Skip to Main Content
Cisco IOS in a Nutshell, 2nd Edition
book

Cisco IOS in a Nutshell, 2nd Edition

by James Boney
August 2005
Intermediate to advanced content levelIntermediate to advanced
798 pages
31h 12m
English
O'Reilly Media, Inc.
Content preview from Cisco IOS in a Nutshell, 2nd Edition

Name

neighbor ttl-security — BGP

Synopsis

neighbor ip ttl-security hops hop-count
no neighbor ip ttl-security hops hop-count

Configures

Maximum TTL count for eBGP peers

Default

Disabled

Description

This command enables BGP TTL checking for neighbors. This command is only used on external BGP (eBGP) neighbors. It provides a simple security mechanism for protecting your eBGP routers from possible hijacking attempts. By enabling this feature, only packets with TTL counts that are equal to or higher than the given value are accepted as valid packets. (It is generally considered impossible to forge TTL counts without access to the source or destination network.) If the packet’s TTL value is less than this value, the router discards the packet without generating any ICMP messages. The idea is that we don’t want to generate any error messages that might be sent back to a possible hacker.

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

CISCO IOS in a Nutshell

CISCO IOS in a Nutshell

James Boney
Cisco IOS Cookbook, 2nd Edition

Cisco IOS Cookbook, 2nd Edition

Kevin Dooley, Ian Brown
Cisco Software-Defined Access

Cisco Software-Defined Access

Srilatha Vemula, Jason Gooley, Roddie Hasan

Publisher Resources

ISBN: 0596008694Errata