Manualshelf

Leaflet

ManualsBrandsCisco ManualsSwitchesCisco Catalyst 6509-NEB-A Switch
21222324252627282930
25
OL-11615-01
Open Shortest Path First (OSPF)
Routing Information Protocol (RIP) version 2
The configuration commands and steps to enable neighbor authentication vary depending on the routing
protocol. To find complete configuration information for specific routing protocols, refer to the Cisco
IOS IP Protocols Configuration Guide at the following URL:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide
_book09186a0080087fa9.html
The following example shows the configuration of OSPF MD5 neighbor authentication on an IOS router:
! OSPF MD5 authentication
interface Ethernet1
ip address 198.121.115.1 255.255.255.0
ip ospf message-digest-key 10 md5 oursharedsecret
!
router ospf 20
network 198.121.115.0 0.0.0.255 area 0
area 0 authentication message-digest
For more information about neighbor authentication in IOS, refer to the following URL:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur
_c/fothersf/scfroutr.htm
Route Filtering
Route filtering is another import tool for securing the routing infrastructure. Most routing protocols
allow the configuration of route filters that prevent specific routes from being propagated throughout the
network. In terms of security, these filters are useful because they help to ensure that only legitimate
networks are advertised, and that networks that are not supposed to be propagated are never advertised,
(networks falling within the private address space (RFC 1918)).
The configuration commands and procedures used for route filtering vary, depending on the routing
protocol. To find complete configuration information for specific routing protocols, refer to the Cisco
IOS IP Protocols Configuration Guide at the following URL:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide
_book09186a0080087fa9.html
This example shows the configuration of a route filter on BGP. This sample configuration enables Router
100 to deny an update for network 10.10.10.0/24 and permit the updates of networks 192.168.10.0/24
and 10.10.0.0/19 in its BGP table:
hostname Router 100
!
router bgp 100
neighbor 172.16.1.2 remote-as 200
neighbor 172.16.1.2 distribute-list 1 in
!
access-list 1 deny 10.10.10.0 0.0.0.255
access-list 1 permit any
For more information about route filtering, refer to the following URL:
http://www.cisco.com/en/US/netsol/ns340/ns394/ns171/ns128/networking_solutions_white
_paper09186a008020b51d.shtml