Cisco: Deny false information routing injection into OSPF domain

In a well controlled environment, false information routing should not reach your OSPF domain, as network engineer take care what to advertise and what not into OSPF. But there are cases when you have to deal with 3rd party companies somehow, and you want to be sure that nothing in injected by mistake into your domain. Also this can be a task for CCIE RS lab exam.

And since I specified that this can be an exam task, let take some “DO NOT USE” rule and we have to accomplish the task above without using the command “ip ospf authentication message-digest”. Download the used topology here. R1 from the topology is pre-configured. The OSPF timers have been reconfigured to hello 1 second and dead interval 5 seconds, not to wait “forever” until it rebuilds the adjacency.

Please see the tutorial below:

How to force Loopack interface to be advertised with a /24 netmask

Many of you already know that usually when you advertise a Loopback interface into OSPF it is advertised with /32 netmask (one IP address) even if the IP address under Loopback interface is with a /24 netmask. If you checked my previous post, you’ll see at the end that I’m right, and the Lo0 address is advertised with /32 netmask.

But what if you have to advertised as a /24 subnet (task require or some testing) ? There is “dirty little trick” to do it. I will use the same topology and design like in the post before. If you do no have the topology please download it here.

Watch the movie: