HostedDB - Dedicated UNIX Servers
index_97
UNCLASSIFIED Implementing Security on Cisco Routers  Version 1.0g  UNCLASSIFIED 97   . interface ethernet0   ip address 14.1.15.250 255.255.0.0 ! interface ethernet1   ip address 14.2.13.150 255.255.0.0 ! interface ethernet2   ip address 14.3.90.50 255.255.0.0 ! router ospf 1   network 14.1.0.0 0.0.255.255 area 0   network 14.2.0.0 0.0.255.255 area 0 . . This command functions slightly differently on RIP. When used on RIP, this command stops routing updates from being sent out on an interface, but routing updates will still be received and processed. This command is especially important when using RIP version 1, because that version only uses major network numbers. In Figure 4-3, enabling RIP on Central will cause RIP broadcasts to be sent out of interfaces ethernet0/0 and ethernet0/1. The reason for this is that both interfaces appear to have the same Class A internet address, i.e. 14.x.x.x. Thus, although ethernet0/0 is part of an OSPF network, RIP broadcasts will be sent through that interface. The example below illustrates how to remedy that problem. Central# config t Enter configuration commands, one per line.  End with CNTL/Z. Central(config)# router rip Central(config-router)# passive-interface ethernet0/0 Central(config-router)# end Central# The syntax for using this command on OSPF is nearly identical. The example below illustrates that, however, since OSPF is not enabled on the interface to the RIP network, this step is unnecessary. Therefore, the following example is for illustration purposes only. Central# config t Enter configuration commands, one per line.  End with CNTL/Z. Central(config)# router ospf 1 Central(config-router)# passive-interface ethernet0/1 Central(config-router)# end Central# Using filters to block routing updates The distribute-list command is used to apply access lists on routing protocols. This command has two primary functions. To suppress networks from being advertised in updates, the distribute-list out command is used. To filter networks received in updates, the distribute-list in command is used. Each command behaves differently with respect to the routing protocol used.