Network Security Notes: Secure Your Network Routing with Suppressing Route Advertisements
Network Security Notes: Secure Your Network Routing with Suppressing Route Advertisements
In network configuration, especially with router configuration, I'm sure that you are familiar with the word route advertisements. To make other network node can learn from your network, you have to advertise your network route by using any suitable network routing protocol. Otherwise,for security reason, you should be aware of which interface of your router should be configured with allowing route update being sent.
To prevent other routers on a network from learning about routes dynamically, you can prevent routing update messages from being sent out a router interface. To accomplish this, use the passive−interface <interface> routing process configuration command. This command can be used on all IP−based routing protocols except for the Exterior Gateway Protocol (EGP) and Border Gateway Protocol (BGP). When an interface is configured to be in a passive state, the router disables the passing of routing protocol advertisements out of the interface; however, the interface still listens and accepts any route advertisement that is received into the interface. Configuring this on a router essentially makes the router a silent host over the interfaces that were specified. To configure an interface as passive, use the passive−interface <interface> command under routing protocol configuration mode; this command is all that is needed to make an interface no longer advertise networks.
Here is an example of configuring an interface as passive:
interface FastEthernet0/1
ip address 10.10.10.1 255.255.255.0
!
interface Serial0/1
ip address 192.168.100.2 255.255.255.252
!
router eigrp 100
passive−interface FastEthernet0/1
passive−interface Serial0/1
!
How Does the Passive Interface Feature Work in EIGRP?
With the passive-interface command, you can use it to control the advertisement of routing information. The command enables the suppression of routing updates over some interfaces while it allows updates to be exchanged normally over other interfaces.
With most routing protocols, the passive-interface command restricts outgoing advertisements only. But, when used with Enhanced Interior Gateway Routing Protocol (EIGRP), the effect is slightly different. The use of the passive-interface command in EIGRP suppresses the exchange of hello packets between two routers, which results in the loss of their neighbor relationship. This stops not only routing updates from being advertised, but it also suppresses incoming routing updates in your network.
Other sites you may want to see:
WWE: http://visa-wwe.blogspot.com/
The Kingdom of Wonder: http://welcome2cambodia.blogspot.com/
Daily Blogging: http://visablogging.blogspot.com/
Love Sharing: http://visa-love.blogspot.com/
NetworkSecurity: http://networksecuritynotes.blogspot.com/
About Insurance:http://visa-insurance.blogspot.com
All about Love: http://visa-love.blogspot.com/
Learning English Online: http://visa-elb.blogspot.com/
Discovery Internet: http://visa-isp.blogspot.com/
0 comments:
Post a Comment