Popular Posts

Thursday, 8 September 2011

Network Security Notes: Configuring Route Filtering

This blog is created for network security review, study and understanding about network related issues only! The blog is mainly focus on Network Security Notes about Network, Network Security, Network Technology, Network Labs review related Cisco and Microsoft technology ,Network Threats, Types of Network Threats, Network Alerts, Enterprise Security Policy and Audits, Security Policy and Audits,Logical Security, Physical and Logical Security, Physical Security,Cisco Products Review, Microsoft Products review, Cisco Routers, Routers Security, Console Access, Telnet Access, Network Attack, Network Attack report, Network management, Anti-virus, Network Security with Anti-virus, and All About Network Security... Thanks for your visit!

As my previous post about Understanding Route Filtering, this post I would like to introduce for more details about the Route Filtering, but with the Route Filtering configuration.



Route filters work by regulating what networks a router will advertise out of an interface to another router or what networks a router will accept on an interface from another router. Route filtering can be used by administrators to manually assure that only certain routes are announced from a specific routing process or interface. This feature allows administrators to configure their routers to prevent
malicious routing attempts by intruders.

You can configure route filtering in one of two ways:

* Inbound route filtering: The router can be configured to permit or deny routes advertised by a neighbor from being installed to the routing process.

* Outbound route filtering: The route filter can be configure to permit or deny routes from being advertised from the local routing process, preventing neighboring routers from learning the routes.

I. Configuring Inbound Route Filters:

The steps for configuring inbound route filters are as follows:

1. Use the access list global configuration command to configure an access−list that permits or denies the specific routes that are being filtered.

2. Under the routing protocol process, use the following command:

distribute−list in [interface−name]


For Example: I want to configure inbound route filter on Router-B (Router-B is a name of my router). The following steps should be configured:

1. Create an access-list: Configure access-list by access-list command:

Router-B#config t
.......
Router-B(config)#access-list 120 permit ip 192.168.1.0 0.0.0.255 172.16.1.0 0.0.0.255

For this command of access-list:
- Access-list number is 120
- Permission: permit
- Source Network: 192.168.1.0/24
- Destination Network: 172.16.1.0/24

2. Configure command inbound route filter under a routing protocol:

Router-B(config)#router rip
Router-B(config-router)#network 192.168.1.0
Router-B(config-router)#network 172.16.1.0
Router-B(config-router)#distribute−list 120 in Serial 0/0

For the above command, I configure inbound route filter on Router-B:
- Protocol: RIP version 1
- Network: 192.168.1.0 and 172.16.1.0
- Access-list: applied access-list 120 as already configured on step 1
- Interface: Serial 0/0

After configure the two steps above, Router will allow/permit only inbound traffic from network 192.168.1.0/24 to destination network 172.16.1.0/24 via Interface Serial 0/0 of Router-B.

II. Configuring Outbound Route Filters:

The steps to configure outbound route filters are described here:

1. Use the access−list global configuration command to configure an access list that permits or denies the specific routes that are being filtered.

2. Under the routing protocol process, use the following command:

distribute−list out [interface−name| −
routing − process|autonomous−system−number]


For Example: I want to configure outbound route filter on Router-B (Router-B is a name of my router). The following steps should be configured:

1. Create an access-list: Configure access-list by access-list command:

Router-B#config t
.......
Router-B(config)#access-list 110 deny ip 192.168.10.0 0.0.0.255 172.16.10.0 0.0.0.255

For this command of access-list:
- Access-list number is 110
- Permission: deny
- Source Network: 192.168.10.0/24
- Destination Network: 172.16.10.0/24

2. Configure command Outbound route filter under a routing protocol:

Router-B(config)#router rip
Router-B(config-router)#network 192.168.10.0
Router-B(config-router)#network 172.16.10.0
Router-B(config-router)#distribute−list 120 out Serial 0/0

For the above command, I configure inbound route filter on Router-B:
- Protocol: RIP version 1
- Network: 192.168.10.0 and 172.16.10.0
- Access-list: applied access-list 110 as already configured on step 1
- Interface: Serial 0/0

After configure the two steps above, Router will deny only outbound traffic from network 192.168.10.0/24 to destination network 172.16.10.0/24 via Interface Serial 0/0 of Router-B.

Any questions or comments, please leave below...Thanks!

Other sites you may want to see:

WWE: http://visa-wwe.blogspot.com/
The Kingdom of Wonder: http://welcome2cambodia.blogspot.com/
Daily Blogging: http://visablogging.blogspot.com/
Love Sharing: http://visa-love.blogspot.com/
Network Security: http://networksecuritynotes.blogspot.com/
About Insurance:http://visa-insurance.blogspot.com
All about Love: http://visa-love.blogspot.com/
Learning English Online: http://visa-elb.blogspot.com/
Discovery Internet: http://visa-isp.blogspot.com/

Read more...

If you like this post, please subscribe below,thanks!

Enter your email address:

Delivered by FeedBurner

To Stay Up to date with Network Security, Please Subscribe!