Prevent an S series switch from setting up an OSPF neighbor relationship with a device connecting to an interface on the switch

1

Run the silent-interface command on an interface of an S series switch supporting OSPF. Then the switch cannot set up an OSPF relationship with the device connecting to the interface.
To enable OSPF on many interfaces while disabling OSPF neighbor relationship establishment on most interfaces, run the silent-interface all command and then run the undo silent-interface command to enable OSPF neighbor relationship establishment on specified interfaces.

Other related questions:
On a square-shaped network, OSPF neighbor relationships cannot be set up on P2P interfaces of S series switches. Why
Question: Four devices in the same VLAN form a square-shaped network and the type of their interfaces is P2P. Why cannot the devices establish OSPF neighbor relationships? Answer: A Hello packet, as a multicast packet, sent by a device is transmitted within the entire VLAN since interfaces of the devices are in the same VLAN. P2P interfaces do not check masks, so when another device receives the Hello packet, it immediately establishes a neighbor relationship. However, the device neglects Hello packets sent by the other two devices since a P2P interface can only establish one neighbor relationship at a time. This causes the neighbor status of each device remaining Init. A sends a Hello packet, and B receives the packet �?A considers B as its neighbor. B sends a Hello packet, and C receives the packet �?B considers C as its neighbor. C sends a Hello packet, and D receives the packet �?C considers D as its neighbor. D sends a Hello packet, and A receives the packet �?D considers A as its neighbor. Therefore, the devices cannot establish Full OSPF neighbor relationships.

Must two S series switches be on the same network segment to set up an OSPF neighbor relationship
Question: Must the interfaces on two ends of an OSPF link be on the same network segment and the mask digits on the neighboring interfaces be consistent? Answer: When two S series switches are establishing an OSPF neighbor relationship, the interfaces on the broadcast network, NBMA network, or P2MP network must be on the same network segment and the mask digits on the neighboring interfaces must be consistent. The limitations do not apply to interfaces on a P2P network. On an OSPF P2P network, if the link-layer protocol is PPP, OSPF neighbors with IP addresses on different network segments can be in the Full state and correctly calculate routes. However, if the link-layer protocol is not PPP (for example, HDLC), devices with IP addresses on different network segments cannot establish an OSPF neighbor relationship. Through PPP negotiation, the local device can obtain the IP address of the remote device and have a route to the remote device without extra configuration.

How can an OSPF neighbor relationship with a device on a certain interface be prevented
To stop devices from becoming OSPF neighbors on a particular interface, run the silent-interface command on the OSPF view. If the devices have a large number of interfaces, configuring the silent-interface command on each of the interfaces is difficult. In this case, configure all the interfaces as silent by using a single silent-interface all command. Then, cancel the prohibition of neighbor relationship establishment on interfaces where a neighbor relationship needs to be established by running the undo silent-interface command.

Prevent OSPF interfaces on S series switches from sending and receiving protocol packets
To prevent local OSPF routing information from being obtained by devices on other networks and prevent the local S series switch from receiving routing update information advertised by other devices on the same network, run the silent-interface command in the OSPF process view to forbid an OSPF interface on the local switch from sending and receiving OSPF packets. By default, an interface is allowed to receive OSPF packets. Disabling interfaces from receiving and sending OSPF packets is a method of preventing routing loops. After an OSPF interface is prevented from sending and receiving OSPF packets, the interface can still advertise its direct routes. Hello packets on the interface, however, cannot be forwarded. Therefore, no neighbor relationship can be established on the interface. This enhances the networking adaptability of OSPF and reduces system resource consumption. For example, disable VLANIF 200 from sending and receiving OSPF packets as follows: [HUAWEI] ospf 100 [HUAWEI-ospf-100] silent-interface vlanif 200

Configure OSPF neighbor authentication on an S series switch
OSPF authentication of S series switches includes area authentication and interface authentication. 1. Area authentication Run the authentication-mode command in an OSPF area view to set the authentication mode and password for the OSPF area. For example: [HUAWEI] ospf 100 [HUAWEI-ospf-100] area 0 [HUAWEI-ospf-100-area-0.0.0.0] authentication-mode simple cipher huawei To configure MD5 authentication, run the following command: [HUAWEI-ospf-100-area-0.0.0.0] authentication-mode md5 1 cipher huawei 2. Interface authentication The interface authentication mode is used among neighbor switches to set the authentication mode and password. Its priority is higher than that of the area authentication mode. Run the ospf authentication-mode command in the interface view to set the authentication mode and password for adjacent switches. For example: [HUAWEI] interface vlanif 100 [HUAWEI-Vlanif100] ospf authentication-mode simple cipher huawei To configure MD5 authentication, run the following command: [HUAWEI-Vlanif100]ospf authentication-mode md5 1 cipher huawei Note: When configuring area authentication or interface authentication, all switches involved must have the same authentication mode and password. If not, the switches may fail to set up an OSPF neighbor relationship.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top