Hi mate! We are going to proceed with configuration of passive-interfaces. First, let me emphasize the need of passive-interfaces. We configure passive-interfaces for security reasons. Imagine if an intruder tried to hack the network and the interface that it was connected is sending OSPF updates, so what will happen is the information that was advertised by neighbor routers will be shared to the hacking router. Let us check the scenario below:
R1 is connected to a switch, when hacking router connects to a switch, then OSPF updates will be provided by neighbor routers to hacking routers. There dyou go, the network may be manipulated by hacking router. To avoid this, let us disable the ospf advertisement on interfaces which are not needed.
SYNTAX:
en
conf t
router ospf {process#}
passive-interface default
no passive interface ( interface which should be active)
exit
configuration on each routers
@r1
en
conf t
router ospf 100
passive-interface default
no passive-interface serial 1/0
exit
@r2
en
conf t
router ospf 100
passive-interface default
no passive-interface serial 1/0
no passive-interface serial 1/1
exit
@r3
en
conf t
router ospf 100
passive-interface default
no passive-interface serial 1/1
exit
Verification:
You would see that the arrows are pointing on passive-interfaces
In the event that the active interface became passive, it will not appear on neighbor table. Below is the figure that proves that OSPF neighbor establishment has been configured smoothly. We will discuss neighbor table later as we go on.
We will check R2
In the event that the active interface became passive, it will not appear on neighbor table. Below is the figure that proves that OSPF neighbor establishment has been configured smoothly. We will discuss neighbor table later as we go on.
Let’s check R3
In the event that the active interface became passive, it will not appear on neighbor table. Below is the figure that proves that OSPF neighbor establishment has been configured smoothly. We will discuss neighbor table later as we go on.
Allright, that is just one way to establish security on OSPF network. Next topic is establishing network security on OSPF network using encrypted key but first lemme take my lunch mate!