EasyManuals Logo

Huawei S1720 Series Configuration Guide

Huawei S1720 Series
664 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #148 background imageLoading...
Page #148 background image
l Configuring IP addresses for interfaces to make neighboring nodes reachable
l Configuring Basic OSPF Functions
Data Preparation
To improve the security of an OSPF network, you need the following data.
4.11.2 Configuring the OSPF GTSM Functions
The GTSM defends against attacks by checking the TTL value.
Context
To apply GTSM functions, enable GTSM on the two ends of the OSPF connection.
The valid TTL range of the detected packets is [255 -hops + 1, 255].
GTSM checks the TTL value of only the packet that matches the GTSM policy. For the packets
that do not match the GTSM policy, you can set them as "pass" or "drop". If the GTSM default
action performed on the packet is set as "drop", you need to configure all the switch connections
for GTSM. If the packets sent from a switch do not match the GTSM policy, they are dropped.
The connection thus cannot be established. This ensures security but reduces the ease of use.
You can enable the log function to record the information that the packets are dropped. This is
convenient for fault location.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ospf valid-ttl-hops hops [ vpn-instance vpn-instance-name ]
OSPF GTSM functions are configured.
NOTE
The ospf valid-ttl-hops command has two functions:
l Enabling OSPF GTSM
l Configuring the TTL value to be detected
The parameter vpn-instance is valid only for the latter function.
Thus, if the private network policy or the public network policy is configured only, it is recommended to
set the default action performed on the packets that do not match the GTSM policy as pass. This prevents
the OSPF packets of other processes from being discarded incorrectly.
Step 3 (Optional) Run:
gtsm default-action { drop | pass }
The default action performed on the packets that do not match the GTSM policy is set.
By default, the packets that do not match the GTSM policy can pass the filtering.
S6700 Series Ethernet Switches
Configuration Guide - IP Routing 4 OSPF Configuration
Issue 01 (2012-03-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
129

Table of Contents

Other manuals for Huawei S1720 Series

Preview: Quick Start Guide
Quick Start Guide70 pages
Preview: Quick Installation Guide
Quick Installation Guide2 pages
Preview: Quick Maintenance Guide
Quick Maintenance Guide15 pages
Preview: Hardware Description
Hardware Description115 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Huawei S1720 Series and is the answer not in the manual?

Huawei S1720 Series Specifications

General IconGeneral
Operating Humidity5% to 95% (non-condensing)
Uplink Ports4 x GE combo ports
VLANs4094
Power SupplyAC 100-240V, 50/60Hz
Layer 2 FeaturesVLAN
Layer 3 FeaturesStatic routing
ManagementSNMP
Operating Temperature0°C to 45°C
Storage Temperature-40°C to +70°C
Dimensions (W x D x H)442 mm x 220 mm x 43.6 mm

Related product manuals