How to Configure OSPF within your LAN.

Over the past year I’ve become a big proponent of using Layer 3 (L3) routing protocols within large LAN networks. There are several benefits to using routing protocols at the LAN level but the driving force behind my support of L3 in the LAN is to mitigate Layer 2 (L2) security attacks. (For more information on L2 attacks see Sean Covery’s 2002 BlackHat presentation .pdf) There are a host of L2 attacks that build off the inherent insecurity of the ARP protocol and the ease of spoofing MAC addresses. Admittedly there are other ways to prevent most of these attacks but they are often cumbersome and require a good deal of administrative overhead (read man hours). Layer 3 routing within the LAN is not complex and if you are running a multi tier LAN you should consider implementing Layer 3 routing throughout.

One of the most common L3 protocols used within LANs is OSPF (RFC 2328) and Petri.co.il has a dead simple intro to OSPF. The article briefly covers the need-to-know info of OSPF as well as some of the benefits and features. The final portion covers the configuration commands to implement the protocol in Cisco IOS.

Router (config-if)# bandwidth XX
Router (config)# router ospf {process-ID#}
Router (config-router)# network {X.X.X.X} {Y.Y.Y.Y} area {z}

Obviously there is much more to OSPF than just these 3 commands but I’m hoping this lowers the barrier to entry and you might consider the benefits of using an L3 protocol within your LAN.

The Cisco Documentation for OSPF can be found here and the HP Procurve documentation can be found here (.pdf).

I’m planning on doing a much larger presentation concerning Network Design and Security Practices and you can bet L3 will be a large part of the recommendation. The other half? The nightmare of xTP protocols. Stay Tuned.

Leave a Reply