Passion.. more than

Configuring the DRP Server Agent

Perform the following tasks on a Cisco router in global configuration mode to configure the router as a DRP server agent:

Note   The router must support the DRP protocol, which is present in Cisco IOS versions 11.2(4)F and later.

The key chain is an encrypted password that helps prevent DRP-based denial-of-service attacks, which can be a security threat. The key chain, a string of characters without spaces, must match the key chain of the Directors it communicates with. If MD5 authentication is configured on a DRP server agent, the Director must be similarly configured to recognize messages from that MD5 authentication-configured DRP server agent, and any other DRP server agents configured for MD5 authentication.

Configuring additional DRP server agents for MD5 authentication is optional.

The following show ip drp output example indicates that all 30 requests were successfully looked up and replied to. If any requests had been denied due to MD5 authorization failing or because of access lists, then "failures" would report denied requests.

30 director requests, 30 successful lookups, 0 failures

Sample Configuration

This section shows a sample configuration, using the network arrangement in .

Figure 5-1 Sample Network Arrangement

For each router shown in , you would turn on the DRP server agent with the following global configuration command:

ip drp server

To set up security, you might enter the following global configuration commands on each router.

•To set up an access list, you would enter these global configuration commands:

access-list 1 permit 10.0.0.1 
access-list 1 deny any

•Then enter the following global configuration command to ensure that the router accepts DRP queries from the IP addresses associated with the access list only:

ip drp access-group 1

크리에이티브 커먼즈 라이센스

이 저작물은 크리에이티브 커먼즈 코리아 저작자표시-비영리-변경금지 2.0 대한민국 라이센스에 따라 이용하실 수 있습니다.