Filter
Top Products
SmartSwitch Router User Reference Manual 171
Chapter 11: Routing Policy Configuration Guide
Many protocols allow the specification of two authentication keys per interface. Packets
are always sent using the primary keys, but received packets are checked with both the
primary and secondary keys before being discarded.
Authentication Keys and Key Management
An authentication key permits the generation and verification of the authentication field
in protocol packets. In many situations, the same primary and secondary keys are used on
several interfaces of a router. To make key management easier, the concept of a key-chain
was introduced. Each key-chain has an identifier and can contain up to two keys. One key
is the primary key and other is the secondary key. Outgoing packets use the primary
authentication key, but incoming packets may match either the primary or secondary
authentication key. In Configure mode, instead of specifying the key for each interface
(which can be up to 16 characters long), you can specify a key-chain identifier.
The SSR supports MD5 specification of OSPF RFC 2178 which uses the MD5 algorithm
and an authentication key of up to 16 characters. Thus there are now three authentication
schemes available per interface: none, simple and RFC 2178 OSPF MD5 authentication. It
is possible to configure different authentication schemes on different interfaces.
RFC 2178 allows multiple MD5 keys per interface. Each key has two times associated with
the key:
• A time period that the key will be generated
• A time period that the key will be accepted
The SSR only allows one MD5 key per interface. Also, there are no options provided to
specify the time period during which the key would be generated and accepted; the
specified MD5 key is always generated and accepted. Both these limitations would be
removed in a future release.
Configuring Simple Routing Policies
Simple routing policies provide an efficient way for routing information to be exchanged
between routing protocols. The redistribute command can be used to redistribute routes
from one routing domain into another routing domain. Redistribution of routes between
routing domains is based on route policies. A route policy is a set of conditions based on
which routes are redistributed. While the redistribute command may fulfill the export
policy requirement for most users, complex export policies may require the use of the
commands listed under Export Policies.
The general syntax of the redistribute command is as follows:
ip-router policy redistribute from-proto <protocol> to-proto <protocol> [network <ipAddr-
mask> [exact|refines|between <low-high>]] [metric <number>|restrict] [source-as
<number>] [target-as <number>]