Re: nmma and neighbor

From: Kruepke (lister@xxxxxxxxxxx)
Date: Sun Jun 25 2000 - 23:57:03 GMT-3

• Next message: ali Hussain: "PAP/CHAP Authentication"
• Previous message: Kruepke: "Re: Challenge Question"
• Maybe in reply to: zheng jiang gu: "nmma and neighbor"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
But...

This solution does not prevent a malicious user from neighboring with your OSPF
 routers. If you configure your routers to use NBMA as the network type for th
e Ethernet, and you configure neighbor statements, then they will operate fine.
  If another OSPF router comes up and tries to make neighbors as over a broadca
st network, then it will be unable to do so. But if a malicious individual con
figures the new router with neighbor statements for the other routers on the ne
twork, it will become adjacent with them, even though the other neighbors are n
ot configured with it as a neighbor.

So I think this solution works only if you are not doing it to prevent maliciou
s routing information from entering your OSPF network.

Keith

----- Original Message -----
From: "Earl Aboytes" <earl@linkline.com>
To: "zheng jiang gu" <zjgu@ce-air.com>; "ccielab" <ccielab@groupstudy.com>
Sent: Saturday, June 24, 2000 12:40 AM
Subject: RE: nmma and neighbor

If you have an Ethernet segment with three routers that are running ospf
they will automatically neighbor because the default ospf network type for
Ethernet is broadcast. The broadcast type will neighbor and elect a DR and
BDR automatically. The non-broadcast type does not neighbor automatically.
You will need to configure neighbor statements for all DR and BDR
candidates. It is important to set the priority to zero for those routers
that you do not want to configure neighbor statements for. This will insure
that they are not DR or BDR candidates. In other words, pick one to be the
DR and set everyone else as a priority zero (interface command ip ospf
priority 0). Place neighbor statements on the DR that point to the your
other routers. Since you must manually configure your neighbor statements
you will get what you wanted.

 You will not establish neighbors when another router attaches to the
segment and you are not using OSPF authentication.

To answer your question..yes!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Earl Aboytes
Senior Technical Conultant
GTE Managed Solutions
805-381-8817
earl.aboytes@telops.gte.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of zheng
jiang gu
Sent: Friday, June 23, 2000 1:09 AM
To: ccielab
Subject: nmma and neighbor

Someone ask me the question,I use NBMA and neighbor command
Do you think it's correct?

>

>
> > i have three router on ethernet segment runing OSPF and
> well,I not hope establish neighbor when other router attach the segment,
not
> use ospf authenticate
> Thanks
>

• Next message: ali Hussain: "PAP/CHAP Authentication"
• Previous message: Kruepke: "Re: Challenge Question"
• Maybe in reply to: zheng jiang gu: "nmma and neighbor"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:23:43 GMT-3