Configuring IP Services

Managing IP Connections

To configure and maintain the DRP Server Agent, perform the tasks described in the following sections. The task in the first section is required; the tasks in the remaining sections are optional.

Enabling the DRP Server Agent (Required)

Limiting the Source of DRP Queries (Optional)

Configuring Authentication of DRP Queries and Responses (Optional)

To monitor and maintain the DRP Server Agent, see the section “Monitoring and Maintaining the DRP Server Agent” later in this chapter.

For an example of configuring a DRP Server Agent, see the section “DRP Server Agent Example” at the end of this chapter.

Enabling the DRP Server Agent

The DRP Server Agent is disabled by default. To enable it, use the following command in global configuration mode:

Command

Purpose

 

 

Router(config)# ip drp server

Enables the DRP Server Agent.

 

 

Limiting the Source of DRP Queries

As a security measure, you can limit the source of valid DRP queries. If a standard IP access list is applied to the interface, the Server Agent will respond only to DRP queries originating from an IP address in the list. If no access list is configured, the Server Agent will answer all queries.

If both an access group and a key chain (described in the next section) have been configured, both security mechanisms must allow access before a request is processed.

To limit the source of valid DRP queries, use the following command in global configuration mode:

Command

Purpose

 

 

Router(config)# ip drp access-group

Controls the sources of valid DRP queries by applying a standard IP

access-list-number

access list.

 

 

Configuring Authentication of DRP Queries and Responses

Another available security measure is to configure the DRP Server Agent to authenticate DRP queries and responses. You define a key chain, identify the keys that belong to the key chain, and specify how long each key is valid. To do so, use the following commands beginning in global configuration mode:

 

Command

Purpose

Step 1

 

 

Router(config)# ip drp authentication key-chain

Identifies which key chain to use to authenticate all DRP

 

name-of-chain

requests and responses.

Step 2

 

 

Router(config)# key chain name-of-chain

Identifies a key chain (match the name configured in

 

 

Step 1).

Step 3

 

 

Router(config-keychain)# key number

In key-chain configuration mode, identifies the key number.

 

 

 

Cisco IOS IP Configuration Guide

IPC-86

Page 132
Image 132
Cisco Systems 78-11741-02 manual Enabling the DRP Server Agent, Limiting the Source of DRP Queries, IPC-86