The “Foundation Summary” provides a convenient review of many key concepts in this
chapter. If you are already comfortable with the topics in this chapter, this summary can help
you recall a few details. If you just read this chapter, this review should help solidify some
key facts. If you are doing your final preparation before the exam, this summary provides a
convenient way to review the day before the exam.
The Security Appliance needs to support some basic routing and switching functionality. This
functionality falls into the following three areas:
■ Ethernet VLAN tagging
■ IP routing
■ Multicast routing
To support traffic from multiple VLANs, the Security Appliance supports 802.1Q tagging
and the configuration of multiple logical interfaces on a single physical interface. For each
logical interface that you establish, you must configure the following parameters:
■ Interface name
■ Security level
■ IP address
For IP routing, the Security Appliance supports both static and dynamic routes. Using the
route command, you can configure static routing information on the Security Appliance. The
Security Appliance also supports dynamic updates from the following two routing protocols:
■ RIP
■ OSPF
With RIP, the Security Appliance can only receive RIP routing updates. It does not support
the capability to propagate those updates to other devices. It can, however, advertise one of
its interfaces as a default route.
Using OSPF, the Security Appliance can actually propagate route information and actively
participate in the OSPF routing protocol. Some of the OSPF functionality supported by the
Security Appliance includes the following:
■ Support for intra-area, interarea, and external routes
■ Support for virtual links
■ Authentication for OSPF packets
■ The capability to configure the Security Appliance as a DR, ABR, and limited ASBR
■ ABR Type 3 LSA filtering
■ Route redistribution
Configuring OSPF on your Security Appliance requires you to perform the following steps:
Step 1 Enable OSPF.
Step 2 Define the Security Appliance interfaces that need to run OSPF.
Step 3 Define OSPF areas.
Step 4 Configure LSA filtering to protect private addresses.
You enable OSPF using the router ospf command. The network command enables you to
define which IP addresses fall into which areas, and which interfaces use OSPF. The prefixlist
and area commands enable you to filter Type 3 LSAs to prevent the Security Appliance
from advertising information about private networks. If you configure your Security
Appliance as an ASBR OSPF router, then using multiple OSPF processes enables you to
perform address filtering.
Finally, you can configure the Security Appliance to operate as a Stub Multicast Router
(SMR). This enables you to support various applications such as remote learning and video
conferencing. The multicast transmission source can be either inside or outside the Security
Appliance. Some of the important multicast configuration commands include the following:
■ multicast interface
■ igmp forward
■ igmp join-group
■ igmp access-group
■ igmp version
■ igmp query-interval
■ igmp query-max-response-time