Prevent OSPF interfaces on S series switches from sending and receiving protocol packets


To prevent local OSPF routing information from being obtained by devices on other networks and prevent the local S series switch from receiving routing update information advertised by other devices on the same network, run the silent-interface command in the OSPF process view to forbid an OSPF interface on the local switch from sending and receiving OSPF packets. By default, an interface is allowed to receive OSPF packets.
Disabling interfaces from receiving and sending OSPF packets is a method of preventing routing loops. After an OSPF interface is prevented from sending and receiving OSPF packets, the interface can still advertise its direct routes. Hello packets on the interface, however, cannot be forwarded. Therefore, no neighbor relationship can be established on the interface. This enhances the networking adaptability of OSPF and reduces system resource consumption.
For example, disable VLANIF 200 from sending and receiving OSPF packets as follows:
[HUAWEI] ospf 100
[HUAWEI-ospf-100] silent-interface vlanif 200

Other related questions:
How does an S series switches process received routing protocol packets
Q: How does an S series switches process received routing packets? A: After receiving a routing protocol packet, an S series switches sends it to the MPU. After calculation, the MPU delivers control messages to an LPU for routing information updates.

What is the protocol number of OSPF used by S series switches
The Open Shortest Path First (OSPF) protocol is a link-state Interior Gateway Protocol (IGP) developed by the Internet Engineering Task Force (IETF). OSPF is IP-based and the protocol number is 89.

Configure OSPF to filter received routes on S series switches
The Open Shortest Path First (OSPF) is a routing protocol based on the link status. Unlike the routing protocols using the distance-vector (D-V) algorithm, OSPF ensures topology consistency and provides loop-free routes. To configure OSPF to filter routes, run the filter-policy import command. The record about the LSA of a route filtered out exists in the OSPF database. The OSPF process does not add the route to the routing table but the LSA of the route is advertised. That is, the peer end can receive the route. The filter-policy export command can only be used to configure OSPF to filter imported external routes to be advertised. OSPF also supports the filtering of routes carried in Type 3 LSAs on ABRs. This feature enables ABRs to filter routes when advertising Type 3 LSAs between OSPF areas. Only the packets with prefixes meeting requirements can be transmitted from one area to another. In this way, the incoming and outgoing packets of an area are controlled.

Prevent an S series switch from setting up an OSPF neighbor relationship with a device connecting to an interface on the switch
Run the silent-interface command on an interface of an S series switch supporting OSPF. Then the switch cannot set up an OSPF relationship with the device connecting to the interface. To enable OSPF on many interfaces while disabling OSPF neighbor relationship establishment on most interfaces, run the silent-interface all command and then run the undo silent-interface command to enable OSPF neighbor relationship establishment on specified interfaces.

Whether DHCPv6 snooping allows S series switch to send packets received from user-side interfaces to only network-side interfaces
On S series switches (except S1700 switches) in V100R006 and later versions, DHCPv6 snooping allows the switches to send packets received from user-side interfaces to only network-side interfaces.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top