Configuring OSPF Passive Interface

In this lab you will learn how to configure an Open Shortest Path First (OSPF) passive interface to prevent OSPF from forming neighbor relationships on an OSPF enabled interface.

Real World Application & Core Knowledge

If you’ve completed Lab 8-7 – Configuring EIGRP Passive Interface then you should have a firm understanding of how passive interface works and what it does.

If not then to summarize passive-interface up in one paragraph; its a feature you enable on a per interface basis which allows a particular interface to participate in a routing process but prevents that interface from forming neighbor relationships by not sending hello packets and discarding received hello packets.

So you’re probably wondering what is this feature good for? Lets say you have a layer 2 access switch and all layer 3 functions of the network occur at the distribution layer. In this case you would not want the router(s) sending hello packets down to the access switch but you’d still want the links participating in a routing protocol to be advertised dynamically. In this case you’d need to use the passive interface feature.

You configure a passive interface in OSPF the same way you do in EIGRP and RIP by using the passive-interface interfacename#/# in router configuration mode.

In this lab you’ll be configuring the LAN interfaces on R4 and R5 as passive interfaces to ensure they do not form a neighbor relationship with each other however they must advertise the LAN network 10.45.1.0/24 into the OSPF autonomous system.

Familiarize yourself with the following new command(s);

passive-interface interfacename#/# – This command is executed in router configuration mode to specify a particular interface as a passive-interface in the dynamic routing process. A passive interface does not send or process received hello’s thus not forming a neighbor relationship or advertising routes.

The following logical topology shown below is used in labs found through out Section 9 – Configuring OSPF;

Lab Prerequisites

• If you completed lab 9-11 you can start where you’ve left off or you can load the Free CCNA Workbook GNS3 topology; start and establish a console session with R1, R2, R3, R4, R5 and SW1 then load their initial configurations included below by copying the config from the textbox and pasting it into the routers console.

Initial Configurations

!################################################## !#  Free CCNA Workbook Lab 9-12 R1 Initial Config # !################################################## ! enable configure terminal ! hostname R1 no ip domain-lookup ! interface Loopback0  description ### SIMULATED NETWORK ###  ip address 10.55.10.1 255.255.255.0  ip ospf 1 area 1 ! interface Serial1/0  description ### PHYSICAL FRAME RELAY INTERFACE ###  ip address 10.1.245.1 255.255.255.248  ip ospf 1 area 0  encapsulation frame-relay  serial restart-delay 0  frame-relay map ip 10.1.245.5 125 broadcast  frame-relay map ip 10.1.245.4 124 broadcast  frame-relay map ip 10.1.245.2 122 broadcast  no frame-relay inverse-arp  no shut  exit ! router ospf 1  router-id 1.1.1.1  log-adjacency-changes  auto-cost reference-bandwidth 100000  neighbor 10.1.245.2  neighbor 10.1.245.4  neighbor 10.1.245.5 ! line con 0  logging sync  no exec-timeout ! end

!################################################## !#  Free CCNA Workbook Lab 9-12 R2 Initial Config # !################################################## ! enable configure terminal ! hostname R2 no ip domain-lookup ! interface Loopback0  description ### SIMULATED NETWORK ###  ip address 10.55.20.1 255.255.255.0  ip ospf 1 area 2 ! interface Serial1/0  description ### PHYSICAL FRAME RELAY INTERFACE ###  ip address 10.1.245.2 255.255.255.248  encapsulation frame-relay  ip ospf priority 0 ip ospf 1 area 0  serial restart-delay 0  no frame-relay inverse-arp  frame map ip 10.1.245.1 221 broadcast  frame map ip 10.1.245.4 221  frame map ip 10.1.245.5 221  no shut ! interface Serial1/2  ### POINT-TO-POINT LINK TO R3 ###  ip address 10.1.23.1 255.255.255.252  ip ospf 1 area 3  ip ospf hello-interval 1  encapsulation ppp  serial restart-delay 0  no shut  exit ! router ospf 1  router-id 2.2.2.2  auto-cost reference-bandwidth 100000  log-adjacency-changes  area 3 stub no-summary ! line con 0  logging sync  no exec-timeout ! end

!################################################## !#  Free CCNA Workbook Lab 9-12 R3 Initial Config # !################################################## ! enable configure terminal ! hostname R3 no ip domain-lookup ! interface Loopback0  description ### SIMULATED NETWORK ###  ip address 10.55.30.1 255.255.255.0  ip ospf 1 area 3 ! interface Serial1/1  description ### POINT-TO-POINT LINK TO R2 ###  ip address 10.1.23.2 255.255.255.252  ip ospf 1 area 3  ip ospf hello-interval 1  encapsulation ppp  no shut  exit ! router ospf 1  router-id 3.3.3.3  log-adjacency-changes  auto-cost reference-bandwidth 100000  area 3 stub ! line con 0  logging sync  no exec-timeout ! end

!################################################## !#  Free CCNA Workbook Lab 9-12 R4 Initial Config # !################################################## ! enable configure terminal ! hostname R4 no ip domain-lookup ! interface Loopback0  description ### SIMULATED NETWORK ###  ip address 10.55.40.1 255.255.255.0  ip ospf 1 area 4 ! interface FastEthernet0/0  description ### REAL NETWORK ###  ip address 10.45.1.1 255.255.255.0  ip ospf 1 area 45  no shut ! interface Serial1/0  description ### PHYSICAL FRAME RELAY INTERFACE ###  ip address 10.1.245.4 255.255.255.248  encapsulation frame-relay  ip ospf priority 0  ip ospf 1 area 0  serial restart-delay 0  no frame-relay inverse-arp  frame map ip 10.1.245.1 421 broadcast  frame map ip 10.1.245.2 421  frame map ip 10.1.245.5 421  no shut ! interface Serial1/1  description ### POINT-TO-POINT LINK TO R5 ###  ip address 10.1.45.1 255.255.255.252  ip ospf 1 area 45  encapsulation ppp  serial restart-delay 0  no shut  exit ! router ospf 1  router-id 4.4.4.4  auto-cost reference-bandwidth 100000  log-adjacency-changes ! line con 0  logging sync  no exec-timeout ! end

!################################################## !#  Free CCNA Workbook Lab 9-12 R5 Initial Config # !################################################## ! enable configure terminal ! hostname R5 no ip domain-lookup ! interface Loopback0  description ### SIMULATED NETWORK ###  ip address 10.55.50.1 255.255.255.0  ip ospf 1 area 5 ! interface FastEthernet0/0  description ### REAL NETWORK ###  ip address 10.45.1.2 255.255.255.0  ip ospf cost 100  ip ospf 1 area 45  no shut ! interface Serial1/0  description ### PHYSICAL FRAME RELAY INTERFACE ###  ip address 10.1.245.5 255.255.255.248  encapsulation frame-relay  ip ospf priority 0  ip ospf 1 area 0  serial restart-delay 0  no frame-relay inverse-arp  frame map ip 10.1.245.1 521 broadcast  frame map ip 10.1.245.2 521  frame map ip 10.1.245.4 521  no shut ! interface Serial1/1  description ### POINT-TO-POINT LINK TO R4 ###  ip address 10.1.45.2 255.255.255.252  ip ospf 1 area 45  encapsulation ppp  serial restart-delay 0  no shut  exit ! router ospf 1  router-id 5.5.5.5  log-adjacency-changes  auto-cost reference-bandwidth 100000 ! line con 0  logging sync  no exec-timeout ! end

!################################################## !#  Free CCNA Workbook Lab 9-X SW1 Initial Config # !################################################## ! enable configure terminal ! hostname SW1 no ip domain-lookup ! line con 0  logging sync  no exec-timeout ! end

Lab Objectives

• Configure R4 and R5′s LAN interfaces (FastEthernet0/0) as passive interfaces to ensure R4 and R5 never become neighbors over through the LAN.
• Verify on R1 that the routes to R4 and R5′s connected LAN is still in the routing table.

Lab Instruction

Objective 1. – Configure R4 and R5′s LAN interfaces (FastEthernet0/0) as passive interfaces to ensure R4 and R5 never become neighbors over through the LAN.

R4#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R4(config)#router ospf 1 R4(config-router)#passive-interface FastEthernet0/0 %OSPF-5-ADJCHG: Process 1, Nbr 5.5.5.5 on FastEthernet0/0 from FULL to DOWN, Neighbor Down: Interface down or detached R4(config-router)#end R4# %SYS-5-CONFIG_I: Configured from console by console R4#

R5# %OSPF-5-ADJCHG: Process 1, Nbr 4.4.4.4 on FastEthernet0/0 from FULL to DOWN, Neighbor Down: Interface down or detached R5#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R5(config)#router ospf 1 R5(config-router)#passive-interface FastEthernet0/0 R5(config-router)#end R5# *Jul 12 20:06:16.183: %SYS-5-CONFIG_I: Configured from console by console R5#

Objective 2. – Verify on R1 that the routes to R4 and R5′s connected LAN is still in the routing table.

R1#show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set 10.0.0.0/8 is variably subnetted, 9 subnets, 4 masks O IA 10.55.50.1/32 [110/64767] via 10.1.245.5, 00:46:01, Serial1/0 O IA 10.55.40.1/32 [110/64767] via 10.1.245.4, 00:46:01, Serial1/0 O IA 10.1.23.0/30 [110/129532] via 10.1.245.2, 00:45:51, Serial1/0 O IA 10.55.30.1/32 [110/129533] via 10.1.245.2, 00:36:08, Serial1/0 O IA 10.45.1.0/24 [110/64866] via 10.1.245.5, 00:00:27, Serial1/0 O IA 10.1.45.0/30 [110/129532] via 10.1.245.5, 00:45:51, Serial1/0 [110/129532] via 10.1.245.4, 00:45:51, Serial1/0 O IA 10.55.20.1/32 [110/64767] via 10.1.245.2, 00:46:02, Serial1/0 C 10.55.10.0/24 is directly connected, Loopback0 C 10.1.245.0/29 is directly connected, Serial1/0 R1#

As you can see from the routing table of R1 shown above that to get to the 10.45.1.0/24 network from R1 the next hop is R5. If you view the interface configuration on R5 you’ll see it has an ospf cost of 100 as previously configured in Lab 9-10 – Configuring OSPF Interface Cost before the auto-cost reference-bandwidth was changed in Lab 9-11 – Configuring OSPF Auto Cost Reference Bandwidth to ensure traffic coming from R1 would take R4 to get to 10.45.1.0/24 as R4 used the default cost reference which gave its FastEthernet0/0 interface a cost of 1 thus the ip ospf cost 100 on R5′s FastEthernet0/0 interface would be a higher. But after the auto cost reference bandwidth change R5 became the preferred route as OSPF dynamically calculated a higher cost then 100 for R4 to its FastEthernet0/0.

To resolve this you can change the cost on R5′s FastEthernet0/0 interface to 65535 as shown below;

R5#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R5(config)#interface FastEthernet0/0 R5(config-if)#ip ospf cost 65535 R5(config-if)#end R5#

View R1′s routing table as shown below; you’ll notice that the R1 now has the correct route to 10.45.1.0/24 through R4.

R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
      D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
      N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
      E1 - OSPF external type 1, E2 - OSPF external type 2
      i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
      ia - IS-IS inter area, * - candidate default, U - per-user static route
      o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

    10.0.0.0/8 is variably subnetted, 9 subnets, 4 masks
O IA    10.55.50.1/32 [110/64767] via 10.1.245.5, 00:55:05, Serial1/0
O IA    10.55.40.1/32 [110/64767] via 10.1.245.4, 00:55:05, Serial1/0
O IA    10.1.23.0/30 [110/129532] via 10.1.245.2, 00:54:55, Serial1/0
O IA    10.55.30.1/32 [110/129533] via 10.1.245.2, 00:45:11, Serial1/0
O IA    10.45.1.0/24 [110/65766] via 10.1.245.4, 00:01:05, Serial1/0
O IA    10.1.45.0/30 [110/129532] via 10.1.245.5, 00:54:55, Serial1/0
                    [110/129532] via 10.1.245.4, 00:54:55, Serial1/0
O IA    10.55.20.1/32 [110/64767] via 10.1.245.2, 00:55:05, Serial1/0
C       10.55.10.0/24 is directly connected, Loopback0
C       10.1.245.0/29 is directly connected, Serial1/0
R1#