Example 6-10. Examples of Areawide OSPF Parameters
hostname(config)# router ospf 1
hostname(config-router)# area 1 default-cost 10
hostname(config-router)# area 1 stub
hostname(config-router)# area 1 stub no-summary
hostname(config-router)# area 0 range 10.1.1.0 255.255.255.0
hostname(config-router)# area 0 filter-list prefix mylist in
Securing OSPF
Securing OSPF networks will provide protection not only from malicious attacks, but also accidental
misconfigurations. The receptive nature of OSPF dictates that any router with coordinated configuration
parameters (network mask, hello interval, dead interval, and the like) can participate in a given OSPF network.
Because of this default behavior, any number of accidental factors (misconfigurations, lab machines, test
setups, and so on) have the potential to adversely affect routing in an OSPF environment. Authentication
provides password-based protection against unauthorized access to an area. The Security Appliance supports
OSPF authentication to secure route exchange between the devices. OSPF supports two types of authentication:
simple password (clear-text) and MD5 authentication mechanism. Security Appliance supports both.
Example 6-11 shows how to configure areawide OSPF authentication on the Security Appliance.
Pages:
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287