and allows for only one-hop neighbor adjacencies through the configuration of TTL value 255. The TTL value
in the IP header is set to 255 when OSPF packets are originated, and checked on the received OSPF packets
against the default GTSM TTL value 255 or the user configured GTSM TTL value, blocking unauthorized
OSPF packets originated from TTL hops away.
Configure Generalized TTL Security Mechanism (GTSM) for OSPF
This task explains how to set the security time-to-live mechanism on an interface for GTSM.
SUMMARY STEPS
1. configure
2. router ospf process-name
3. router-id { router-id }
4. log adjacency changes [ detail | disable ]
5. nsf { cisco [ enforce global ] | ietf [ helper disable ]}
6. timers throttle spf spf-start spf-hold spf-max-wait
7. area area-id
8. interface type interface-path-id
9. security ttl [ disable | hops hop-count ]
10. commit
11. show ospf [ process-name ] [ area-id ] interface [ type interface-path-id ]
DETAILED STEPS
Step 1 configure
Step 2 router ospf process-name
Example:
RP/0/RP0/CPU0:router(config)# router ospf 1
Enables OSPF routing for the specified routing process and places the router in router configuration mode.
The process-name argument is any alphanumeric string no longer than 40 characters.
Note
Step 3 router-id { router-id }
Example:
RP/0/RP0/CPU0:router(config-ospf)# router id 10.10.10.100
Configures a router ID for the OSPF process.
We recommend using a stable IPv4 address as the router ID.
Note
Step 4 log adjacency changes [ detail | disable ]
Example:
RP/0/RP0/CPU0:router(config-ospf-ar-if)# log adjacency changes detail
Routing Configuration Guide for Cisco NCS 5500 Series Routers, IOS XR Release 6.3.x
99
Implementing OSPF
Configure Generalized TTL Security Mechanism (GTSM) for OSPF
To Next Page
Loading...
