RE: ISDN/OSPF Question

From: Gregory W. Posey Jr. (gposey@xxxxxxxxxxx)
Date: Thu Aug 16 2001 - 09:46:30 GMT-3

• Next message: Jay Chandradas: "RE: QOS question"
• Previous message: Davis, David: "OT: San Jose Lab Swap - September for October ?"
• Maybe in reply to: Brittan Walker: "ISDN/OSPF Question"
• Next in thread: Daniel C. Young: "RE: ISDN/OSPF Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
I've usually been successful with the following setup...

dialer-group 1 (under Interface BRI0)

dialer-list 1 protocol ip list 101

access-list 101 deny ospf any any
access-list 101 permit ip any any

(So to answer your question - yes I would add an access list to deny OSPF,
but not applied to an interface, rather apply it to the dialer list)

Also, with your current config, when you do a "show dialer", what is the
dial reason that shows up in the display? If it's IP to a destination of
224.0.0.5, then yeah the OSPF is keeping the line up (and the UP UP
(Spoofing) doesn't mean the interface is actually up - if I remember
correctly).

Thank you,
Greg Posey Jr.
CONECTS Network Analyst
CCIE #7981
CCDA/CCNP - Security Specialist
Cisco Voice Access Specialist
313-875-2088 ext. 347
www.conects.com

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Brittan Walker
Sent: Thursday, August 16, 2001 8:23 AM
To: ccielab@groupstudy.com
Subject: ISDN/OSPF Question

I was working in the lab last night on ISDN and OSPF.
I have included the following basic commands I was using.
I was trying to block all hellos and updates. My thought
process was based on the following URL:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/np1_c
/1cprt1/1cospf.htm#xtocid709123

http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/np1_c
/1cprt1/1cospf.htm#xtocid709128

When I would do a sh int, the BRI would be up, up (spoofing).
When I would do a debug ip ospf packets & events, I would
continue to see updates from networks on the other side of the
ISDN link. I also tried adding passive-interface bri0. CDP
is disabled in this case.

Based on the URL above, this should do it. The dialer-list
permits ip. Should I set up an access list to block OSPF
hellos and updates? Let me know what you think.

Brit

int bri0
ip ospf demand-circuit
ip ospf network non-broadcast
ip ospf database-filter all out

router ospf 100
neighbor 172.16.35.1 priority 0
area 5 nssa
**Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html

• Next message: Jay Chandradas: "RE: QOS question"
• Previous message: Davis, David: "OT: San Jose Lab Swap - September for October ?"
• Maybe in reply to: Brittan Walker: "ISDN/OSPF Question"
• Next in thread: Daniel C. Young: "RE: ISDN/OSPF Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:31:51 GMT-3