix 1.1.1.1/32

FortiADC-VM (1) # set area 0.0.0.0

FortiADC-VM (1) # end

 

FortiADC-VM (ospf) # get

router-id : 1.1.1.2

default-information-originate: disable

default-information-metric: -1

default-information-metric-type: 2

default-metric : 10

distance : 110

redistribute-connected: disable

redistribute-connected-metric: -1

redistribute-connected-metric-type: 2

redistribute-static : disable

redistribute-static-metric: -1

redistribute-static-metric-type: 2

== [ 1 ]

 

FortiADC-VM (ospf) # show

config router ospf

set router-id 1.1.1.2

config network

edit 1

set prefix 1.1.1.1/32

next

end

config ospf-interface

end

end

See Also