Skip to main content

OSPF Passive Interface

Image
By Edgar C Francis Internetworks

We have configured OSPF on Router_1, Router_2, and 2 more routers in OSPF area 0. Router_1 is connected to network 10.1.1.1/8 which has some computers connected to a switch. We want Router_1 should advertise the 10.1.1.1/8 network to all the routers in area 0.
But there is one problem once we configure the network command on router_1 to advertise 10.1.1.1/8 in OSPF area 0. Router_1 will immediately send OSPF hello packets to the switch. Well, this is not a good thing because we do not have routers there on that network and second there is danger security risk. Why there is a security risk?  What if someone on the computer starts an application that replies to OSPF hello packets and obviously router_1 will try to become neighbors? The hacker could advertise fake routes using that technique.
We do not want that to happen in our network to prevent that from happening, we use the passive interface. The OSPF passive-interface command tells the OSPF router not to send hello packets on passive interfaces.


Let's start our OSPF passive interface configuration_

Topology:-





















TASK

  • configure the topology as per the diagram
  • assign IP address to their interface 
  • configure OSPF 1 and advertise all the routes
  • configure passive interface serial 3/0 and serial 3/2 on router 5

R1(config)#Interface fastethernet 0/0
R1(config-if)#Ip address 10.1.1.1   255.0.0.0
R1(config-if)#No shutdown
R1(config-if)#No keepalive
R1(config-if)#Exit

R1(config)#Interface serial 3/0
R1(config-if)#Ip address  1.1.1.1 255.0.0.0
R1(config-if)#No shutdown
R1(config-if)#Exit

R2(config)#Interface fastethernet 0/0
R2(config-if)#Ip address 20.1.1.1   255.0.0.0
R2(config-if)#No shutdown
R2(config-if)#No keepalive
R2(config-if)#Exit

R2(config)#Interface serial 3/1
R2(config-if)#Ip address  2.2.2.1  255.0.0.0
R2(config-if)#No shutdown
R2(config-if)#Exit


R3(config)#Interface fastethernet 0/0
R3(config-if)#Ip address 30.1.1.1   255.0.0.0
R3(config-if)#No shutdown
R3(config-if)#No keepalive
R3(config-if)#Exit

R3(config)#Interface serial 3/1
R3(config-if)#Ip address  3.3.3.1  255.0.0.0
R3(config-if)#No shutdown
R3(config-if)#Exit


R4(config)#Interface fastethernet 0/0
R4(config-if)#Ip address 40.1.1.1   255.0.0.0
R4(config-if)#No shutdown
R4(config-if)#No keepalive
R4(config-if)#Exit

R4(config)#Interface serial 3/1
R4(config-if)#Ip address  4.4.4.1  255.0.0.0
R4(config-if)#No shutdown
R4(config-if)#Exit


R5(config)#Interface fastethernet 0/0
R5(config-if)#Ip address 50.1.1.1   255.0.0.0
R5(config-if)#No shutdown
R5(config-if)#No keepalive
R5(config-if)#Exit

R5(config)#Interface serial 3/0
R5(config-if)#Ip address  1.1.1.2  255.0.0.0
R5(config-if)#No shutdown
R5(config-if)#Exit

R5(config)#Interface serial 3/1
R5(config-if)#Ip address  2.2.2.2 255.0.0.0
R5(config-if)#No shutdown
R5(config-if)#Exit

R5(config)#Interface serial 3/2
R5(config-if)#Ip address  3.3.3.2 255.0.0.0
R5(config-if)#No shutdown
R5(config-if)#Exit

R5(config)#Interface serial 3/3
R5(config-if)#Ip address  4.4.4.2 255.0.0.0
R5(config-if)#No shutdown
R5(config-if)#Exit


R1#show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol
FastEthernet0/0        10.1.1.1        YES manual up                    up
Serial3/0                    1.1.1.1         YES manual up                    up



R2#show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol
FastEthernet0/0        20.1.1.1        YES manual up                    up
Serial3/1                    2.2.2.1         YES manual up                    up


R3#show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol
FastEthernet0/0        30.1.1.1        YES manual up                    up
Serial3/2                    3.3.3.1         YES manual up                    up


R4#show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol
FastEthernet0/0        40.1.1.1        YES manual up                    up
Serial3/3                    4.4.4.1         YES manual up                    up

R5#show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol
FastEthernet0/0        50.1.1.1        YES manual up                    up
Serial3/0                    1.1.1.2         YES manual up                    up
Serial3/1                    2.2.2.2         YES manual up                    up
Serial3/2                    3.3.3.2         YES manual up                    up
Serial3/3                   4.4.4.2         YES manual up                    up


R1(config)#router ospf 1
R1(config-router)#network 1.0.0.0 0.255.255.255 area 0
R1(config-router)#network 10.0.0.0 0.255.255.255 area 0
R1(config-router)#end

 *Dec  4 23:52:33.531: %OSPF-5-ADJCHG: Process 1, Nbr 50.1.1.1 on Serial3/0 from LOADING to FULL, Loading Done

R2(config)#router ospf 1
R2(config-router)#network 2.0.0.0 0.255.255.255 area 0
R2(config-router)#network 20.0.0.0 0.255.255.255 area 0
R2(config-router)#end

*Dec  4 23:52:39.231: %OSPF-5-ADJCHG: Process 1, Nbr 50.1.1.1 on Serial3/1 from LOADING to FULL, Loading Done

R3(config)#router ospf 1
R3(config-router)#network 3.0.0.0 0.255.255.255 area 0
R3(config-router)#network 30.0.0.0 0.255.255.255 area 0
R3(config-router)#end

*Dec  4 23:52:45.555: %OSPF-5-ADJCHG: Process 1, Nbr 50.1.1.1 on Serial3/2 from LOADING to FULL, Loading Done

R4(config)#router ospf 1
R4(config-router)#network 4.0.0.0 0.255.255.255 area 0
R4(config-router)#network 40.0.0.0 0.255.255.255 area 0
R4(config-router)#end

*Dec  4 23:52:52.575: %OSPF-5-ADJCHG: Process 1, Nbr 50.1.1.1 on Serial3/3 from LOADING to FULL, Loading Done

R5(config)#router ospf 1
R5(config-router)#network 50.0.0.0 0.255.255.255 area 0
R5(config-router)#network 1.0.0.0 0.255.255.255 area 0
R5(config-router)#network 1.0.0.0 0.255.255.255 area 0
R5(config-router)#network 2.0.0.0 0.255.255.255 area 0
R5(config-router)#network 3.0.0.0 0.255.255.255 area 0
R5(config-router)#network 4.0.0.0 0.255.255.255 area 0
R5(config-router)#end

*Dec  4 23:52:33.559: %OSPF-5-ADJCHG: Process 1, Nbr 10.1.1.1 on Serial3/0 from LOADING to FULL, Loading Done

*Dec  4 23:52:39.127: %OSPF-5-ADJCHG: Process 1, Nbr 20.1.1.1 on Serial3/1 from LOADING to FULL, Loading Done

*Dec  4 23:52:45.687: %OSPF-5-ADJCHG: Process 1, Nbr 30.1.1.1 on Serial3/2 from LOADING to FULL, Loading Done

*Dec  4 23:52:52.451: %OSPF-5-ADJCHG: Process 1, Nbr 40.1.1.1 on Serial3/3 from LOADING to FULL, Loading Done

R5#show ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface
40.1.1.1          0   FULL/  -        00:00:30    4.4.4.1         Serial3/3
30.1.1.1          0   FULL/  -        00:00:37    3.3.3.1         Serial3/2
20.1.1.1          0   FULL/  -        00:00:34    2.2.2.1         Serial3/1
10.1.1.1          0   FULL/  -        00:00:39    1.1.1.1         Serial3/0


R5#show ip route ospf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set

O     10.0.0.0/8 [110/65] via 1.1.1.1, 00:03:59, Serial3/0
O     20.0.0.0/8 [110/65] via 2.2.2.1, 00:03:59, Serial3/1
O     30.0.0.0/8 [110/65] via 3.3.3.1, 00:03:49, Serial3/2
O     40.0.0.0/8 [110/65] via 4.4.4.1, 00:03:39, Serial3/3



R5(config)#router ospf 1
R5(config-router)#passive-interface serial 3/0
R5(config-router)#passive-interface serial 3/2
R5(config-router)#end

*Dec  4 23:58:19.571: %OSPF-5-ADJCHG: Process 1, Nbr 10.1.1.1 on Serial3/0 from FULL to DOWN, Neighbor Down: Interface down or detached

*Dec  4 23:58:24.351: %OSPF-5-ADJCHG: Process 1, Nbr 30.1.1.1 on Serial3/2 from FULL to DOWN, Neighbor Down: Interface down or detached

R5#show ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface
40.1.1.1          0   FULL/  -        00:00:39    4.4.4.1         Serial3/3
20.1.1.1          0   FULL/  -        00:00:33    2.2.2.1         Serial3/1

R5#show ip route ospf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set

O     20.0.0.0/8 [110/65] via 2.2.2.1, 00:06:58, Serial3/1
O     40.0.0.0/8 [110/65] via 4.4.4.1, 00:06:38, Serial3/3

Labels:

Comments

Post a Comment

Popular posts from this blog

What is Classification and marking? What is IP Precedence and DSCP Values? What is AF and EF?

By Edgar C Francis Internetworks
  Classification and Marking Classification and marking are the processes of identifying the priority of each packet. This is the first step of QOS control and should be done near the source hosts. Classification is the process of identifying and categorising traffic into classes, typically based upon incoming interface IP precedence, DSCP Source or Destination address. Application classification is the most fundamental QOS building block. Without classification, all packets are treated the same.   The table lists the criteria of classification                                  Marking  Marking is the QOS feature component that colours a packet so it can be identified and distinguished from other packets in QOS treatment. Commonly used markers: link-layer: COS (ISL, 802.1q), MPLS EXP bits,...
Post a Comment
Read more

OSPF default routing

By Edgar C Francis Internetworks
  OSPF Default Route Configuring OSPF Default route is not a big problem. We have couple of options when we want to OSPF default route. Here is an example R1(config)#router ospf 1  R1(config-router)#default-information originate ?   always       Always advertise default route   metric       OSPF default metric   metric-type  OSPF metric type for default routes   route-map    Route-map reference   <cr> We can change numbers of things for example metric or metric type but most of the people forget about the most important thing is the always keyword.  If we add the always command this feature advertises the default route even if we do not have in our routing table. It will look like that route is installed in routing table.   When we use the default information originate we can advertise a default route in OSPF. But OSPF won’t...
Post a Comment
Read more

BGP Local preference configuration

By Edgar C Francis Internetworks
BGP Local preference (Local_Pref) Path attribute gives the router inside a single autonomous system a value that they can set per-route and advertise to all iBGP routers inside the autonomous system, so that all routers in the autonomous system agree about which routers is the best exit point for packet destined for that prefix. Local preference (Local_Pref) is the second BGP attribute. We can use the local preference to choose the outbound external BGP path. Local preference is sent to all internal BGP (iBGP) routers in our autonomous system. Local preference (Local_Pref) is not exchanged between external BGP routers. It’s a well-known and discretionary BGP attribute. Default value is 100. The path with the highest local preference is desirable  Topology:- TASK: To reach 50.1.1.1, 15.0.0.1 network router 2 and router 3 using 3.1.1.2 path ( AS 65144) because it has less numbers of au...
Post a Comment
Read more