Passive Interfaces In Link State Protocol and LSAs
NightShade1
Member Posts: 433 ■■■□□□□□□□
in CCNP
Chrys Bryan says
"The passive interface concept is clear enough with RIP, IGRP, and EIGRP – all protocols that send routing update packets. But OSPF doesn’t send routing update packets – OSPF sends link state advertisements. It’s the inability of the passive interface command to stop LSAs that lead many to think that passive interfaces cannot be used with OSPF."
A lab i did prove that LSAs are stoped anyways ill post it so tell me what you think? maybe im not looking in the correct place so somoene come and point me where i should look?
Check it out
This is what i got
R1----R2
R3
R1 in area 0
R2 ABR
R3 in area 1
R1-R2 network 192.168.1.0
R2-R3 network 192.168.2.0
Turned on debug ip ospf flood on R2
This was BEFORE the passive interface
Sending updates through interface S1/0
Sending updates through interface S2/0
Okay now with Passive interface ON just on S1/0
Something werid when i found activated the passive intercae
Anyways here is the output when i turned ON the passive interface on s1/0 that goes to area 0
sending update on serial 0
Looked carefully 3 times and couldnt find the updates going through Serial 1/0(LSA type 1 and 3 going thought s1/0) this time and the part of send TYPE1 or TYPE 3 over that serial 1/0 (i could have pasted all the output but was long... and i dont think you would want to search on it)
All i could find was this
To test this i was shutting down the interfaces s1/0 and s2/0 in R2 and resetting the process so they had nothing in the ospf database...
"The passive interface concept is clear enough with RIP, IGRP, and EIGRP – all protocols that send routing update packets. But OSPF doesn’t send routing update packets – OSPF sends link state advertisements. It’s the inability of the passive interface command to stop LSAs that lead many to think that passive interfaces cannot be used with OSPF."
A lab i did prove that LSAs are stoped anyways ill post it so tell me what you think? maybe im not looking in the correct place so somoene come and point me where i should look?
Check it out
This is what i got
R1----R2
R3
R1 in area 0
R2 ABR
R3 in area 1
R1-R2 network 192.168.1.0
R2-R3 network 192.168.2.0
Turned on debug ip ospf flood on R2
This was BEFORE the passive interface
Sending updates through interface S1/0
*May 4 01:13:53.831: OSPF: Sending update on Serial1/0 to 192.168.1.1 Area 0 *May 4 01:13:53.835: OSPF: Send Type 1, LSID 192.168.2.1, Adv rtr 192.168.2.1, age 5, seq 0x80000002 (0) *May 4 01:13:53.835: OSPF: Send Type 3, LSID 192.168.2.0, Adv rtr 192.168.2.1, age 2, seq 0x80000001 (1)
Sending updates through interface S2/0
*May 4 01:14:00.251: OSPF: Sending update on Serial2/0 to 192.168.2.2 Area 1 *May 4 01:14:00.251: OSPF: Send Type 1, LSID 192.168.2.1, Adv rtr 192.168.2.1, age 13, seq 0x80000001 (0) *May 4 01:14:00.255: OSPF: Send Type 3, LSID 192.168.1.0, Adv rtr 192.168.2.1,
Okay now with Passive interface ON just on S1/0
Something werid when i found activated the passive intercae
R2(config-router)#passive-interface s1/0 R2(config-router)# *May 4 01:23:44.419: OSPF: Build router LSA for area 0, router ID 192.168.2.1, seq 0x80000001Why is building that LSA when i active passive interface???
Anyways here is the output when i turned ON the passive interface on s1/0 that goes to area 0
sending update on serial 0
*May 4 01:30:00.231: OSPF: Sending update on Serial2/0 to 192.168.2.2 Area 1 *May 4 01:30:00.235: OSPF: Send Type 1, LSID 192.168.2.1, Adv rtr 192.168.2.1, age 9, seq 0x80000001 (0) *May 4 01:30:00.235: OSPF: Send Type 3, LSID 192.168.1.0, Adv rtr 192.168.2.1, age 10, seq 0x80000001 (1)
Looked carefully 3 times and couldnt find the updates going through Serial 1/0(LSA type 1 and 3 going thought s1/0) this time and the part of send TYPE1 or TYPE 3 over that serial 1/0 (i could have pasted all the output but was long... and i dont think you would want to search on it)
All i could find was this
*May 4 01:29:52.671: OSPF: Build router LSA for area 0, router ID 192.168.2.1, seq 0x80000003
To test this i was shutting down the interfaces s1/0 and s2/0 in R2 and resetting the process so they had nothing in the ospf database...
Comments
-
Paul Boz Member Posts: 2,620 ■■■■■■■■□□I'm looking forward to seeing the debugs for this.CCNP | CCIP | CCDP | CCNA, CCDA
CCNA Security | GSEC |GCFW | GCIH | GCIA
pbosworth@gmail.com
http://twitter.com/paul_bosworth
Blog: http://www.infosiege.net/ -
NightShade1 Member Posts: 433 ■■■□□□□□□□"the command you need to see what is happening is debug ospf lsa (generate|flooding|refresh)
And use it with an interface conditional statement "debug interface s2/0" for instance.
Watch the traffic as you apply and remove the command and then apply it again"
Darby sorry
What im supposed to see with those commands
I actually tried to use debug ip ospf lsa-generation command before but i didnt get anything and it didnt do anything... i guessi just dont know how to use it... i had it on all the time i mean when i was configuring the ospf small network and i didnt see any output besides*May 5 18:48:59.515: OSPF: Start redist-scanning *May 5 18:48:59.515: OSPF: Scan the RIB for both redistribution and translation *May 5 18:48:59.519: OSPF: End scanning, Elapsed time 4ms2.168.2.0 0.0.0.255 ar ea 1
Thats all that debug ip ospf lsa-generation gave me....
Thats why i ask you again i am using it in a incorrect way?
I used debug ip ospf flood command up because that give me results!
now as for the debug interface s2/0 didnt gave me anything either
Plz point me what im doing wrong Darby i mean this is weird at least with lsa generation one...
the flood debug command did tell me hey im sending LSA TYPE 1 and TYPE 3 but the other nothing....
Im using Dynamips
IOS = c7200-js-mz.123-21
You need anything else or just point me in the correct way i will do it right away Darby.
Damn i need to know how to use all these debug commands!