Enabling an interface with OSPF is the quickest method to advertise its network to other OSPF enabled routers. It is not only the network that is advertised to other routers that is enabled – the interface now listens and takes part in the OSPF process itself.
An unauthorised OSPF router can be plugged into that network and cause havoc on the rest of the network.
The interface can be made passive to allow the network to still be advertised to other OSPF enabled routers and not allow the local interface itself to form any OSPF adjacencies.
To make an interface passive:
router ospf 1 passive interface FastEthernet0/0
An alternative method may to make all interfaces passive by default, then whitelist them individually with a no passive interface
command
router ospf 1 passive interface default no passive interface FastEthernet0/0
Leave a Reply