Skip to main content

OSPF Passive Interface

Image
By Edgar C Francis Internetworks

We have configured OSPF on Router_1, Router_2, and 2 more routers in OSPF area 0. Router_1 is connected to network 10.1.1.1/8 which has some computers connected to a switch. We want Router_1 should advertise the 10.1.1.1/8 network to all the routers in area 0.
But there is one problem once we configure the network command on router_1 to advertise 10.1.1.1/8 in OSPF area 0. Router_1 will immediately send OSPF hello packets to the switch. Well, this is not a good thing because we do not have routers there on that network and second there is danger security risk. Why there is a security risk?  What if someone on the computer starts an application that replies to OSPF hello packets and obviously router_1 will try to become neighbors? The hacker could advertise fake routes using that technique.
We do not want that to happen in our network to prevent that from happening, we use the passive interface. The OSPF passive-interface command tells the OSPF router not to send hello packets on passive interfaces.


Let's start our OSPF passive interface configuration_

Topology:-





















TASK

  • configure the topology as per the diagram
  • assign IP address to their interface 
  • configure OSPF 1 and advertise all the routes
  • configure passive interface serial 3/0 and serial 3/2 on router 5

R1(config)#Interface fastethernet 0/0
R1(config-if)#Ip address 10.1.1.1   255.0.0.0
R1(config-if)#No shutdown
R1(config-if)#No keepalive
R1(config-if)#Exit

R1(config)#Interface serial 3/0
R1(config-if)#Ip address  1.1.1.1 255.0.0.0
R1(config-if)#No shutdown
R1(config-if)#Exit

R2(config)#Interface fastethernet 0/0
R2(config-if)#Ip address 20.1.1.1   255.0.0.0
R2(config-if)#No shutdown
R2(config-if)#No keepalive
R2(config-if)#Exit

R2(config)#Interface serial 3/1
R2(config-if)#Ip address  2.2.2.1  255.0.0.0
R2(config-if)#No shutdown
R2(config-if)#Exit


R3(config)#Interface fastethernet 0/0
R3(config-if)#Ip address 30.1.1.1   255.0.0.0
R3(config-if)#No shutdown
R3(config-if)#No keepalive
R3(config-if)#Exit

R3(config)#Interface serial 3/1
R3(config-if)#Ip address  3.3.3.1  255.0.0.0
R3(config-if)#No shutdown
R3(config-if)#Exit


R4(config)#Interface fastethernet 0/0
R4(config-if)#Ip address 40.1.1.1   255.0.0.0
R4(config-if)#No shutdown
R4(config-if)#No keepalive
R4(config-if)#Exit

R4(config)#Interface serial 3/1
R4(config-if)#Ip address  4.4.4.1  255.0.0.0
R4(config-if)#No shutdown
R4(config-if)#Exit


R5(config)#Interface fastethernet 0/0
R5(config-if)#Ip address 50.1.1.1   255.0.0.0
R5(config-if)#No shutdown
R5(config-if)#No keepalive
R5(config-if)#Exit

R5(config)#Interface serial 3/0
R5(config-if)#Ip address  1.1.1.2  255.0.0.0
R5(config-if)#No shutdown
R5(config-if)#Exit

R5(config)#Interface serial 3/1
R5(config-if)#Ip address  2.2.2.2 255.0.0.0
R5(config-if)#No shutdown
R5(config-if)#Exit

R5(config)#Interface serial 3/2
R5(config-if)#Ip address  3.3.3.2 255.0.0.0
R5(config-if)#No shutdown
R5(config-if)#Exit

R5(config)#Interface serial 3/3
R5(config-if)#Ip address  4.4.4.2 255.0.0.0
R5(config-if)#No shutdown
R5(config-if)#Exit


R1#show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol
FastEthernet0/0        10.1.1.1        YES manual up                    up
Serial3/0                    1.1.1.1         YES manual up                    up



R2#show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol
FastEthernet0/0        20.1.1.1        YES manual up                    up
Serial3/1                    2.2.2.1         YES manual up                    up


R3#show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol
FastEthernet0/0        30.1.1.1        YES manual up                    up
Serial3/2                    3.3.3.1         YES manual up                    up


R4#show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol
FastEthernet0/0        40.1.1.1        YES manual up                    up
Serial3/3                    4.4.4.1         YES manual up                    up

R5#show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol
FastEthernet0/0        50.1.1.1        YES manual up                    up
Serial3/0                    1.1.1.2         YES manual up                    up
Serial3/1                    2.2.2.2         YES manual up                    up
Serial3/2                    3.3.3.2         YES manual up                    up
Serial3/3                   4.4.4.2         YES manual up                    up


R1(config)#router ospf 1
R1(config-router)#network 1.0.0.0 0.255.255.255 area 0
R1(config-router)#network 10.0.0.0 0.255.255.255 area 0
R1(config-router)#end

 *Dec  4 23:52:33.531: %OSPF-5-ADJCHG: Process 1, Nbr 50.1.1.1 on Serial3/0 from LOADING to FULL, Loading Done

R2(config)#router ospf 1
R2(config-router)#network 2.0.0.0 0.255.255.255 area 0
R2(config-router)#network 20.0.0.0 0.255.255.255 area 0
R2(config-router)#end

*Dec  4 23:52:39.231: %OSPF-5-ADJCHG: Process 1, Nbr 50.1.1.1 on Serial3/1 from LOADING to FULL, Loading Done

R3(config)#router ospf 1
R3(config-router)#network 3.0.0.0 0.255.255.255 area 0
R3(config-router)#network 30.0.0.0 0.255.255.255 area 0
R3(config-router)#end

*Dec  4 23:52:45.555: %OSPF-5-ADJCHG: Process 1, Nbr 50.1.1.1 on Serial3/2 from LOADING to FULL, Loading Done

R4(config)#router ospf 1
R4(config-router)#network 4.0.0.0 0.255.255.255 area 0
R4(config-router)#network 40.0.0.0 0.255.255.255 area 0
R4(config-router)#end

*Dec  4 23:52:52.575: %OSPF-5-ADJCHG: Process 1, Nbr 50.1.1.1 on Serial3/3 from LOADING to FULL, Loading Done

R5(config)#router ospf 1
R5(config-router)#network 50.0.0.0 0.255.255.255 area 0
R5(config-router)#network 1.0.0.0 0.255.255.255 area 0
R5(config-router)#network 1.0.0.0 0.255.255.255 area 0
R5(config-router)#network 2.0.0.0 0.255.255.255 area 0
R5(config-router)#network 3.0.0.0 0.255.255.255 area 0
R5(config-router)#network 4.0.0.0 0.255.255.255 area 0
R5(config-router)#end

*Dec  4 23:52:33.559: %OSPF-5-ADJCHG: Process 1, Nbr 10.1.1.1 on Serial3/0 from LOADING to FULL, Loading Done

*Dec  4 23:52:39.127: %OSPF-5-ADJCHG: Process 1, Nbr 20.1.1.1 on Serial3/1 from LOADING to FULL, Loading Done

*Dec  4 23:52:45.687: %OSPF-5-ADJCHG: Process 1, Nbr 30.1.1.1 on Serial3/2 from LOADING to FULL, Loading Done

*Dec  4 23:52:52.451: %OSPF-5-ADJCHG: Process 1, Nbr 40.1.1.1 on Serial3/3 from LOADING to FULL, Loading Done

R5#show ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface
40.1.1.1          0   FULL/  -        00:00:30    4.4.4.1         Serial3/3
30.1.1.1          0   FULL/  -        00:00:37    3.3.3.1         Serial3/2
20.1.1.1          0   FULL/  -        00:00:34    2.2.2.1         Serial3/1
10.1.1.1          0   FULL/  -        00:00:39    1.1.1.1         Serial3/0


R5#show ip route ospf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set

O     10.0.0.0/8 [110/65] via 1.1.1.1, 00:03:59, Serial3/0
O     20.0.0.0/8 [110/65] via 2.2.2.1, 00:03:59, Serial3/1
O     30.0.0.0/8 [110/65] via 3.3.3.1, 00:03:49, Serial3/2
O     40.0.0.0/8 [110/65] via 4.4.4.1, 00:03:39, Serial3/3



R5(config)#router ospf 1
R5(config-router)#passive-interface serial 3/0
R5(config-router)#passive-interface serial 3/2
R5(config-router)#end

*Dec  4 23:58:19.571: %OSPF-5-ADJCHG: Process 1, Nbr 10.1.1.1 on Serial3/0 from FULL to DOWN, Neighbor Down: Interface down or detached

*Dec  4 23:58:24.351: %OSPF-5-ADJCHG: Process 1, Nbr 30.1.1.1 on Serial3/2 from FULL to DOWN, Neighbor Down: Interface down or detached

R5#show ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface
40.1.1.1          0   FULL/  -        00:00:39    4.4.4.1         Serial3/3
20.1.1.1          0   FULL/  -        00:00:33    2.2.2.1         Serial3/1

R5#show ip route ospf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set

O     20.0.0.0/8 [110/65] via 2.2.2.1, 00:06:58, Serial3/1
O     40.0.0.0/8 [110/65] via 4.4.4.1, 00:06:38, Serial3/3

Labels:

Comments

Post a Comment

Popular posts from this blog

What is Classification and marking? What is IP Precedence and DSCP Values? What is AF and EF?

By Edgar C Francis Internetworks
  Classification and Marking Classification and marking are the processes of identifying the priority of each packet. This is the first step of QOS control and should be done near the source hosts. Classification is the process of identifying and categorising traffic into classes, typically based upon incoming interface IP precedence, DSCP Source or Destination address. Application classification is the most fundamental QOS building block. Without classification, all packets are treated the same.   The table lists the criteria of classification                                  Marking  Marking is the QOS feature component that colours a packet so it can be identified and distinguished from other packets in QOS treatment. Commonly used markers: link-layer: COS (ISL, 802.1q), MPLS EXP bits,...
Post a Comment
Read more

OSPF Tunnels Vs Virtual-links

By Edgar C Francis Internetworks
OSPF VIRTUAL LINKS  An Open Shortest Path First (OSPF) autonomous system has all areas physically connected to the backbone area (Area 0). In some cases, if this is not possible, we can use a virtual link to connect to the backbone (Area 0) through a non-backbone area. We can also use the virtual links to connect two parts of a partitioned backbone (Area 0) through a non-backbone area. The area through which we configure the virtual link, known as a transit area, must have full routing information. Remember, the transit area cannot be a stub area. Virtual link must be configuring both sides with the same area ID and the corresponding virtual link OSPF neighbor router ID. Show IP OSPF neighbors command give you the router ID information. OSPF Transit Area from Tunnel When configuring OSPF with tunnel interfaces as transit areas, there are several important considerations to ensure proper routing functionality. Here's what you need to know: Key Concepts Transit Area : In OS...
Post a Comment
Read more

What is of NBAR (network- based application recognition),classification QOS How to configure NBAR?

By Edgar C Francis Internetworks
 When we implement Quality of Service (QoS ) the first step is classification, by default our router does not care about what kind of IP packets it is. Our router just looks at the routing table to find the correct destination IP address and forwards. When we configure QoS technologies like queuing, policing, or shaping before doing first we have to identify what kind of traffic is running on our routers so we can figure out what kind of application it belongs to. This is classification. What is Quality of Service (QOS)? What is Modular Quality of service CLI (MQC)? What is Classification and marking? What are IP Precedence and DSCP Values? What is AF and EF?     Once we identify our traffic (classify). Now we can mark and apply QoS policy to it. There are a few methods on IOS routers for classification: Header inspection It is a simple classification method and it works really good but has some disadvantages. Let’s say we configure our router all th...
Post a Comment
Read more