In a well controlled environment, false information routing should not reach your OSPF domain, as network engineer take care what to advertise and what not into OSPF. But there are cases when you have to deal with 3rd party companies somehow, and you want to be sure that nothing in injected by mistake into your domain. Also this can be a task for CCIE RS lab exam.

And since I specified that this can be an exam task, let take some “DO NOT USE” rule and we have to accomplish the task above without using the command “ip ospf authentication message-digest”. Download the used topology here. R1 from the topology is pre-configured. The OSPF timers have been reconfigured to hello 1 second and dead interval 5 seconds, not to wait “forever” until it rebuilds the adjacency.

Please see the tutorial below:

Cisco: Deny false information routing injection into OSPF domain
Tagged on:                         

3 thoughts on “Cisco: Deny false information routing injection into OSPF domain

  • November 28, 2008 at 12:38
    Permalink

    Good tutorial! Good site!

    Reply
  • December 17, 2008 at 11:31
    Permalink

    Thanks “anonymous”. Maybe next time you will let your name here to be able to say “hi” when I’ll see you again :)

    Reply
  • February 9, 2009 at 16:49
    Permalink

    Nice security feature described here!

    Reply

Leave a Reply

%d bloggers like this: