10-10-2009 06:59 AM - edited 03-04-2019 06:19 AM
I have a L3 cisco 4506 (LAN) and a cisco 3845 (WAN). Im running a single area OSPF network.
Would you use the network statement to advertise all your L3 interfaces on the 4506. Or use redistribute connected subnets and the network statement on the common interface between the 4506 and 3845. Thanks
10-10-2009 08:12 AM
Normally, I would use network statements to place interfaces within OSPF. This would be true, in your example, on both the 4506 and 3845. This makes it a little easier, I think, to control what is injected into OSPF and, if I remember correctly, makes for different type of OSFP routes (which could become important later on).
10-10-2009 08:14 AM
Hello Jeff,
the network area command for the common subnet is strictly required because otherwise no OSPF adjacency can be built between the two devices.
Using network area command + eventually passive-interface is to be preferred to redistribute connected:
red connected creates OSPF external routes O E2 or O E1.
network ... area commands create internal routes.
OSPF provides tools for inter-area filtering of internal routes but no selective filtering for external routes: the idea is or all external routes go in the area if it is a normal area or all external routes are blocked if it is a type of stub area.
So I would go for network .. area command.
Be aware that network ... area is not constrained to IP subnet on interfaces so with few statements you can address multiple connected interfaces.
example
network 10.10.0.0 0.0.255.255 area 0
works for
int vlan 10
ip addr 10.10.1.1 255.255.255.0
for
int vlan 45
ip addr 10.10.45.1 255.255.255.0
So I would use network area commands +
passive-interface to avoid to have OSPF hellos sent out client vlans.
Hope to help
Giuseppe
10-10-2009 08:20 AM
thank for the feed back...i will use the passive command.
10-10-2009 08:46 AM
Just to expand on some of the additional details Giuseppe provided.
"Be aware that network ... area is not constrained to IP subnet on interfaces so with few statements you can address multiple connected interfaces."
The OSPF network statement can be restricted to an interface; matching an interface depends on the OSPF network statement's address and mask matching just the interface's IP. Unlike some other routing protocols, OSPF network statements match just interfaces IPs, not subnets. (OSPF will, though, "pick up" the network subnet from the interface when it's advertised into OSPF.)
e.g.
example
network 10.10.1.0 0.0.0.255 area 0
or
network 10.10.1.1 0.0.0.0 area 0
works for
int vlan 10
ip addr 10.10.1.1 255.255.255.0
but not for
int vlan 45
ip addr 10.10.45.1 255.255.255.0
"passive-interface to avoid to have OSPF hellos sent out client vlans. "
Certainly a good idea if there isn't another OSPF router you want to neighbor with. If there is, you'll need the hellos but you can secure them with authenication. Either can be rather important unless you don't mind someone adding OSFP routers on your client subnets (some hosts can run OSPF).
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: