cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
540
Views
0
Helpful
3
Replies

VRF & OSPF passive interfaces

jjtanner
Level 1
Level 1

Hello,

if configuring OSPF for a VRF you cannot configure passive interfaces! The command does not even exist!

This seems to be related to CSCeb86068.

Does anyone have experiences with that issue??

Any intelligent solution??

Thanks

Juerg

3 Replies 3

ft
Level 1
Level 1

CSCeb86068.

Release Notes

This is a feature request to add "passive-interface" command to mpls vpn supported ospf.

First Fixed-in Version 12.2(18)SXE, 12.0(30.4)S, 12.2(28.5)S01, 12.4(1.5), 12.4(1.8)T, 12.2(25)S09

If you config OSPF for a vrf, you should config "ip vrf forwording xxx" below interface first. I don't think passive-interface at OSPF for a vrf is requisite.

Yo,

I knew how to config an interface for vrf - this is not the clou.

I have a VPN for a school and this should be hacking proof.

I could run the subnet whithout ospf and redist connected but then the routes are externals.

Another solution would be to config an VLAN-ACL to deny OSPF on that vlan.

One more solution is to run OSPF with authentication.

But all these solutions are not that pretty!

So I ask whether there is someone knowing another solution for that.

And by the way it's a shame that this only is a feature request!! For me this is a clear bug since the passiv works in the global OSPF process!

Juerg

1.For no neighbor in your VPN, you can try BGP as PE-CE routing protocol.

router bgp 65000

!

address-family ipv4 vrf school

network x.x.x.x mask x.x.x.x

no auto-summary

no synchronization

exit-address-family

R1#v all 172.16.1.0

BGP routing table entry for 172:16:172.16.1.0/24, version 373

Paths: (1 available, best #1, table school)

Flag: 0x820

Advertised to update-groups:

1 2

Local

0.0.0.0 from 0.0.0.0 (172.16.0.1)

Origin IGP, metric 0, localpref 100, weight 32768, valid, sourced, local, best

Extended Community: RT:172:16

2.If you still need use ospf and passive interface in your ospf vrf, upgrade to 12.4.2 or above. :)

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: