116
Syntax
ttl-security
[
hops
hop-count
]
undo ttl-security
Default
OSPF GTSM is disabled for an OSPF area.
Views
OSPF area view
Predefined user roles
network-admin
Parameters
hops hop-count
: Specifies the hop limit for checking OSPF packets, in the range of 1 to 254. The
default hop limit is 1 for packets from common neighbors, and is 255 for packets from virtual link
neighbors.
Usage guidelines
After you enable GTSM in area view, GTSM checks OSPF packets from common neighbors and
virtual link neighbors.
GTSM protects the device by comparing the TTL value in the IP header of incoming OSPF packets
against a valid TTL range. If the TTL value is within the valid TTL range, the packet is accepted. If not,
the packet is discarded.
The valid TTL range is from 255 – the configured hop count
+ 1 to 255.
When GTSM is configured, the OSPF packets sent by the device have a TTL of 255. To use GTSM,
you must configure GTSM on both the local and peer devices. You can specify different
hop-count
values for them.
The GTSM configuration in OSPF area view applies to all OSPF interfaces in the area. The GTSM
configuration in interface view takes precedence over the configuration in OSPF area view.
As a best practice, set the hop limit if a virtual link exists in an area. You can enable GTSM for the
interfaces on the virtual link. If you do not know the interfaces on the virtual link, enable GTSM in
area view to prevent packet loss.
Examples
# Enable OSPF GTSM for OSPF area 1.
<Sysname> system-view
[Sysname] ospf 100
[Sysname-ospf-100] area 1
[Sysname-ospf-100-area-0.0.0.1] ttl-security
Related commands
ospf ttl-security
vlink-peer (OSPF area view)
Use
vlink-peer
to configure a virtual link.
Use
undo vlink-peer
to remove a virtual link.
Summary of Contents for SOHO IE4300
Page 285: ...i Contents Tcl commands 1 cli 1 tclquit 1 tclsh 2...
Page 288: ...i Contents Python commands 1 exit 1 python 1 python filename 2...
Page 291: ...i Contents Automatic configuration commands 1 autodeploy udisk enable 1...
Page 323: ...25 Sysname Ten GigabitEthernet1 0 51 undo shutdown Related commands irf port...
Page 465: ...ii stp vlan enable 55 vlan mapping modulo 55...
Page 602: ...12 Related commands display mvrp statistics...
Page 609: ...i Contents VLAN mapping commands 1 display vlan mapping 1 vlan mapping 2...
Page 678: ...9 Related commands reset pppoe relay statistics...
Page 846: ...i Contents Basic IP forwarding commands 1 display fib 1 ip forwarding table save 2...
Page 1770: ...i Contents Time range commands 1 display time range 1 time range 1...
Page 2026: ...34 Related commands display mac authentication...
Page 2028: ...ii...
Page 2143: ...i Contents User profile commands 1 display user profile 1 user profile 2...
Page 2308: ...61 ipsec transform set...
Page 2531: ...i Contents SAVI commands 1 ipv6 savi down delay 1 ipv6 savi log enable 1 ipv6 savi strict 2...
Page 2534: ...3 Sysname ipv6 savi strict Related commands ipv6 verify source...
Page 2791: ...14 Sysname track 1 Related commands delay display track...
Page 2939: ...9 sntp authentication keyid sntp reliable authentication keyid...
Page 2967: ...27 Related commands apply poe profile poe enable poe max power interface view poe priority...