0 Bewertungen0% fanden dieses Dokument nützlich (0 Abstimmungen)
72 Ansichten2 Seiten
The document discusses configuring routing protocols and access lists on a FortiGate router. It provides examples of how to view routing tables, configure OSPF interfaces and neighbors, and create access lists to filter routes using prefixes, wildcards, and exact matches. Specific examples are given for creating access lists that allow only exact matches of certain IP addresses and using a distribute list to filter OSPF routes based on an access list.
The document discusses configuring routing protocols and access lists on a FortiGate router. It provides examples of how to view routing tables, configure OSPF interfaces and neighbors, and create access lists to filter routes using prefixes, wildcards, and exact matches. Specific examples are given for creating access lists that allow only exact matches of certain IP addresses and using a distribute list to filter OSPF routes based on an access list.
The document discusses configuring routing protocols and access lists on a FortiGate router. It provides examples of how to view routing tables, configure OSPF interfaces and neighbors, and create access lists to filter routes using prefixes, wildcards, and exact matches. Specific examples are given for creating access lists that allow only exact matches of certain IP addresses and using a distribute list to filter OSPF routes based on an access list.
view the kernel routing table get router info kernel config router access-list, access-list6 edit <access_list_name> set comments config rule edit <access_list_id> 10.10.1.99 10.0.45.1 131.0.124.6 config router ospf config ospf-interface ( set network-type broadcast (tipo de interfaz) broadcast non-broadcast (para los q no esten conectados por ruteador) point-to-multipoint point-to-multipoint-non-broadcast point-to-point config router ospf config neighbor edit 1 set ip 192.168.21.63 end end set set set set set
action exact-match prefix prefix6 wildcard
For example, if you want to create an access list called
test_list that only allows an exact match of 10.10.10.10 and 11.11.11.11, enter the command: config router access-list edit test_list config rule edit 1 set prefix 10.10.10.10 255.255.255.255 set action allow set exact-match enable next edit 2 set prefix 11.11.11.11 255.255.255.255 set action allow set exact-match enable end end config router ospf config distribute-list edit 5 set access-list test_list
set protocol connected
end SCT-FG200D (access-list) # show config router access-list edit "no-ospf" config rule edit 1 set prefix 10.45.0.0 255.255.0.0 set exact-match enable next edit 2 set prefix 10.0.1.80 255.255.255.252 set exact-match enable next edit 3 set action deny set exact-match enable next end next end