OSPF: Passive Interfaces

Enabling an interface with OSPF is the quickest method to advertise its network to other OSPF enabled routers. It is not only the network that is advertised to other routers that is enabled – the interface now listens and takes part in the OSPF process itself.

An unauthorised OSPF router can be plugged into that network and cause havoc on the rest of the network.

The interface can be made passive to allow the network to still be advertised to other OSPF enabled routers and not allow the local interface itself to form any OSPF adjacencies.

To make an interface passive:

router ospf 1
 passive interface FastEthernet0/0

An alternative method may to make all interfaces passive by default, then whitelist them individually with a no passive interface command

router ospf 1
 passive interface default
 no passive interface FastEthernet0/0



, ,




Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.