Skip to main content

disabling ospf update

More
15 years 3 weeks ago #32539 by juanz
Replied by juanz on topic Re: disabling ospf update
>thnx . . .

>the result goes like this:

>Router(config)# access-list 101 deny ospf any any

>Router(config)# access-list 101 permit ip any any

>Router(config)#int f0/0

>Router(config-if)#ip access-group
% Incomplete command.

>is there anything i forgot to include?
More
15 years 3 weeks ago #32542 by S0lo
Replied by S0lo on topic Re: disabling ospf update
For the ip access-group command you need to specify the ACL number and the direction of checking: IN or OUT. Like this:

[code:1]Router(config-if)#ip access-group 101 out[/code:1]

or

[code:1]Router(config-if)#ip access-group 101 in[/code:1]

The first one will prevent ospf packets from getting OUT of the interface. The second one will prevent ospf packet from getting IN to the interface. Which one you use is dependent on your network topology. I recommend the first one used on each interface that you want to prevent originating ospf packets.

Studying CCNP...

Ammar Muqaddas
Forum Moderator
www.firewall.cx
More
15 years 3 weeks ago #32547 by novembre
Replied by novembre on topic Re: disabling ospf update
I still don't get it. Why do you want to disable OSPF updates? For OSPF to work you need to have a full copy of the link-state database for your area. Which is why 'passive' OSPF will tear down your adjacency.

Also, use dynamips.
More
14 years 9 months ago #33527 by cybermancer
Replied by cybermancer on topic The answer
The answer to your question is actually quite simple, i dont know why you guys are trying to make it so hard. (Thats what she said).

Ok so here it is:


BRANCH#config t
BRANCH(config)#router ospf 1
passive-interface eth0/0


CENTRAL#config terminal
Enter configuration commands, one per line. End with CNTL/Z.
CENTRAL(config)#router ospf 1
CENTRAL(config-router)#passive-interface s0/0/1


now those interfaces wont send ospf updates :twisted: :twisted: :twisted: :twisted: :twisted: :twisted: :twisted: :twisted: :twisted: :twisted: :twisted: :twisted: :twisted: :twisted: :twisted: :twisted: :twisted:
More
14 years 9 months ago #33615 by Losh
Replied by Losh on topic Re: disabling ospf update
One thing you should know is that OSPF is a very tasking process to implement on a router. it uses up quite a large portion of the routers' memory because it has a Link State Database that stores information on how to reach ALL the routers within the same area it's in.

Therefore implementing access-lists will only cause the router to overwork for something that is such a small deal, because when routing it will check through for any acls configured.

Its better to restrict the OSPF advertisements in the OSPF process itself by making the interface passive. this will make the router run ospf smoothly but when its flooding the Link-state-advertisements, it will not flood them out the interface you specified for it to restrict thus saving your bandwidth.

Router(config)#router ospf 1
Router(cofig-router)#passive-interface fa0/1

~ Networking :- Just when u think its starting to make sense......... ~
____________________________________________
CCNA, CCNP, CCNA Security, JNCIA, APDS, CISA
More
14 years 9 months ago #33713 by cybermancer

I still don't get it. Why do you want to disable OSPF updates? For OSPF to work you need to have a full copy of the link-state database for your area. Which is why 'passive' OSPF will tear down your adjacency.

Also, use dynamips.


You want to disable the updates out the Ethernet interfaces because you know there is no router at the other end that needs to get the updates. However there could be a evil black hat hacker on the other end of that Ethernet cable who is sniffing you traffic and seeing all the routing up date information which he uses to attack your network.

So you disable the updates on the Ethernet interfaces so that no unauthorized person can see the routing updates.
Time to create page: 0.134 seconds