This is awesome! Something else to consider is the fact that the responder listens for Control messages on a fixed port assignment (UDP/1967). The Responder will close this port following the expiration of the IP SLA testing.
http://blog.ipexpert.com/2011/04/18/ip-sla-the-responder/ -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Mohammad Itani Sent: Wednesday, June 15, 2011 3:23 AM To: Abdel el Anazi Cc: [email protected] Subject: Re: [OSL | CCIE_RS] IP sla monitor responder Thanks Abdel. On Tue, Jun 14, 2011 at 4:18 PM, Abdel el Anazi <[email protected]> wrote: > > You could use a key-chain to secure your IP SLA with MD5 auth > > for example: > > On the receiver: > > C2951(config)#ip sla responder > C2951(config)#ip sla key-chain SLA-MD5 C2951(config)#ip sla key-chain > SLA-MD5 C2951(config)#key chain SLA-MD5 > C2951(config-keychain-key)#key-string test > > On the sender: > > C2951(config)#ip sla 1 > C2951(config)#udp-echo 1.1.1.1 5000 > C2951(config)#ip sla sch 1 start-time now C2951(config)#ip sla > key-chain SLA-MD5 C2951(config)#key chain SLA-MD5 > C2951(config-keychain-key)#key-string test > > On the other-hand if you relay need to have the port secure you can > use Control-Plan Policing but you need to allow protocol destined to > your router like BGP, OSPF, MPLS and some good ICMP stuff then allow > the ip sla sender with its port in bind this ALC to Policy-map and > then to CPP this approach need more work but its possible. > > Hope this answer your question. > > Regards, > > Abdel > > > 2011/6/14 Mohammad Itani <[email protected]> > >> Hi, >> >> If I configure *'ip sla monitor responder' *on a cisco router, how >> can I restrict the sources who can collect data from the router? >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, >> please visit www.ipexpert.com >> >> Are you a CCNP or CCIE and looking for a job? Check out >> www.PlatinumPlacement.com >> > > _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
