[rbak-nsp] Validating RADIUS routes???
David Freedman
david.freedman at uk.clara.net
Fri Oct 15 05:56:59 EDT 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Matthew S. Crocker wrote:
>
> I have a SE-400 running Redback Networks SmartEdge OS Version SEOS-5.0.3.1-Release
>
> I just had a tech screw up a RADIUS entry, when the subscriber connected the SE-400 happily routed 0.0.0.0 to the PPPoE session. Is there a way I can put some sanity checks in the SE-400 config to it doesn't happily insert stupid routes into the routing table?
>
> -Matt
>
>
Yes, when you are injecting sub information into your routing protocols,
apply a route-map :)
e.g
context foonet
!
router bgp 1234
address-family ipv4 unicast
redistribute subscriber route-map SANITY-MAP
!
route-map SANITY-MAP permit 10
match ip address prefix-list SANITY-LIST
!
ip prefix-list SANITY-LIST
description Used to check subscriber routes are sane
seq 10 deny 0.0.0.0/0
seq 20 permit 0.0.0.0/0 le 32
!
A better list would permit more specifics from your own netblocks only,
for example
!
ip prefix-list SANITY-LIST
description Used to check subscriber routes are sane, only permit our
netblocks
seq 10 permit 192.0.2.0/24 le 32
!
- --
David Freedman
Group Network Engineering
david.freedman at uk.clara.net
Tel +44 (0) 20 7685 8000
Claranet Group
21 Southampton Row
London - WC1B 5HA - UK
http://www.claranet.com
Company Registration: 3152737 - Place of registration: England
All the information contained within this electronic message from
Claranet Ltd is covered by the disclaimer at
http://www.claranet.co.uk/disclaimer
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAky4JWsACgkQtFWeqpgEZrLyYwCggHX3OGjIDUt1Wa6FrMYg4JX3
/pwAniWfs/qAbqpmq0bTKXT5YniUWbmV
=IMJz
-----END PGP SIGNATURE-----
More information about the redback-nsp
mailing list