05-03-2006 06:23 AM
Hello,
if configuring OSPF for a VRF you cannot configure passive interfaces! The command does not even exist!
This seems to be related to CSCeb86068.
Does anyone have experiences with that issue??
Any intelligent solution??
Thanks
Juerg
05-03-2006 07:44 AM
CSCeb86068.
Release Notes
This is a feature request to add "passive-interface" command to mpls vpn supported ospf.
First Fixed-in Version 12.2(18)SXE, 12.0(30.4)S, 12.2(28.5)S01, 12.4(1.5), 12.4(1.8)T, 12.2(25)S09
If you config OSPF for a vrf, you should config "ip vrf forwording xxx" below interface first. I don't think passive-interface at OSPF for a vrf is requisite.
05-03-2006 10:47 AM
Yo,
I knew how to config an interface for vrf - this is not the clou.
I have a VPN for a school and this should be hacking proof.
I could run the subnet whithout ospf and redist connected but then the routes are externals.
Another solution would be to config an VLAN-ACL to deny OSPF on that vlan.
One more solution is to run OSPF with authentication.
But all these solutions are not that pretty!
So I ask whether there is someone knowing another solution for that.
And by the way it's a shame that this only is a feature request!! For me this is a clear bug since the passiv works in the global OSPF process!
Juerg
05-03-2006 05:40 PM
1.For no neighbor in your VPN, you can try BGP as PE-CE routing protocol.
router bgp 65000
!
address-family ipv4 vrf school
network x.x.x.x mask x.x.x.x
no auto-summary
no synchronization
exit-address-family
R1#v all 172.16.1.0
BGP routing table entry for 172:16:172.16.1.0/24, version 373
Paths: (1 available, best #1, table school)
Flag: 0x820
Advertised to update-groups:
1 2
Local
0.0.0.0 from 0.0.0.0 (172.16.0.1)
Origin IGP, metric 0, localpref 100, weight 32768, valid, sourced, local, best
Extended Community: RT:172:16
2.If you still need use ospf and passive interface in your ospf vrf, upgrade to 12.4.2 or above. :)
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: