You want to prevent some of a router's interfaces from taking part in OSPF.
The passive-interface configuration command effectively disables OSPF on an interface by preventing it from forming OSPF adjacencies:
Router3#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router3(config)#router ospf 44 Router3(config-router)#network 0.0.0.0 255.255.255.255 area 100 Router3(config-router)#passive-interface Ethernet0 Router3(config-router)#end Router3#
OSPF will not start to exchange any routing information until two routers on a segment have authenticated (if authentication is enabled) and agreed on the various area parameters. So simply preventing one router from taking part in this handshake is sufficient to prevent the exchange of OSPF information on the interface. Also, while you can use a passive-interface command as shown in the example, you can also prevent an interface from taking part in OSPF by just using more restrictive network commands. In the example, the network statement includes everything. But you could just as easily use a network statement that restricts OSPF to a list of specific interfaces as follows:
Router3#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router3(config)#router ospf 44 Router3(config-router)#network 172.20.1.2 0.0.0.0 area 100 Router3(config-router)#network 172.20.10.1 0.0.0.0 area 100 Router3(config-router)#end Router3#
Any interfaces that aren't explicitly included by a network statement will not take part in OSPF. On the other hand, sometimes a router can have a large number of interfaces, and you want all but one or two of them to take part in OSPF. In this case, it is more convenient to use passive interface commands.
To see the effect of this command, we'll look at a network both with and without the passive interface configured. Here is the neighbor list before configuring any passive interfaces:
Router3#show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 172.20.220.1 1 FULL/BDR 00:00:39 172.20.10.2 Ethernet0 172.25.25.1 1 FULL/ - 00:00:37 172.20.1.1 Serial0.1 Router3#
Then, after making the Ethernet0 interface passive, the router drops all of the neighbor relationships on this interface. We are left with only one neighbor:
Router3#show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 172.25.25.1 1 FULL/ - 00:00:38 172.20.1.1 Serial0.1 Router3#
Of course, this also affects any routes that point to neighboring routers through this interface. This is the routing table before configuring Ethernet0 as passive:
Router3#show ip route ospf
172.20.0.0/16 is variably subnetted, 5 subnets, 3 masks
O 172.20.220.1/32 [110/11] via 172.20.10.2, 00:00:02, Ethernet0
O 172.20.200.1/32 [110/11] via 172.20.10.2, 00:00:02, Ethernet0
O*IA 0.0.0.0/0 [110/3572] via 172.20.1.1, 00:00:02, Serial0.1
Router3#
With the passive interface configured, all of the corresponding routes are also gone:
Router3#show ip route ospf O*IA 0.0.0.0/0 [110/3572] via 172.20.1.1, 00:01:53, Serial0.1 Router3#
|
|
|
| Top |