staff aaa. radius is not an isp aaa option radius tacacs+ kerberos
TRANSCRIPT
![Page 1: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/1.jpg)
Staff AAA
![Page 2: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/2.jpg)
Radius is not an ISP AAA Option
![Page 3: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/3.jpg)
RADIUS TACACS+ Kerberos
![Page 4: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/4.jpg)
What to Configure?
![Page 5: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/5.jpg)
Simple Staff Authentication and Failsafe
![Page 6: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/6.jpg)
Simple Staff Authentication and Failsafe
![Page 7: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/7.jpg)
Simple Staff Authentication and Failsafe
![Page 8: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/8.jpg)
Staff Authentication
![Page 9: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/9.jpg)
Staff Accountability & Audit
![Page 10: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/10.jpg)
Checkpoint with Authentication and Accounting
![Page 11: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/11.jpg)
Limit Authority – Authorize Commands
![Page 12: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/12.jpg)
Set Privileges
![Page 13: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/13.jpg)
Checkpoint with default Authorization
![Page 14: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/14.jpg)
Note on Privilege Levels and Authorization
![Page 15: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/15.jpg)
One Time Password – Checking the ID
![Page 16: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/16.jpg)
What is One Time Password
![Page 17: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/17.jpg)
DoS the AAA Infrastructure
![Page 18: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/18.jpg)
How to protect the AAA Servers?
![Page 19: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/19.jpg)
Source Routing
![Page 20: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/20.jpg)
ICMP Unreachable Overload
![Page 21: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/21.jpg)
ICMP Unreachable Overload
![Page 22: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/22.jpg)
ICMP Unreachable Overload
![Page 23: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/23.jpg)
ICMP Unreachable Rate-Limiting
![Page 24: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/24.jpg)
Tip: scheduler allocate
![Page 25: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/25.jpg)
Introducing a New Router tothe Network
![Page 26: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/26.jpg)
Introducing a New Router tothe Network
![Page 27: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/27.jpg)
Secure Template Sources
![Page 28: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/28.jpg)
Input Hold Queue
![Page 29: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/29.jpg)
Input Hold Queue
![Page 30: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/30.jpg)
Input Hold Queue
![Page 31: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/31.jpg)
What Ports Are open on the Router?
![Page 32: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/32.jpg)
What Ports Are open on the Router?
![Page 33: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/33.jpg)
What Ports Are open on the Router?
![Page 34: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/34.jpg)
Receive ACL - Overview
![Page 35: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/35.jpg)
Receive Adjacencies
![Page 36: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/36.jpg)
Receive ACL Command
![Page 37: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/37.jpg)
Receive ACL
![Page 38: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/38.jpg)
Receive Path ACL
![Page 39: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/39.jpg)
Packet Flow
![Page 40: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/40.jpg)
Receive ACL – Traffic Flow
![Page 41: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/41.jpg)
rACL Processing
![Page 42: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/42.jpg)
rACL – Required Entries
![Page 43: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/43.jpg)
rACL – Required Entries
![Page 44: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/44.jpg)
rACL – Building Your ACL
![Page 45: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/45.jpg)
Filtering Fragments
![Page 46: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/46.jpg)
rACL – Iterative Deployment
![Page 47: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/47.jpg)
Classification ACL Example
![Page 48: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/48.jpg)
rACL – Iterative Deployment
![Page 49: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/49.jpg)
rACL – Iterative Deployment
![Page 50: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/50.jpg)
rACL – Iterative Deployment
![Page 51: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/51.jpg)
rACL – Sample Entries
![Page 52: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/52.jpg)
rACL – Sample Entries
![Page 53: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/53.jpg)
rACL – Sample Entries
![Page 54: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/54.jpg)
Use Detailed Logging
![Page 55: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/55.jpg)
Core Dumps
![Page 56: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/56.jpg)
Core Dumps
![Page 57: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/57.jpg)
Routing Protocol Security Why to Prefix Filter and Overview? (Threats) How to Prefix Filter? Where to Prefix Filter? Prefix Filter on Customers Egress Filter to Peers Ingress Filter from Peers Protocol Authentication (MD5) BGP BCPs that help add Resistance
![Page 58: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/58.jpg)
Routing Protocol Security
![Page 59: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/59.jpg)
Malicious Route InjectionPerceive Threat
![Page 60: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/60.jpg)
Malicious Route InjectionReality – an Example
![Page 61: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/61.jpg)
Garbage in – Garbage Out: What is it?
![Page 62: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/62.jpg)
Garbage in – Garbage Out: Results
![Page 63: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/63.jpg)
Garbage in – Garbage Out: Impact
![Page 64: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/64.jpg)
Garbage in – Garbage Out: What to do?
![Page 65: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/65.jpg)
Malicious Route InjectionAttack Methods
![Page 66: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/66.jpg)
Malicious Route InjectionImpact
![Page 67: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/67.jpg)
What is a prefix hijack?
![Page 68: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/68.jpg)
Malicious Route InjectionWhat can ISPs Do?
![Page 69: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/69.jpg)
Malicious Route InjectionWhat can ISPs Do?
![Page 70: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/70.jpg)
Malicious Route InjectionWhat can ISPs Do?
![Page 71: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/71.jpg)
What can ISPs Do?Containment Egress Prefix Filters
![Page 72: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/72.jpg)
What can ISPs Do?Containment Egress Prefix Filters
![Page 73: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/73.jpg)
What can ISPs Do?Containment Egress Prefix Filters
![Page 74: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/74.jpg)
Malicious Route InjectionWhat can ISPs Do?
![Page 75: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/75.jpg)
How to Prefix Filter?Ingress and Egress Route Filtering
![Page 76: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/76.jpg)
Ingress and Egress Route Filtering
![Page 77: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/77.jpg)
Ingress and Egress Route Filtering
![Page 78: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/78.jpg)
Ingress and Egress Route Filtering
![Page 79: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/79.jpg)
Ingress and Egress Route Filtering
![Page 80: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/80.jpg)
Two Filtering Techniques
![Page 81: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/81.jpg)
Ideal Customer Ingress/Egress Route Filtering ….
![Page 82: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/82.jpg)
BGP Peering Fundamental
![Page 83: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/83.jpg)
Guarded Trust
![Page 84: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/84.jpg)
Where to Prefix Filter?
![Page 85: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/85.jpg)
Where to Prefix Filter?
![Page 86: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/86.jpg)
What to Prefix Filter? Documenting Special Use Addresses (DUSA) and Bo
gons
![Page 87: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/87.jpg)
Documenting Special Use Addresses (DUSA)
![Page 88: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/88.jpg)
Documenting Special Use Addresses (DUSA)
![Page 89: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/89.jpg)
Documenting Special Use Addresses (DUSA)
![Page 90: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/90.jpg)
Bogons
![Page 91: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/91.jpg)
Ingress Prefix Filter Template
![Page 92: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/92.jpg)
Ingress Prefix Filter Template
![Page 93: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/93.jpg)
Prefix Filters on Customers
![Page 94: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/94.jpg)
BGP with Customer Infers Multihoming
![Page 95: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/95.jpg)
Receiving Customer Prefixes
![Page 96: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/96.jpg)
Receiving Customer Prefixes
![Page 97: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/97.jpg)
Excuses – Why providers are not prefix filtering customers.
![Page 98: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/98.jpg)
What if you do not filter your customer?
![Page 99: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/99.jpg)
What if you do not filter your customer?
![Page 100: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/100.jpg)
Prefixes to Peers
![Page 101: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/101.jpg)
Prefixes to Peers
![Page 102: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/102.jpg)
Egress Filter to ISP Peers - Issues
![Page 103: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/103.jpg)
Policy Questions
![Page 104: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/104.jpg)
Ingress Prefix Filtering fromPeers
![Page 105: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/105.jpg)
Ingress Routes from Peers or Upstream
![Page 106: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/106.jpg)
Receiving Prefixes from Upstream & Peers (ideal case)
![Page 107: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/107.jpg)
Receiving Prefixes — Cisco IOS
![Page 108: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/108.jpg)
Net Police Route Filtering
![Page 109: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/109.jpg)
Net Police Route Filtering
![Page 110: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/110.jpg)
Net Police Filter Technique #1
![Page 111: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/111.jpg)
Technique #1 Net Police Prefix List
![Page 112: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/112.jpg)
Net Police Prefix List Deployment Issues
![Page 113: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/113.jpg)
Technique #2 Net Police Prefix List Alternative
![Page 114: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/114.jpg)
Technique #2 Net Police Prefix List Alternative
![Page 115: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/115.jpg)
Net Police Filter – Technique #3
![Page 116: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/116.jpg)
Technique #3 Net Police Prefix List
![Page 117: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/117.jpg)
Net Police Filter – Technique #3
![Page 118: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/118.jpg)
Bottom Line
![Page 119: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/119.jpg)
Secure RoutingRoute Authentication
![Page 120: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/120.jpg)
Plain-text neighbor authentication
![Page 121: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/121.jpg)
MD-5 Neighbor Authentication: Originating Router
![Page 122: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/122.jpg)
MD-5 Neighbor Authentication: Originating Router
![Page 123: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/123.jpg)
Peer Authentication
![Page 124: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/124.jpg)
Peer Authentication
![Page 125: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/125.jpg)
OSPF Peer Authentication
![Page 126: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/126.jpg)
OSPF and ISIS Authentication Example
![Page 127: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/127.jpg)
BGP Peer Authentication
![Page 128: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/128.jpg)
BGP Peer Authentication
![Page 129: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/129.jpg)
BGP MD5’s Problem
![Page 130: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/130.jpg)
BGP BCPs That Help Build Security Resistance
![Page 131: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/131.jpg)
BGP Maximum Prefix Tracking
![Page 132: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/132.jpg)
BGP Maximum Prefix Tracking
![Page 133: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/133.jpg)
BGP Maximum Prefix Tracking
![Page 134: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/134.jpg)
Avoid Default Routes
![Page 135: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/135.jpg)
Network with Default Route – Pointing to Upstream A
![Page 136: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/136.jpg)
Network with Default Route – But not Pointing to Upstream
![Page 137: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/137.jpg)
Network with No Default Route
![Page 138: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/138.jpg)
Default Route and ISP Security - Guidance
![Page 139: Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos](https://reader035.vdocuments.us/reader035/viewer/2022062217/56649ed85503460f94be6844/html5/thumbnails/139.jpg)
Default to a Sink-Hole Router/Network