it is a layer 3 switch OPSF is running on the switch, but the vlan it's on is set to passive. I want to only allow advertising on the specific port on the the VLAN not the entire VLAN th port's on.

 

If there are multiple ports in the vlan you cannot make the SVI passive. 

 

Obviously once you remove the passive command then OSPF hellos would be sent out of all ports which is what you want to avoid. 

 

You could try the solution suggested in this thread  - 

 

https://supportforums.cisco.com/t5/lan-switching-and-routing/ospf-packets-on-l2-port/m-p/3321244#M403210

 

can't say how well it work as I have never used it myself. 

 

Jon

thanks for the info I will give a look.

Hello

It might be a l3 switch but the port in question sounds like a l2 access port assigned to a L3 SVI so as Jon stated this port will be the physical port for the vlan so the whole vlan will be advertised but at present because you have specified the L3 svi of the vlan as passive you wont get an adjacency on this port.

 

Also

---

@lcollado wrote:
it is a layer 3 switch OPSF is running on the switch, but the vlan it's on is set to passive. I want to only allow advertising on the specific port on the the VLAN not the entire VLAN th port's on.

---

Now if you want to only advertised a specific L3 interface/prefix into your router then you have filtering options.
prefix-suppression --applied to routing process(all prefixes are suppressed  or interface (which take precedence and only suppress that interface)
Distribute -list -  used in conjunction with prefix-list to deny and allow whatever you wish to be advertised into the router

res
Paul

Paul, thank you for your input. I will look into this and let you know my findings

would it be possible to create a new vlan, assign the vlan an IP address from the same network I have been trying to get OSPF to broadcast to that one single port? 

Create the new vlan configure OSPF on the same area 0, would that prevent OSPF broadcasting to the same subnet?

You cannot use the same IP subnet on multiple L3 interfaces on the same device so if I understand your question correctly the answer would be no you can't. 

 

Why are you so concerned with OSPF hellos on the other ports in the vlan ? 

 

Jon

here's what I'm trying to do.


I have two SDWAN boxes connecting two sites over the internet. My site is the hub (site 1) and I want to advertise all networks over to site 2 over the SDWAN box.


The SDWAN box in (site 1) has OSPF option turned on to listen for hellos from aera 0 which will send network routes over to site 2.


The SDWAN boxes have two interfaces one public facing and the other on the private side.


Based on your input, I would need to create a new vlan on a different subnet and configure ospf without passive. this would isolate the OSPF traffic for only this vlan and site two will get the network routes.


thoughts?

I have not used SDWAN boxes so unsure how they work but if you could create a new vlan/IP then yes that should work as far as I can tell based on your question. 

 

Jon

so I have added the port to a different VLAN that has no passive configured. so OSPF hellos should be broadcasted. I'm waiting for vendor to change the IP address on the internal intface on the sdwan box. for your review I have the OSPF config for the vlan

PARAC01#sh ip ospf 1 int vlan 10
Vlan10 is up, line protocol is up
Internet Address 30.1.1.61/26, Area 0
Process ID 1, Router ID 6.1.0.254, Network Type POINT_TO_POINT, Cost: 1
Transmit Delay is 1 sec, State POINT_TO_POINT
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Hello due in 00:00:00
Supports Link-local Signaling (LLS)
Cisco NSF helper support enabled
IETF NSF helper support enabled
Index 14/14, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 8, maximum is 10
Last flood scan time is 0 msec, maximum is 4 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 6.1.0.253
Suppress hello for 0 neighbor(s)
PARAC01#sh ip ospf 1 int vlan 200
Vlan200 is up, line protocol is up
Internet Address 30.1.0.253/24, Area 0
Process ID 1, Router ID 6.1.0.254, Network Type BROADCAST, Cost: 1
Transmit Delay is 1 sec, State DR, Priority 1
Designated Router (ID) 6.1.0.254, Interface address 30.1.0.253
No backup designated router on this network
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
No Hellos (Passive interface)
Supports Link-local Signaling (LLS)
Cisco NSF helper support enabled
IETF NSF helper support enabled
Index 13/13, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 0, maximum is 0
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 0, Adjacent neighbor count is 0
Suppress hello for 0 neighbor(s)
once the vendor changes the ip address on the box I believe it will work, thoughts?

I can't see why it wouldn't work from what you have posted. 

 

Let me know how it goes. 

 

Jon

We have some progress, OSPF traffic is hitting the SDWAN box, but the routes are not being learned on the SDWAN. Do I need to manually added the SDWAN as a OSPF neighbor? as well a network statement pointing to the SDWAN box as the next hop to get to the second site?

If routes are not being learnt it sounds like it might be your OSPF configuration. 

 

Can you post relevant OSPF configuration from both ends. 

 

Jon