From: Edwards, Andrew M (andrew.m.edwards@boeing.com)
Date: Thu May 05 2005 - 18:37:06 GMT-3
Interesting...
My inclination is towards passive default and neighbor commands. Either
RIP 1 or 2 will cause a switch to forward frames out all ports (e.g.
broadcast and multicast) not received. So, to prevent rogue hosts from
intercepting rip packets in general I would opt to unicast my updates.
I would think authentication would be a secondary concern.
But, knowing this lab... Do both!~
-----Original Message-----
From: Shaikh, Nasir [mailto:Nasir.Shaikh@atosorigin.com]
Sent: Thursday, May 05, 2005 11:28 AM
To: ccie2be; Group Study
Subject: RE: Preventing rogue hosts from intercepting rip packets
Tim,
I believe the requirement is asking for authentication. So method 1 (I
guess you mean passive interface) does not suffice. I would go for
method 2
and if the requirements of the task allow then combine method 1 and 2
greetz
Nash
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
ccie2be
Sent: donderdag 5 mei 2005 16:00
To: Group Study
Subject: Preventing rogue hosts from intercepting rip packets
Hi guys,
To achieve the above requirement which method do you think is better?
If you think one method is better than another, do you also think the
less preferred method would be considered wrong in the lab?
Method 1
use default interface and neighbor combo or
Method 2
use authentication on the links involved or
Method 3
Use both Method 1 and Method 2
TIA, Tim
This archive was generated by hypermail 2.1.4 : Fri Jun 03 2005 - 10:11:56 GMT-3