ExtremeSwitching (EXOS)

Expand all | Collapse all

EXOS: OSPF "passive-interface default" needed

  • 1.  EXOS: OSPF "passive-interface default" needed

    Posted 07-17-2017 13:12
    Currently i configure OSPF on X870 Switches (recent EXOS 22.2.x).

    I am looking for a command for setting all vlan to "passive default" like i do it on EOS or Cisco.

    Currently i do manually vlan for vlan only.

    configure ospf add vlan VLAN-0111 area 172.16.1.0 passive
    configure ospf add vlan VLAN-0113 area 172.16.1.0 passive
    configure ospf add vlan VLAN-4001 area 172.16.1.0[/code]
    Is there no default passive statement ?

    Regards


  • 2.  RE: EXOS: OSPF "passive-interface default" needed

    Posted 07-17-2017 13:14
    Hi Matthias,

    No, currently there is not an option to configure EXOS in this way. All VLANs added to OSPF are added as active interfaces unless you specify 'passive' in the command.


  • 3.  RE: EXOS: OSPF "passive-interface default" needed

    Posted 07-18-2017 04:37
    Instead of adding every vlan as passive you could just enable ospf on one vlan and then do export direct to export all direct connected vlans into ospf.



  • 4.  RE: EXOS: OSPF "passive-interface default" needed

    Posted 07-18-2017 05:40
    Hello Matthias,

    normally, every VLAN I add to OSPF is either passive or of link-type point-to-point. Thus I always specify one or the other keyword(s) and never use the default broadcast network type. This is just one command as opposed to e.g. the S-Series that requires two (one to add the interface, another one to make it passive or specify the network type).

    Thanks,
    Erik


  • 5.  RE: EXOS: OSPF "passive-interface default" needed

    Posted 07-18-2017 05:57
    and dont forget, no need to type it all, adding vlan as passive just is one space and p extra.
    con ospf add


  • 6.  RE: EXOS: OSPF "passive-interface default" needed

    Posted 07-18-2017 04:37
    sounds interessting - but some explanation or example needed ...


  • 7.  RE: EXOS: OSPF "passive-interface default" needed

    Posted 07-18-2017 04:37
    Hello Matthias,

    it is very simple, add the vlan where you have ospf neighbors as normal to ospf.
    To advertise all your IP vlans into ospf:

    enable ospf export direct cost 10 type ase-type-1 (or type 2).

    This will advertise all your direct connected subnets (all your routed vlans) to be advertised by OSPF as external ase-type-1 or 2 routes.



  • 8.  RE: EXOS: OSPF "passive-interface default" needed

    Posted 07-18-2017 04:37
    OK, thanks that explain it ...
    Nice mechanism to achieve the goal.

    A big disadvantage for me is that in routing table all directed routes a marked as external. That makes routing table unclear / confusing. Normally i do not want this.
    So i my projects i avoid this (if i can) ...

    So having "passive-interface default" is a needed / missed Feature in current EXOS.



  • 9.  RE: EXOS: OSPF "passive-interface default" needed

    Posted 07-18-2017 04:37
    Oscar suggests using redistribution of connected interfaces instead of adding the interface as passive to OSPF. This adds one type 5 LSA for every connected interface to the LSDB of every normal area.


  • 10.  RE: EXOS: OSPF "passive-interface default" needed

    Posted 07-18-2017 05:40
    Hi Erik,
    i got your idea. Defining point-to-point links avoid the DR and BDR Election etc. So network admin should define the two states - passive = clients networks or point-2-point = OSPF Links to other routers!

    Anyway if i am able to define default-interface passive will help to avoid mistakes and increase security level!

    But thanks a lot sharing this idea!

    Regards,
    Matthias


  • 11.  RE: EXOS: OSPF "passive-interface default" needed

    Posted 07-18-2017 05:40
    Hi Erik,
    i got your idea. Defining point-to-point links avoid the DR and BDR Election etc. So network admin should define the two states - passive = clients networks or point-2-point = OSPF Links to other routers!

    Anyway if i am able to define default-interface passive will help to avoid mistakes and increase security level!

    But thanks a lot sharing this idea!

    Regards,
    Matthias