Use authentication!! Specify strict values like fixed bandwidth and delay settings on the interfaces might help. Set the K-values in the configuration (even if it is the default), making sure every device has the same.
Use the EIGRP rate-limiting feature (default 10% of the interface bandwidth). -- Regards, Rick Mur CCIE2 #21946 (R&S / Service Provider) Sr. Support Engineer – IPexpert, Inc. URL: http://www.IPexpert.com On 13 nov 2009, at 00:06, Christian Medina wrote: > All, > > How can you protect your EIGRP routing metric from a DoS attack? > > -Border Router (running BGP and EIGRP 72004-122-18.SXF10.bin > -Core Router (EIGRP) 6500-122-18.SXF10.bin > -Distribution (EIGRP) 6500-122-18.SXF10.bin > -Edge Router (EIGRP) 6500-22-18.SXF10.bin > > Example of the error: every router lost their neighbor > Nov 12 15:50:16.000 est: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10872: Neighbor > 129.X.X.X (GigabitEthernet2/15) is down: holding time expired > Nov 12 15:50:17.000 est: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10872: Neighbor > 129.X.X.X (GigabitEthernet2/15) is up: new adjacency > Nov 12 15:50:17.000 est: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10872: Neighbor > 129.X.X.X (GigabitEthernet2/15) is down: K-value mismatch > > -- > Christian Medina > Network Engineer > Brandeis University > 781-736-4960 > [email protected] > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
