In a well controlled environment, false information routing should not reach your OSPF domain, as network engineer take care what to advertise and what not into OSPF. But there are cases when you have to deal with 3rd party companies somehow, and you want to be sure that nothing in injected by mistake into your domain. Also this can be a task for CCIE RS lab exam.
And since I specified that this can be an exam task, let take some “DO NOT USE” rule and we have to accomplish the task above without using the command “ip ospf authentication message-digest”. Download the used topology here. R1 from the topology is pre-configured. The OSPF timers have been reconfigured to hello 1 second and dead interval 5 seconds, not to wait “forever” until it rebuilds the adjacency.
Please see the tutorial below:
3 thoughts on “Cisco: Deny false information routing injection into OSPF domain”
Good tutorial! Good site!
Thanks “anonymous”. Maybe next time you will let your name here to be able to say “hi” when I’ll see you again :)
Nice security feature described here!