ospf valid-ttl-hops
Function
The ospf valid-ttl-hops command enables OSPF GTSM and set the TTL value to be checked.
The undo ospf valid-ttl-hops command disables OSPF GTSM.
By default, OSPF GTSM is disabled.
Parameters
| Parameter | Description | Value |
|---|---|---|
| hops | Specifies the TTL value to be checked. | The value is an integer that ranges from 1 to 255. The default value is 255. |
Usage Guidelines
Usage Scenario
In a network demanding higher security, you can enable GTSM to improve the security of the OSPF network. GTSM defends against attacks by checking the TTL value. If an attacker simulates OSPF unicast packets and keeps sending them to a wireless access controller, the wireless access controller receives the packets and directly sends them to the main control board for OSPF processing, without checking the validity of the packets. In this case, the wireless access controller is busy processing these packets, causing high usage of the CPU. GTSM protects the wireless access controllers and enhances the system security by checking whether the TTL value in the IP packet header is in a pre-defined range.
Precautions
- If a virtual link or sham link is configured, the actual TTL value and the configured TTL value must be the same. That means that the number of virtual links or sham links that pass through the wireless access controller is calculated. Otherwise, packets sent from neighbors of a virtual link or a sham link will be dropped.
