Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
You may experience some slow load times, errors, and slight inconsistencies. We ask for your patience as we finalize the launch. Thank you.

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VRF & OSPF passive interfaces

Hello,

if configuring OSPF for a VRF you cannot configure passive interfaces! The command does not even exist!

This seems to be related to CSCeb86068.

Does anyone have experiences with that issue??

Any intelligent solution??

Thanks

Juerg

  • MPLS
3 REPLIES
ft
New Member

Re: VRF & OSPF passive interfaces

CSCeb86068.

Release Notes

This is a feature request to add "passive-interface" command to mpls vpn supported ospf.

First Fixed-in Version 12.2(18)SXE, 12.0(30.4)S, 12.2(28.5)S01, 12.4(1.5), 12.4(1.8)T, 12.2(25)S09

If you config OSPF for a vrf, you should config "ip vrf forwording xxx" below interface first. I don't think passive-interface at OSPF for a vrf is requisite.

New Member

Re: VRF & OSPF passive interfaces

Yo,

I knew how to config an interface for vrf - this is not the clou.

I have a VPN for a school and this should be hacking proof.

I could run the subnet whithout ospf and redist connected but then the routes are externals.

Another solution would be to config an VLAN-ACL to deny OSPF on that vlan.

One more solution is to run OSPF with authentication.

But all these solutions are not that pretty!

So I ask whether there is someone knowing another solution for that.

And by the way it's a shame that this only is a feature request!! For me this is a clear bug since the passiv works in the global OSPF process!

Juerg

ft
New Member

Re: VRF & OSPF passive interfaces

1.For no neighbor in your VPN, you can try BGP as PE-CE routing protocol.

router bgp 65000

!

address-family ipv4 vrf school

network x.x.x.x mask x.x.x.x

no auto-summary

no synchronization

exit-address-family

R1#v all 172.16.1.0

BGP routing table entry for 172:16:172.16.1.0/24, version 373

Paths: (1 available, best #1, table school)

Flag: 0x820

Advertised to update-groups:

1 2

Local

0.0.0.0 from 0.0.0.0 (172.16.0.1)

Origin IGP, metric 0, localpref 100, weight 32768, valid, sourced, local, best

Extended Community: RT:172:16

2.If you still need use ospf and passive interface in your ospf vrf, upgrade to 12.4.2 or above. :)

173
Views
0
Helpful
3
Replies