On Mon, Jul 11, 2011 at 02:54:32PM -0400, Josh Luthman wrote: > DUH! > > The one with problems was in the wrong subnet. It had no way to talk > to the other three routers without routing. Noticed the problem when > I typed the IP to winbox it instead of using the Dude GUI =/ > > I'm going to stick with 0.0.0.0/0 for networks as it is default and > works for me, unless there are suggestions otherwise for manually > specifying the networks I'm looking for. Any input would be much > appreciated!
I have a /20 of space I use for infrastructure. I keep customer gear out of those subnets. I define the /20 in the OSPF networks. It helps prevent me from running OSPF on customer facing interfaces. Having the /20 lets me keep that part of the OSPF config the same on all of my routers. I specify the "all" interface as passive. Then interfaces which are supposed to speak to OSPF neighbors get created as non-passive, with MD5 authentication. Wireless links are anything but OSPF broadcast networks, point-to-point is preferred. Ethernet on the same LAN is the only thing that gets defined as broadcast. On the MikroTiks, my default input rules also block traffic to the MikroTik for routing protocols from not infrastructure/20 and external BGP peers. I had an issue many years ago with a *dial-up* customer injecting OSPF into my network. It took a while to figure out why a half dozen customers were unable to access a particular banking site. The customer had no idea they were running OSPF. I was new enough I didn't realize I was running OSPF on the PPP interfaces. Now I am rabid about protecting my network from unwanted route injection. -- Scott Lambert KC5MLE Unix SysAdmin lamb...@lambertfam.org Good grief, people, trim unnecessary text from your replies once in a while! It only takes a second. _______________________________________________ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS