EXOS: OSPF "passive-interface default" needed

  • 0
  • 1
  • Question
  • Updated 1 year ago
  • Answered
  • (Edited)
Currently i configure OSPF on X870 Switches (recent EXOS 22.2.x).

I am looking for a command for setting all vlan to "passive default" like i do it on EOS or Cisco.

Currently i do manually vlan for vlan only.

configure ospf add vlan VLAN-0111 area 172.16.1.0 passive
configure ospf add vlan VLAN-0113 area 172.16.1.0 passive
configure ospf add vlan VLAN-4001 area 172.16.1.0

Is there no default passive statement ?

Regards
Photo of M.Nees

M.Nees, Embassador

  • 9,958 Points 5k badge 2x thumb

Posted 1 year ago

  • 0
  • 1
Photo of Brandon Clay

Brandon Clay, Escalation Support Engineer

  • 13,606 Points 10k badge 2x thumb
Hi Matthias,

No, currently there is not an option to configure EXOS in this way. All VLANs added to OSPF are added as active interfaces unless you specify 'passive' in the command.
Photo of OscarK

OscarK, ESE

  • 7,912 Points 5k badge 2x thumb
Instead of adding every vlan as passive you could just enable ospf on one vlan and then do export direct to export all direct connected vlans into ospf.
Photo of M.Nees

M.Nees, Embassador

  • 9,954 Points 5k badge 2x thumb
sounds interessting - but some explanation or example needed ...
Photo of OscarK

OscarK, ESE

  • 7,912 Points 5k badge 2x thumb
Hello Matthias,

it is very simple, add the vlan where you have ospf neighbors as normal to ospf.
To advertise all your IP vlans into ospf:

enable ospf export direct cost 10 type ase-type-1 (or type 2).

This will advertise all your direct connected subnets (all your routed vlans) to be advertised by OSPF as external ase-type-1 or 2 routes.
Photo of M.Nees

M.Nees, Embassador

  • 9,954 Points 5k badge 2x thumb
OK, thanks that explain it ...
Nice mechanism to achieve the goal.

A big disadvantage for me is that in routing table all directed routes a marked as external. That makes routing table unclear / confusing. Normally i do not want this.
So i my projects i avoid this (if i can) ...

So having "passive-interface default" is a needed / missed Feature in current EXOS.
Photo of Erik Auerswald

Erik Auerswald, Embassador

  • 13,792 Points 10k badge 2x thumb
Oscar suggests using redistribution of connected interfaces instead of adding the interface as passive to OSPF. This adds one type 5 LSA for every connected interface to the LSDB of every normal area.
Photo of Erik Auerswald

Erik Auerswald, Embassador

  • 13,792 Points 10k badge 2x thumb
Hello Matthias,

normally, every VLAN I add to OSPF is either passive or of link-type point-to-point. Thus I always specify one or the other keyword(s) and never use the default broadcast network type. This is just one command as opposed to e.g. the S-Series that requires two (one to add the interface, another one to make it passive or specify the network type).

Thanks,
Erik
Photo of M.Nees

M.Nees, Embassador

  • 9,954 Points 5k badge 2x thumb
Hi Erik,
i got your idea. Defining point-to-point links avoid the DR and BDR Election etc. So network admin should define the two states - passive = clients networks or point-2-point = OSPF Links to other routers!

Anyway if i am able to define default-interface passive will help to avoid mistakes and increase security level!

But thanks a lot sharing this idea!

Regards,
Matthias
Photo of M.Nees

M.Nees, Embassador

  • 9,954 Points 5k badge 2x thumb
Hi Erik,
i got your idea. Defining point-to-point links avoid the DR and BDR Election etc. So network admin should define the two states - passive = clients networks or point-2-point = OSPF Links to other routers!

Anyway if i am able to define default-interface passive will help to avoid mistakes and increase security level!

But thanks a lot sharing this idea!

Regards,
Matthias
Photo of OscarK

OscarK, ESE

  • 7,912 Points 5k badge 2x thumb
and dont forget, no need to type it all, adding vlan as passive just is one space and p extra.
con ospf add <vlan> a 0 p 
is enough for command:
configure ospf add <vlan> area 0.0.0.0 passive