DONATE


OSPF Passive Interface


We have configured OSPF on Router_1, Router_2, and 2 more routers in OSPF area 0. Router_1 is connected to network 10.1.1.1/8 which has some computers connected to a switch. We want Router_1 should advertise the 10.1.1.1/8 network to all the routers in area 0.
But there is one problem once we configure the network command on router_1 to advertise 10.1.1.1/8 in OSPF area 0. Router_1 will immediately send OSPF hello packets to the switch. Well, this is not a good thing because we do not have routers there on that network and second there is danger security risk. Why there is a security risk?  What if someone on the computer starts an application that replies to OSPF hello packets and obviously router_1 will try to become neighbors? The hacker could advertise fake routes using that technique.
We do not want that to happen in our network to prevent that from happening, we use the passive interface. The OSPF passive-interface command tells the OSPF router not to send hello packets on passive interfaces.


Let's start our OSPF passive interface configuration_

Topology:-





















TASK

  • configure the topology as per the diagram
  • assign IP address to their interface 
  • configure OSPF 1 and advertise all the routes
  • configure passive interface serial 3/0 and serial 3/2 on router 5

R1(config)#Interface fastethernet 0/0
R1(config-if)#Ip address 10.1.1.1   255.0.0.0
R1(config-if)#No shutdown
R1(config-if)#No keepalive
R1(config-if)#Exit

R1(config)#Interface serial 3/0
R1(config-if)#Ip address  1.1.1.1 255.0.0.0
R1(config-if)#No shutdown
R1(config-if)#Exit

R2(config)#Interface fastethernet 0/0
R2(config-if)#Ip address 20.1.1.1   255.0.0.0
R2(config-if)#No shutdown
R2(config-if)#No keepalive
R2(config-if)#Exit

R2(config)#Interface serial 3/1
R2(config-if)#Ip address  2.2.2.1  255.0.0.0
R2(config-if)#No shutdown
R2(config-if)#Exit


R3(config)#Interface fastethernet 0/0
R3(config-if)#Ip address 30.1.1.1   255.0.0.0
R3(config-if)#No shutdown
R3(config-if)#No keepalive
R3(config-if)#Exit

R3(config)#Interface serial 3/1
R3(config-if)#Ip address  3.3.3.1  255.0.0.0
R3(config-if)#No shutdown
R3(config-if)#Exit


R4(config)#Interface fastethernet 0/0
R4(config-if)#Ip address 40.1.1.1   255.0.0.0
R4(config-if)#No shutdown
R4(config-if)#No keepalive
R4(config-if)#Exit

R4(config)#Interface serial 3/1
R4(config-if)#Ip address  4.4.4.1  255.0.0.0
R4(config-if)#No shutdown
R4(config-if)#Exit


R5(config)#Interface fastethernet 0/0
R5(config-if)#Ip address 50.1.1.1   255.0.0.0
R5(config-if)#No shutdown
R5(config-if)#No keepalive
R5(config-if)#Exit

R5(config)#Interface serial 3/0
R5(config-if)#Ip address  1.1.1.2  255.0.0.0
R5(config-if)#No shutdown
R5(config-if)#Exit

R5(config)#Interface serial 3/1
R5(config-if)#Ip address  2.2.2.2 255.0.0.0
R5(config-if)#No shutdown
R5(config-if)#Exit

R5(config)#Interface serial 3/2
R5(config-if)#Ip address  3.3.3.2 255.0.0.0
R5(config-if)#No shutdown
R5(config-if)#Exit

R5(config)#Interface serial 3/3
R5(config-if)#Ip address  4.4.4.2 255.0.0.0
R5(config-if)#No shutdown
R5(config-if)#Exit


R1#show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol
FastEthernet0/0        10.1.1.1        YES manual up                    up
Serial3/0                    1.1.1.1         YES manual up                    up



R2#show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol
FastEthernet0/0        20.1.1.1        YES manual up                    up
Serial3/1                    2.2.2.1         YES manual up                    up


R3#show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol
FastEthernet0/0        30.1.1.1        YES manual up                    up
Serial3/2                    3.3.3.1         YES manual up                    up


R4#show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol
FastEthernet0/0        40.1.1.1        YES manual up                    up
Serial3/3                    4.4.4.1         YES manual up                    up

R5#show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol
FastEthernet0/0        50.1.1.1        YES manual up                    up
Serial3/0                    1.1.1.2         YES manual up                    up
Serial3/1                    2.2.2.2         YES manual up                    up
Serial3/2                    3.3.3.2         YES manual up                    up
Serial3/3                   4.4.4.2         YES manual up                    up


R1(config)#router ospf 1
R1(config-router)#network 1.0.0.0 0.255.255.255 area 0
R1(config-router)#network 10.0.0.0 0.255.255.255 area 0
R1(config-router)#end

 *Dec  4 23:52:33.531: %OSPF-5-ADJCHG: Process 1, Nbr 50.1.1.1 on Serial3/0 from LOADING to FULL, Loading Done

R2(config)#router ospf 1
R2(config-router)#network 2.0.0.0 0.255.255.255 area 0
R2(config-router)#network 20.0.0.0 0.255.255.255 area 0
R2(config-router)#end

*Dec  4 23:52:39.231: %OSPF-5-ADJCHG: Process 1, Nbr 50.1.1.1 on Serial3/1 from LOADING to FULL, Loading Done

R3(config)#router ospf 1
R3(config-router)#network 3.0.0.0 0.255.255.255 area 0
R3(config-router)#network 30.0.0.0 0.255.255.255 area 0
R3(config-router)#end

*Dec  4 23:52:45.555: %OSPF-5-ADJCHG: Process 1, Nbr 50.1.1.1 on Serial3/2 from LOADING to FULL, Loading Done

R4(config)#router ospf 1
R4(config-router)#network 4.0.0.0 0.255.255.255 area 0
R4(config-router)#network 40.0.0.0 0.255.255.255 area 0
R4(config-router)#end

*Dec  4 23:52:52.575: %OSPF-5-ADJCHG: Process 1, Nbr 50.1.1.1 on Serial3/3 from LOADING to FULL, Loading Done

R5(config)#router ospf 1
R5(config-router)#network 50.0.0.0 0.255.255.255 area 0
R5(config-router)#network 1.0.0.0 0.255.255.255 area 0
R5(config-router)#network 1.0.0.0 0.255.255.255 area 0
R5(config-router)#network 2.0.0.0 0.255.255.255 area 0
R5(config-router)#network 3.0.0.0 0.255.255.255 area 0
R5(config-router)#network 4.0.0.0 0.255.255.255 area 0
R5(config-router)#end

*Dec  4 23:52:33.559: %OSPF-5-ADJCHG: Process 1, Nbr 10.1.1.1 on Serial3/0 from LOADING to FULL, Loading Done

*Dec  4 23:52:39.127: %OSPF-5-ADJCHG: Process 1, Nbr 20.1.1.1 on Serial3/1 from LOADING to FULL, Loading Done

*Dec  4 23:52:45.687: %OSPF-5-ADJCHG: Process 1, Nbr 30.1.1.1 on Serial3/2 from LOADING to FULL, Loading Done

*Dec  4 23:52:52.451: %OSPF-5-ADJCHG: Process 1, Nbr 40.1.1.1 on Serial3/3 from LOADING to FULL, Loading Done

R5#show ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface
40.1.1.1          0   FULL/  -        00:00:30    4.4.4.1         Serial3/3
30.1.1.1          0   FULL/  -        00:00:37    3.3.3.1         Serial3/2
20.1.1.1          0   FULL/  -        00:00:34    2.2.2.1         Serial3/1
10.1.1.1          0   FULL/  -        00:00:39    1.1.1.1         Serial3/0


R5#show ip route ospf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set

O     10.0.0.0/8 [110/65] via 1.1.1.1, 00:03:59, Serial3/0
O     20.0.0.0/8 [110/65] via 2.2.2.1, 00:03:59, Serial3/1
O     30.0.0.0/8 [110/65] via 3.3.3.1, 00:03:49, Serial3/2
O     40.0.0.0/8 [110/65] via 4.4.4.1, 00:03:39, Serial3/3



R5(config)#router ospf 1
R5(config-router)#passive-interface serial 3/0
R5(config-router)#passive-interface serial 3/2
R5(config-router)#end

*Dec  4 23:58:19.571: %OSPF-5-ADJCHG: Process 1, Nbr 10.1.1.1 on Serial3/0 from FULL to DOWN, Neighbor Down: Interface down or detached

*Dec  4 23:58:24.351: %OSPF-5-ADJCHG: Process 1, Nbr 30.1.1.1 on Serial3/2 from FULL to DOWN, Neighbor Down: Interface down or detached

R5#show ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface
40.1.1.1          0   FULL/  -        00:00:39    4.4.4.1         Serial3/3
20.1.1.1          0   FULL/  -        00:00:33    2.2.2.1         Serial3/1

R5#show ip route ospf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set

O     20.0.0.0/8 [110/65] via 2.2.2.1, 00:06:58, Serial3/1
O     40.0.0.0/8 [110/65] via 4.4.4.1, 00:06:38, Serial3/3

By at
Labels:

1 comment:

Subscribe to: Post Comments (Atom)

How to configure DHCP Snooping on switch, DHCP Server on router, SVI Inter-VLAN-routing, BPDU Guard, Root-Guard, Port-fast, Dot1q and Port-channel pagp?

In this section, we are going to configure some important topics DHCP Snooping on the switch, DHCP Server on the router, SVI Inter-VLAN-rout...

INSTAGRAM FEED

@Edger C Francis