Wireless Access

Reply
MVP
Posts: 371
Registered: ‎01-14-2010

Passive OSPF interface on Mobility Switch?

All,

 

Is there a way to create a passive interface within an OSPF profile with a Mobility Access Switch? It may be called something different in Aruba parlance - a passive interface is a layer 3 interface that cannot neighbor up with other OSPF devices. I tried setting this up the other day without any luck.

 

Thanks!

 

-Mike 

Guru Elite
Posts: 8,632
Registered: ‎09-08-2010

Re: Passive OSPF interface on Mobility Switch?

[ Edited ]

There is no passive interface per-say, but if you are trying to stop route advertisements and hellos from going out client VLANs, you can use the new redistribute VLAN function that was added in 7.2.

 

You no longer have to apply OSPF profiles to the individual SVIs. Instead, run the following command under the global ospf-profile:

 

redistribute vlan <vlan-ids> 

(where vlan-ids are the client facing vlans)

 


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
MVP
Posts: 371
Registered: ‎01-14-2010

Re: Passive OSPF interface on Mobility Switch?

Hi Tim,

 

Thanks for that info! I know someone who is getting ready to deploy a lot of S3500s and that redistribute VLAN command will save him some time.

 

It sounds like the best thing to do, for the time being, is to write a small ACL that blocks the OSPF multicast groups. Have you tried that at Brandeis?

 

Thanks!

 

-Mike

Guru Elite
Posts: 8,632
Registered: ‎09-08-2010

Re: Passive OSPF interface on Mobility Switch?

We have not tried that but it should work.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
Showing results for 
Search instead for 
Did you mean: