116
Syntax
ttl-security
[
hops
hop-count
]
undo ttl-security
Default
OSPF GTSM is disabled for an OSPF area.
Views
OSPF area view
Predefined user roles
network-admin
Parameters
hops hop-count
: Specifies the hop limit for checking OSPF packets, in the range of 1 to 254. The
default hop limit is 1 for packets from common neighbors, and is 255 for packets from virtual link
neighbors.
Usage guidelines
After you enable GTSM in area view, GTSM checks OSPF packets from common neighbors and
virtual link neighbors.
GTSM protects the device by comparing the TTL value in the IP header of incoming OSPF packets
against a valid TTL range. If the TTL value is within the valid TTL range, the packet is accepted. If not,
the packet is discarded.
The valid TTL range is from 255 – the configured hop count
+ 1 to 255.
When GTSM is configured, the OSPF packets sent by the device have a TTL of 255. To use GTSM,
you must configure GTSM on both the local and peer devices. You can specify different
hop-count
values for them.
The GTSM configuration in OSPF area view applies to all OSPF interfaces in the area. The GTSM
configuration in interface view takes precedence over the configuration in OSPF area view.
As a best practice, set the hop limit if a virtual link exists in an area. You can enable GTSM for the
interfaces on the virtual link. If you do not know the interfaces on the virtual link, enable GTSM in
area view to prevent packet loss.
Examples
# Enable OSPF GTSM for OSPF area 1.
<Sysname> system-view
[Sysname] ospf 100
[Sysname-ospf-100] area 1
[Sysname-ospf-100-area-0.0.0.1] ttl-security
Related commands
ospf ttl-security
vlink-peer (OSPF area view)
Use
vlink-peer
to configure a virtual link.
Use
undo vlink-peer
to remove a virtual link.
Содержание SOHO IE4300
Страница 114: ...ii tftp client ipv6 source 41 tftp client source 41 tftp ipv6 42 tftp server acl 44 tftp server ipv6 acl 44...
Страница 285: ...i Contents Tcl commands 1 cli 1 tclquit 1 tclsh 2...
Страница 288: ...i Contents Python commands 1 exit 1 python 1 python filename 2...
Страница 291: ...i Contents Automatic configuration commands 1 autodeploy udisk enable 1...
Страница 323: ...25 Sysname Ten GigabitEthernet1 0 51 undo shutdown Related commands irf port...
Страница 396: ...i Contents Bulk interface configuration commands 1 display interface range 1 interface range 1 interface range name 3...
Страница 460: ...i Contents Port isolation commands 1 display port isolate group 1 port isolate enable 2 port isolate group 2...
Страница 465: ...ii stp vlan enable 55 vlan mapping modulo 55...
Страница 589: ...60 Examples Enable LLDP for automatic IP phone discovery Sysname system view Sysname voice vlan track lldp...
Страница 602: ...12 Related commands display mvrp statistics...
Страница 609: ...i Contents VLAN mapping commands 1 display vlan mapping 1 vlan mapping 2...
Страница 678: ...9 Related commands reset pppoe relay statistics...
Страница 846: ...i Contents Basic IP forwarding commands 1 display fib 1 ip forwarding table save 2...
Страница 1073: ...i Contents HTTP redirect commands 1 http redirect https port 1 http redirect ssl server policy 1...
Страница 1087: ...Documentation feedback You can e mail your comments about product documentation to info h3c com We appreciate your comments...
Страница 1340: ...9 Sysname ipv6 route static default preference 120 Related commands display ipv6 routing table protocol...
Страница 1649: ...Documentation feedback You can e mail your comments about product documentation to info h3c com We appreciate your comments...
Страница 1668: ...Documentation feedback You can e mail your comments about product documentation to info h3c com We appreciate your comments...
Страница 1770: ...i Contents Time range commands 1 display time range 1 time range 1...
Страница 2026: ...34 Related commands display mac authentication...
Страница 2028: ...ii...
Страница 2143: ...i Contents User profile commands 1 display user profile 1 user profile 2...
Страница 2308: ...61 ipsec transform set...
Страница 2473: ...i Contents TCP attack prevention commands 1 tcp anti naptha enable 1 tcp check state interval 1 tcp state 2...
Страница 2531: ...i Contents SAVI commands 1 ipv6 savi down delay 1 ipv6 savi log enable 1 ipv6 savi strict 2...
Страница 2534: ...3 Sysname ipv6 savi strict Related commands ipv6 verify source...
Страница 2541: ...i Contents Crypto engine commands 1 display crypto engine 1 display crypto engine statistics 1 reset crypto engine statistics 3...
Страница 2545: ...i Contents FIPS commands 1 display crypto version 1 display fips status 1 fips mode enable 2 fips self test 4...
Страница 2791: ...14 Sysname track 1 Related commands delay display track...
Страница 2939: ...9 sntp authentication keyid sntp reliable authentication keyid...
Страница 2967: ...27 Related commands apply poe profile poe enable poe max power interface view poe priority...
Страница 3240: ...Documentation feedback You can e mail your comments about product documentation to info h3c com We appreciate your comments...
Страница 3263: ...Documentation feedback You can e mail your comments about product documentation to info h3c com We appreciate your comments...