index_97
UNCLASSIFIED
Implementing Security on Cisco Routers
Version 1.0g
UNCLASSIFIED
97
.
interface ethernet0
ip address 14.1.15.250 255.255.0.0
!
interface ethernet1
ip address 14.2.13.150 255.255.0.0
!
interface ethernet2
ip address 14.3.90.50 255.255.0.0
!
router ospf 1
network 14.1.0.0 0.0.255.255 area 0
network 14.2.0.0 0.0.255.255 area 0
.
.
This command functions slightly differently on RIP. When used on RIP, this
command stops routing updates from being sent out on an interface, but routing
updates will still be received and processed. This command is especially important
when using RIP version 1, because that version only uses major network numbers. In
Figure 4-3, enabling RIP on Central will cause RIP broadcasts to be sent out of
interfaces ethernet0/0 and ethernet0/1. The reason for this is that both
interfaces appear to have the same Class A internet address, i.e. 14.x.x.x. Thus,
although ethernet0/0 is part of an OSPF network, RIP broadcasts will be sent
through that interface. The example below illustrates how to remedy that problem.
Central# config t
Enter configuration commands, one per line. End with CNTL/Z.
Central(config)# router rip
Central(config-router)# passive-interface ethernet0/0
Central(config-router)# end
Central#
The syntax for using this command on OSPF is nearly identical. The example below
illustrates that, however, since OSPF is not enabled on the interface to the RIP
network, this step is unnecessary. Therefore, the following example is for illustration
purposes only.
Central# config t
Enter configuration commands, one per line. End with CNTL/Z.
Central(config)# router ospf 1
Central(config-router)# passive-interface ethernet0/1
Central(config-router)# end
Central#
Using filters to block routing updates
The distribute-list command is used to apply access lists on routing
protocols. This command has two primary functions. To suppress networks from
being advertised in updates, the distribute-list out command is used. To
filter networks received in updates, the distribute-list in command is used.
Each command behaves differently with respect to the routing protocol used.