The Passive Interface feature in OSPF allows you to advertise networks without sending hello packets. This is especially useful for interfaces connected to LANs or devices that should not form OSPF neighborships but whose networks still need to be advertised. Think of an OSPF router connected to a switch LAN – do we really need to send OSPF hello packets out of the LAN interface on the router to the switch? Of course not.  If we do, this will leave a security whole as someone could emulate OSPF on his PC, form neighborship to our Juniper router, and see all OSPF information. To make it even worst, he can inject a default route so all the traffic of the network to the internet pass via his PC, and he can open a capturing software to capture all traffic passed. For this, we need to use passive interface to stop hello packets on an interface, however, we can still advertise that connected network to the OSPF.

Let me show you in a LAB how this can be done.

In this lab, I will demonstrate the passive interface configuration using the following scenario:

• R1: Router in Area 0.
• R2: ABR between Area 0 and Area 1.
• R3: Router in Area 1

Objective

1. Configure FastEthernet0/0/2 on R2 as a passive interface.
2. Verify that the network attached to this interface is still advertised to other OSPF routers.
3. Observe the effect of passive interface on OSPF neighborship.

Lab Steps for Passive Interface

Step 1: Verify Existing Neighborships

Check the OSPF neighborships and routing table on R1 before enabling the passive interface.

Step 2: Configure Passive Interface on R2

Make FastEthernet0/0/2 a passive interface on R2.

Apologies, the Full Lesson Access is Only for Members....

\

Get Access to all Lessons from different Vendors

\

Affordable Price to Enhance your IT Skills!

\

Always Accessing all Lessons including the New Added Ones

100% Satisfaction Guaranteed!

You can cancel your membership at anytime.
No Questions Asked Whatsover!

Become a Member Now