From: Gustavo Novais (gustavo.novais@novabase.pt)
Date: Thu Dec 15 2005 - 15:49:39 GMT-3
Hello.
We have an Ethernet segment with R1, R3, R6 and BB3 on it.
R1,R3, R6 are speaking eigrp 10.
Task says : Do not allow BB3 to intercept EIGRP updates coming from any
of the eigrp speaking routers.
Do not use the neighbour command.
I can think of several ways of fulfilling the requirements, but all fail
in some small way, namely, because of the meaning of the word INTERCEPT.
Intercept can be thought as simply being able to listen to the packets,
at least I'm assuming so. If it is only not being able to establish
adjacency, then the task is trivial.
Authentication on R1,R3, R6 - If updates are authenticated, they are
still multicast - BB3 can still intercept the encrypted packets,
although is not (theoretically) capable to crack the key. This can be a
probable solution.
R1, R3, R6 have different k values from the default ones - It would
simply be a trial and error situation of trying to get the right values,
because the router complains always of mismatch k values. Although
avoiding adjacencies, the multicast packets are always there.
We can try to NAT multicast EIGRP packets into a unicast address, as
posted on a thread some time ago, but for RIP.
This seems to fulfil the requirement, since BB3 does not listen to them.
The problem is that each router has TWO neighbors. If I change EIGRP
multicast to unicast through NAT (I do not know if possible, but... ) I
will have to find a way to duplicate packets. Unless I NAT 224.0.0.10 to
something else also multicast.
Does anybody have any thoughts on task interpretation? Perhaps the
Brians, who wrote it?
I think I may be overcomplicating it...
TIA
Gustavo Novais
This archive was generated by hypermail 2.1.4 : Mon Jan 09 2006 - 07:07:51 GMT-3