[c-nsp] Securing OSPFv3 on 6500/7600 Routers?
Pete Lumbis
alumbis at gmail.com
Wed Jan 5 16:27:53 EST 2011
You could use inbound ACLs or CoPP policies that restrict inbound OSPF
traffic from only the neighbors you know about. You could also move to
unicast OSPF neighbor relationships to prevent any rogue OSPF speakers
from peering.
On Wed, Jan 5, 2011 at 3:46 PM, Devon True <devon at noved.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> All:
>
> Since OSPFv3 authentication is not supported on 6500/7600 series
> routers, I am curious to know how people are securing their deployments.
> We take the precautionary steps of "passive-interface default" and only
> turning up OSPF on network segments we control, but are there additional
> steps we could perform?
>
> - --
> Devon
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.14 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAk0k2MEACgkQWP2WrBTHBS+dYwCfechZg06zp3ReDkY7jsgDcIy7
> ACQAoLaG6hEhrWzRHrf23BIwfsIJKdWq
> =Sg41
> -----END PGP SIGNATURE-----
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list