Friday, January 1, 2010


1) RIP

a) neighbor - only unicast b) passive-interface (stop sending, still receiving) c) distribute-list - prefix -> deny first and then permit le 32 d) authentication (clear or MD5) - on IOS you need key-chain, on ASA you just provide password inline with the key_id (which must match)

2) OSPF v2

a) clear text or MD5 b) you can authenticate per interface or per area c)

3) OSPF v3

a) you can authenticate and encrypt (available on some IOS’)


a) only MD5 b) key_chain

5) BGP

a) authentication (tcp) MD5 available b) passing firewall you need to add policy: disable random sequence number and allow tcp option 19 (range 19 19) to pass
tcp-map BGP
  tcp-options range 19 19 allow
set connection random-sequence-number disable
set connection advanced-options BGP

No comments:

Post a Comment