OSPF Passive interface feature and a Bug!

Forum|Forum|9 years ago
June 30, 2016
1 reply
6214 views

I have recently setup several fortigate 90D's and a few 200D's with OSPF. The are all connected via a VPLS solution.

the OSPF interface is wan1. The internal network is a port 3 or internal (a named interface) they also have a separate interface on them ie: WAN2. I setup OSPF on the VPLS side for all of them then a single OSPF interface. I then advertise the separate network connected to each site on the internal side. I don't have the internal interface setup with OSPF. It all worked fine. I noticed that if i setup a router in one of the networks behind the firewall (on the internal side) with OSPF it creates an OSPF adjacency! This should not happen! This interface is not configured for OSPF! I then tried to set the passive-interface option in OSPF and it only lets you have one passive interface? I'm running 5.2.7 on these firewalls. I should be able to make more than one interface passive for ospf!

Any ideas?

Thanks,

OSPF

emnoc

New Member

I doubt it's a bug,

but have you reviewed your cfg? Did you execute any diag sniffer packet <the suspect passive interface> " proto 89 "

Did you restart ospf process after the changes?

e.g

execute router clear ospf proc

beaven67Author

New Member

Yes is did restart the firewall. I did find that you can just add all the interfaces to the passive-interface command and that will work just fine. I believe the bug is that its advertising multicast packets out interfaces that are not configured for ospf! the networks included in the ospf command are for advertisements not for neighbor adjacencies.

The work around by adding all the interfaces via the passive-interface command is a not a correct solution for a secure network. The interface should not be taking any part of the ospf network process. I will submit this to TAC for further review..

Thanks,

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded