I tryed to configure passive under the global ospf process but without effect, because passive-interface command is missing there too. :-)

I'll might be to set and outgoing ACL to OSPF multicast 240.0.0.5 and put it to all my interfaces, but this require little bit admin overhead.

This strange behavior is probably some IOS bug, but Cisco's bug tool find not about it.

I have the same problem with hello packets. I have tried to make the network command more specific, but I got an error message

%OSPF: OSPF not enabled on FastEthernet0/0

Although the f0/0 interface has an ip address 194.154.236.43 255.255.255.248 configured and the ospf process is running this configuration

!

router ospf 5628 vrf VPN1

redistribute connected

network 194.154.236.40 0.0.0.7 area 0

!

I have three Internet routers connected together over Ethernet ( only one of them is MPLS PE router running Internet in VRF, others are classic Internet routers ) and I need to run OSPF because I need to receive routing information from the two Internet routers and need to redistribute connected and static networks of my MPLS PE router. In the future I will change OSPF to iBGP procsess, but this is a future.

If the PE router needs to learn routes from the two other ruters the you can't use passive-interface. OSPF requires the router to establish an adjacency in order for the router to learn LSAs and then calculate routes.

Hope this helps,

You are absolute right in this, but this is not my problem. I will try to explain it once again. Currently I have the following configuration on my PE router

!

router ospf 5628 vrf INET

network 194.154.224.0 0.0.31.255 area 0

!

the f0/0 interface has this configuration

!

interface FastEthernet0/0

ip vrf forwarding INET

ip address 194.154.236.43 255.255.255.248

!

The problem is, that using this configuration, hello packets are send also through other interfaces of my PE router, which are part of the same ip address range specified under ospf process and are in the same vrf. In other words, hello packets are send to my Internet customers, which is not good. Because it is not possible to configure passive interface under ospf in the VRF, I decided to make the network statement more specific. I have changed the configuration to

!

router ospf 5628 vrf INET

network 194.154.236.40 0.0.0.7 area 0

!

and got the message

%OSPF: OSPF not enabled on FastEthernet0/0

The question is, why is OSPF not enabled on my f0/0, as the ip address of my f0/0 is part of a 194.154.236.40 0.0.0.7 network ?

I get it now. Could you try

router ospf 5628 vrf INET

network 194.154.236.43 0.0.0.0 area 0

and see if it makes a difference. Also what IOS version are you using?

Thanks,

Thank you for your help, I found that the problem was in the sequence of commands, how I have configured the network statement.

With the following script, I got the error message that ospf is not enabled on f0/0

!

conf t

router ospf 5628 vrf INET

network 194.154.236.40 0.0.0.7 area 0

no network 194.154.224.0 0.0.31.255 area 0

!

but with this script, the ospf is running in the way how I wanted

!

conf t

router ospf 5628 vrf INET

no network 194.154.224.0 0.0.31.255 area 0

network 194.154.236.40 0.0.0.7 area 0

!

It is funny :-).

The IOS I used is c7200-p-mz.122-26.bin. Once again, thank you for your help and time.

Peter

Glad you solved your issue. I knew something was wrong ;o)

Pay attention that passive interfaces only for group of interfaces - especially for customer's p2p links, not to other core routers! Customers

are not running OSPF.It's unnenessary and insecure advertise hellos to customer's sites.