Support Center > Search Results > SecureKnowledge Details
How to Configure OSPF on a IP Series Appliance
Solution

Configuring OSPF

 

1. Complete configuring an Ethernet Interface for the interface.

 

2. Assign an IP address to the interface.

 

3. Click on the home page.

 

4. Click the OSPF link in the Routing Configuration section.

 

5. (Optional) This step is encouraged so the id is not tied to an address. Enter the router ID in the Router ID edit box.

 

6. (Optional) If you have new OSPF areas to enter:

 


a. Enter the new OSPF area name in the Add New OSPF Area edit box, then click "Apply".


 

Repeat this step for each new area. Area 0.0.0.0 is already defined as the backbone area.

 

7. (Optional) If some of the defined areas are stub areas:

 


a. Click the "Yes" radio button for the Stub Area for each area, and then click.


b. Enter the cost for the default route to originate into the stub area in the Cost for default stub area route edit box.


c. Click "Apply".


 

This is not an option for the backbone area.

 

8. (Optional) If some of the stub areas are totally stubby areas:

 


a. Click the "Yes" radio button in the Totally Stubby Area field for each stub area.


b. Click "Apply".


 

This disallows the stub area entry point from advertising inter-area routes and summaries.

 

9. (Optional) For each summary you want to define:

 


a. Enter the network prefix summary in the Add new address range: prefix edit box, enter the length of the subnet mask (in bits) in the Mask Length edit box.


b. Click "Apply".


 

This is useful for decreasing the number of prefixes advertised into the backbone.

 

10. (Optional) For each summary you do not want to define, click the "Off" radio button in the Restrict section where the network prefix summary is defined

 

11. Click .

 

12. (Optional) To add a new stub network:

 


a. Enter the prefix in the Add new stub network: Prefix box.


b. Enter the mask length in the Mask length edit box.


c. Click .


 

13. Assign the appropriate area to each interface.

 


a. Click the appropriate area in the drop-down window for each interface, then click . This completes configuring an interface with the default parameters.


 

14. (Optional) For each interface's configuration parameters you want to change:

 


a. Enter a new hello interval (in seconds) in the Hello Interval edit box, then click "Apply". The hello interval must be the same for all routers on the link for them to become adjacent.


b. Enter a new dead interval (in seconds) in the Dead Interval edit box, then click "Apply". The router dead interval must be the same for all routers on the link for them to become adjacent.


c. Enter a new cost metric in the OSPF Cost edit box for each interface, then click "Apply".


d. Enter a new designated router priority (0-255) in the Election Priority edit box, then click "Apply".


e. Click the "ON" radio button to make the interface operate in Passive mode, then click "Apply".


f. For simple authentication, select Simple with the pull-down menu labeled AuthType, then click Enter the password in the Password edit box, then click "Apply".


g. For MD5 authentication, select MD5 with the pull-down menu labeled AuthType, then click In the field add MD5 key enter the new MD5 key id (in the Key Id edit box) and MD5 password (in the MD5 Secret edit box), then click "Apply".


 

15. To make your changes permanent, click "Save".

 

To allow Firewall-1 to Pass OSPF Information do the following steps:

 

Create a workstation object of 224.0.0.5 and call it OSPF-ALL.MCAST.NET

 

Also, Create another workstation object of 224.0.0.6 and call it OSPF-DSIG.MCAST.NET. Create a group called allowed-ospf-sources that contains the hosts and networks that are allowed to originate OSPF queries.

 

Then create a rule as follows (no logging):

 

Source

Destination

Service

Action

Track

allowed-ospf-sources

firewalls

ospf-all.mcast.net

ospf-dsig.mcast.net

allowed-ospf-sources

firewalls

OSPF

Accept

None

 

You may also need to add the ospf-all and ospf-dsig objects to the anti-spoofing configuration for all interfaces.

Imported from Nokia support database
This solution is about products that are no longer supported and it will not be updated

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment