Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
You may experience some slow load times, errors, and slight inconsistencies. We ask for your patience as we finalize the launch. Thank you.

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VRF & OSPF passive interfaces


if configuring OSPF for a VRF you cannot configure passive interfaces! The command does not even exist!

This seems to be related to CSCeb86068.

Does anyone have experiences with that issue??

Any intelligent solution??



  • MPLS
New Member

Re: VRF & OSPF passive interfaces


Release Notes

This is a feature request to add "passive-interface" command to mpls vpn supported ospf.

First Fixed-in Version 12.2(18)SXE, 12.0(30.4)S, 12.2(28.5)S01, 12.4(1.5), 12.4(1.8)T, 12.2(25)S09

If you config OSPF for a vrf, you should config "ip vrf forwording xxx" below interface first. I don't think passive-interface at OSPF for a vrf is requisite.

New Member

Re: VRF & OSPF passive interfaces


I knew how to config an interface for vrf - this is not the clou.

I have a VPN for a school and this should be hacking proof.

I could run the subnet whithout ospf and redist connected but then the routes are externals.

Another solution would be to config an VLAN-ACL to deny OSPF on that vlan.

One more solution is to run OSPF with authentication.

But all these solutions are not that pretty!

So I ask whether there is someone knowing another solution for that.

And by the way it's a shame that this only is a feature request!! For me this is a clear bug since the passiv works in the global OSPF process!


New Member

Re: VRF & OSPF passive interfaces

1.For no neighbor in your VPN, you can try BGP as PE-CE routing protocol.

router bgp 65000


address-family ipv4 vrf school

network x.x.x.x mask x.x.x.x

no auto-summary

no synchronization


R1#v all

BGP routing table entry for 172:16:, version 373

Paths: (1 available, best #1, table school)

Flag: 0x820

Advertised to update-groups:

1 2

Local from (

Origin IGP, metric 0, localpref 100, weight 32768, valid, sourced, local, best

Extended Community: RT:172:16

2.If you still need use ospf and passive interface in your ospf vrf, upgrade to 12.4.2 or above. :)