eBGP peering with a Fortigate 100D

The other day I get to configure a Fortigate 100D via CLI to peer via a Cisco device. Now the requirements are on certain LAN interfaces on the Forti, they are not making full use of the /24 instead they broke it up to /28.

So 3 interfaces on the LAN that would need to advertise 155.1.20-40.0/24 as /24 subnets but are only assigning /28s on the interface itself. Doing this on a Fortigate is not a simple of going into the GUI and clicking your way through it. You’d need to gain CLI access to the device either via its portal or ssh.

From the CLI I would have to aggregate the prefixes into /24 and enable summary only to not advertise the more specific routes.

 

config router bgp
set as 12345
set router-id 155.1.10.2
config aggregate-address
edit 1
set prefix 155.1.20.0 255.255.255.0
set summary-only enable
next
edit 2
set prefix 155.1.30.0 255.255.255.0
set summary-only enable
next
edit 3
set prefix 155.1.40.0 255.255.255.0
set summary-only enable
next
end
config neighbor
edit “155.1.10.2”
set remote-as 12346
set send-community6 disable
next
end

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s