OSPF & BGP redistribution

Categories Cisco

This is a WIP

Lab Objectives

  • Allow for OOB/IB mangement to every device over the 10.x.x.x
  • Do not allow any other network other than 10.x to reach 10.x
  • All management must be secure and encrypted.
  • R-1,R-2,R-3 will belong to domain pete.local
  • OSPF must use link authentication.
  • OSPF will be redistributed to BGP – BGP routes will be injected to OSPF.
  • EBGP must be secure.
  • Control plane will be kept seperate from any data traffic.
  • Access layer switches will be kept Layer-2.
  • hard-code all access switchports and trunk ports.

Why do we move away from vlan 1?
All control traffic is sent on VLAN 1. Therefore, when the native VLAN is changed to something other than VLAN 1, all control traffic is tagged on IEEE 802.1Q VLAN trunks (tagged with VLAN ID 1). A recommended security practice is to change the native VLAN to a different VLAN than VLAN 1. The native VLAN should also be distinct from all user VLANs. Ensure that the native VLAN for an 802.1Q trunk is the same on both ends of the trunk link.

1 Comment

  • как перевести деньги с blockchain
    02/25/2023
    Reply

    Reading your article helped me a lot and I agree with you. But I still have some doubts, can you clarify for me? I’ll keep an eye out for your answers.

Leave a Reply

Your email address will not be published.