Configuring OSPF Interfaces
Fixed Switch Configuration Guide 22-15
They do not send or receive hello packets. OSPF adjacencies can not be formed on a passive
interface.
Use the passive-interface command in router configuration command mode to configure an
interface as passive or to set passive as the default mode of operation for all interfaces.
Configuring OSPF Interfaces
OSPF is disabled by default and must be enabled on routing interfaces with the ip ospf enable
command in interface configuration mode. When OSPF is enabled on an interface, the OSPF area
defaults to 0.0.0.0. Use the ip ospf areaid command to configure a different area ID for the
interface.
Configuring Interface Cost
Each interface has an outbound cost associated with it. The lower the cost, the more likely the
interface will be used to forward data traffic. Should several equal-cost routes to a destination
exist, traffic is distributed equally among them.
The default interface cost is 10. Use the ip ospf cost command in interface configuration command
mode to specify a non-default outbound cost on an interface.
Configuring Interface Priority
Each interface has a priority value that is communicated between routers by means of hello
messages and is used in the election of the Designated Router. See “Designated Router” on
page 22-3 for more information.
The default value of 1 is assigned to an interface when it is enabled for OSPF. Use the ip ospf
priority command in interface configuration mode to set a non-default priority on an interface.
Configuring Authentication
Authentication helps ensure that routing information is processed only from trusted routers. On
the fixed switches, OSPF authentication is configured at the interface level.
Two authentication schemes are available:
•Simple, using the ip ospf authentication-key command
•MD5, using the ip ospf message digest key md5 command
A single scheme must be configured for each network. The use of different schemes enables some
interfaces to use much stricter authentication than others. When you wish to bar routers from
exchanging OSPF packets, use simple authentication. The interfaces that the packets will be sent
on still must be trusted because the authentication key will be placed in the packets and is visible
to anyone on the network. All neighboring routers on the same network must have the same
password configured to be able to form adjacencies and exchange OSPF information.
If you do not trust other routers on your network, use MD5 authentication. The system works by
using shared secret keys. Because keys are used to sign the packets with an MD5 checksum
through a one-way hash function, they cannot be forged or tampered with. Also, because the keys
are not included in the packet, snooping the key is impossible. Network users can still snoop the
contents of packets, though, because packets are not encrypted.
To Next Page
Loading...
Need help?
General