[c-nsp] Securing OSPFv3 on 6500/7600 Routers?
Pete Lumbis
alumbis at gmail.com
Wed Jan 5 16:28:20 EST 2011
Of course this doesn't prevent spoofing :(
On Wed, Jan 5, 2011 at 4:27 PM, Pete Lumbis <alumbis at gmail.com> wrote:
> You could use inbound ACLs or CoPP policies that restrict inbound OSPF
> traffic from only the neighbors you know about. You could also move to
> unicast OSPF neighbor relationships to prevent any rogue OSPF speakers
> from peering.
>
> On Wed, Jan 5, 2011 at 3:46 PM, Devon True <devon at noved.org> wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> All:
>>
>> Since OSPFv3 authentication is not supported on 6500/7600 series
>> routers, I am curious to know how people are securing their deployments.
>> We take the precautionary steps of "passive-interface default" and only
>> turning up OSPF on network segments we control, but are there additional
>> steps we could perform?
>>
>> - --
>> Devon
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v2.0.14 (MingW32)
>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>>
>> iEYEARECAAYFAk0k2MEACgkQWP2WrBTHBS+dYwCfechZg06zp3ReDkY7jsgDcIy7
>> ACQAoLaG6hEhrWzRHrf23BIwfsIJKdWq
>> =Sg41
>> -----END PGP SIGNATURE-----
>> _______________________________________________
>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>
More information about the cisco-nsp
mailing list