OSPF part 3: passive-interfaces

Hi mate! We are going to proceed with configuration of passive-interfaces. First, let me emphasize the need of passive-interfaces.  We configure passive-interfaces for security reasons. Imagine if an intruder tried to hack the network and the interface that it was connected is sending OSPF updates, so what will happen is the information that was advertised by neighbor routers will be shared to the hacking router. Let us check the scenario below:

12I

R1 is connected to a switch, when hacking router connects to a  switch, then OSPF updates will be provided by neighbor routers to hacking routers. There dyou go, the network may be manipulated by hacking router. To avoid this, let us disable the ospf advertisement on interfaces which are not needed.

SYNTAX:

en
conf t
router ospf {process#}
passive-interface default
no passive interface ( interface which should be active)
exit

configuration on each routers

@r1

en
conf t
router ospf 100
passive-interface default
no passive-interface serial 1/0
exit

@r2

en
conf t
router ospf 100
passive-interface default
no passive-interface serial 1/0
no passive-interface serial 1/1
exit

@r3
en
conf t
router ospf 100
passive-interface default
no passive-interface serial 1/1
exit

 

Verification:

You would see that the arrows are pointing on passive-interfaces

 

12k

In the event that the active interface became passive, it will not appear on  neighbor table. Below is the figure that proves that OSPF neighbor establishment has been configured smoothly. We will discuss neighbor table later as we go on.

12L

We will check R2

12m

In the event that the active interface became passive, it will not appear on  neighbor table. Below is the figure that proves that OSPF neighbor establishment has been configured smoothly. We will discuss neighbor table later as we go on.

12n

Let’s check R3

12o

In the event that the active interface became passive, it will not appear on  neighbor table. Below is the figure that proves that OSPF neighbor establishment has been configured smoothly. We will discuss neighbor table later as we go on.

12p

Allright, that is just one way to establish security on OSPF network. Next topic is establishing network security on OSPF network using encrypted key but first lemme take my lunch mate!

Author: technickinAustralia

Tech-Nick is an international student based in Australia. I was a network engineer way back in the Philippines. I decided to pursue international studies with an expectation to get permanent residence in Australia. So it is a new journey for me and I would like to share the values I am learning through this platform.

2 thoughts on “OSPF part 3: passive-interfaces”

  1. hey thank you very much for your help, support please do have any ICND1 AND 2 DUMP QUESION. Uufortunitely i failed my exams,Please help Thank you

    On 12 March 2017 at 03:27, Journey to become a Cisco mate wrote:

    > nicsccnaletsclaimit posted: “Hi mate! We are going to proceed with > configuration of passive-interfaces. First, let me emphasize the need of > passive-interfaces. We configure passive-interfaces for security reasons. > Imagine if an intruder tried to hack the network and the interface th” >

    Like

    Reply

Leave a comment