[c-nsp] Securing OSPFv3 on 6500/7600 Routers?
Devon True
devon at noved.org
Wed Jan 5 16:53:40 EST 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Pete,
> You could use inbound ACLs or CoPP policies that restrict inbound
> OSPF traffic from only the neighbors you know about.
We have CoPP deployed, but it is not that restrictive today (since our
v4 OSPF uses authentication).
> You could also move to unicast OSPF neighbor relationships to prevent
> any rogue OSPF speakers from peering.
Most of our setups use Ethernet with the "network point-to-point"
command since the routers are directly connected. Can you provide a link
about the unicast OSPF neighbor relationship/configuration? My searching
skills are failing me.
- --
Devon
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk0k6GQACgkQWP2WrBTHBS91YQCg6F+OaZJDW620C4i1PNP2M170
MXwAoJ0hABV9ZTqoEc1BRzEN833zos3+
=c4EK
-----END PGP SIGNATURE-----
More information about the cisco-nsp
mailing list