05-20-2013 04:17 PM
Is there a way to create a passive interface within an OSPF profile with a Mobility Access Switch? It may be called something different in Aruba parlance - a passive interface is a layer 3 interface that cannot neighbor up with other OSPF devices. I tried setting this up the other day without any luck.
05-20-2013 05:05 PM - edited 05-20-2013 05:06 PM
There is no passive interface per-say, but if you are trying to stop route advertisements and hellos from going out client VLANs, you can use the new redistribute VLAN function that was added in 7.2.
You no longer have to apply OSPF profiles to the individual SVIs. Instead, run the following command under the global ospf-profile:
redistribute vlan <vlan-ids>
(where vlan-ids are the client facing vlans)
05-26-2013 08:54 PM
Thanks for that info! I know someone who is getting ready to deploy a lot of S3500s and that redistribute VLAN command will save him some time.
It sounds like the best thing to do, for the time being, is to write a small ACL that blocks the OSPF multicast groups. Have you tried that at Brandeis?