Scenario:
After years of plumbing work you switched your career to become a network engineer. Besides being good at routing & switching you are very security-minded. One of your routers is connected to your brother’s network and you use BGP to exchange routing information. You want to make sure hackers are unable to spoof the BGP peering in any way.
Goal:
- All IP addresses have been preconfigured for you.
- Configure EBGP between router Mario and Luigi.
- Ensure router Bowser can’t spoof BGP packets by changing the TTL on router Mario for BGP.
IOS:
c3640-jk9s-mz.124-16.bin
Topology:
Video Solution:
Configuration Files
You need to register to download the GNS3 topology file. (Registration is free!)Once you are logged in you will find the configuration files right here.
Do you want your CCNA or CCNP Certificate?
The How to Master series helps you to understand complex topics like spanning-tree, VLANs, trunks, OSPF, EIGRP, BGP and more.
Written by René Molenaar - CCIE #41726
Hi Rene,
Could I ask you how to set the TTL security command if you have a different number of hops for the outbound and the inbound traffic?
Lets say you have 3 hops for the outbound and 18 for the inbound
Thanks in advance
good lab
found a reference on another site where a guy does “sh ip bgp neighbor | i TTL” to see bgp’s expected TTL.
thot that was kool.