Cisco: Deny false information routing injection into OSPF domain

In a well controlled environment, false information routing should not reach your OSPF domain, as network engineer take care what to advertise and what not into OSPF. But there are cases when you have to deal with 3rd party companies somehow, and you want to be sure that nothing in injected by mistake into your domain. Also this can be a task for CCIE RS lab exam.

And since I specified that this can be an exam task, let take some “DO NOT USE” rule and we have to accomplish the task above without using the command “ip ospf authentication message-digest”. Download the used topology here. R1 from the topology is pre-configured. The OSPF timers have been reconfigured to hello 1 second and dead interval 5 seconds, not to wait “forever” until it rebuilds the adjacency.

Please see the tutorial below:

Published by

Calin

Calin is a network engineer, with more than 20 years of experience in designing, installing, troubleshooting, and maintaining large enterprise WAN and LAN networks.

3 thoughts on “Cisco: Deny false information routing injection into OSPF domain”

Any opinion on this post? Please let me know:

This site uses Akismet to reduce spam. Learn how your comment data is processed.