97
Filtering LSAs for the specified neighbor
On an P2MP network, a router might have multiple OSPF neighbors with the P2MP type. Perform
this task to prevent the router from sending LSAs to the specified neighbor.
To filter LSAs for the specified neighbor:
1. Enter system view.
system-view
N/A
2. Enter OSPF view.
ospf
[
process-id |
router-id
router-id
|
vpn-instance
vpn-instance-name ]
*
N/A
3. Filter LSAs for the
specified neighbor.
database-filter peer
ip-address {
all
| {
ase
[
acl
ipv4-acl-number ] |
nssa
[
acl
ipv4-acl-number ] |
summary
[
acl
ipv4-acl-number ] } * }
By default, the LSAs for the specified
neighbor are not filtered.
Configuring GTSM for OSPF
The Generalized TTL Security Mechanism (GTSM) protects the device by comparing the TTL value
in the IP header of incoming OSPF packets against a valid TTL range. If the TTL value is within the
valid TTL range, the packet is accepted. If not, the packet is discarded.
The valid TTL range is from 255 – the configured hop count + 1 to 255.
When GTSM is configured, the OSPF packets sent by the device have a TTL of 255.
GTSM checks OSPF packets from common neighbors and virtual link neighbors. It does not check
OSPF packets from sham link neighbors. For information about GTSM for OSPF sham links, see
MPLS Configuration Guide.
You can configure GTSM in OSPF area view or interface view.
• The configuration in OSPF area view applies to all OSPF interfaces in the area.
• The configuration in interface view takes precedence over OSPF area view.
ou must configure GTSM on both the local and peer devices. You can specify
different hop-count values for them.
To configure GTSM in OSPF area view:
1. Enter system view.
system-view
N/A
2. Enter OSPF view.
ospf
[
process-id |
router-id
router-id |
vpn-instance
vpn-instance-name ] *
N/A
3. Enter OSPF area view.
area
area-id
N/A
4. Enable GTSM for the OSPF
area.
ttl-security
[
hops
hop-count ]
By default, GTSM is disabled for
the OSPF area.
To configure GTSM in interface view:
To Next Page
Loading...
Need help?
General