How can an OSPF neighbor relationship with a device on a certain interface be prevented

14

To stop devices from becoming OSPF neighbors on a particular interface, run the silent-interface command on the OSPF view.

If the devices have a large number of interfaces, configuring the silent-interface command on each of the interfaces is difficult. In this case, configure all the interfaces as silent by using a single silent-interface all command. Then, cancel the prohibition of neighbor relationship establishment on interfaces where a neighbor relationship needs to be established by running the undo silent-interface command.

Other related questions:
Prevent an S series switch from setting up an OSPF neighbor relationship with a device connecting to an interface on the switch
Run the silent-interface command on an interface of an S series switch supporting OSPF. Then the switch cannot set up an OSPF relationship with the device connecting to the interface. To enable OSPF on many interfaces while disabling OSPF neighbor relationship establishment on most interfaces, run the silent-interface all command and then run the undo silent-interface command to enable OSPF neighbor relationship establishment on specified interfaces.

Can an OSPF neighbor relationship be established between devices that are on different subnets
A neighbor relationship can be established between two routers that are not on the same subnet only when the devices are connected through point-to-point (P2P) links. On a Point-to-Multipoint (P2MP) network, you can determine whether adjacencies can be formed between neighbors that are not on the same subnet. In all other cases, the devices must be on the same subnet.

How to configure OSPF on S series switches
For OSPF configuration on S series switches, see Common OSPF Operations on S Series Switches. For typical OSPF configuration examples on S series switches, see "Typical Routing Configuration - Typical OSPF Configuration" in S1720&S2700&S3700&S5700&S6700&S7700&S9700 Typical Configuration Examples.

Problem and solution when the OSPF status is abnormal
To solve the problem that the OSPF status between the firewall and the peer device cannot reach the Full state, perform the following steps: 1. Check the OSPF status. Check whether the OSPF neighboring relationship can be established between the firewall and the peer device. 2. If no, check the security policy configuration. Check whether the security policy control function for unicast packets is enabled. That is, check whether the firewall packet-filter basic-protocol enable command is configured. If yes, run the undo firewall packet-filter basic-protocol enable command to disable the function. To establish an OSPF neighboring relationship, devices need to exchange DD packets. DD packets are OSPF unicast packets. By default, the forwarding of OSPF unicast packets is not controlled by security policies. However, if you run the firewall packet-filter basic-protocol enable command to enable the security policy control function for OSPF unicast packets, you need also to configure the corresponding security policy to allow the packets to be forwarded. For details, see OSPF can not step into full state caused by security policy deny.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top