From: Daniel C. Young (danyoung99@xxxxxxxxxxxx)
Date: Sun Aug 19 2001 - 00:25:13 GMT-3
Demand-circuit automatically spoofs the interface, by setting the DNA bits
on the LSAs. So if you passify the interface or block routing updates across
the ISDN link, then what happens when your primary link fails? Then your
backup link will not come up unless ip traffic exists, which might be fine
when you only have a stub network. But in that case, you might as well use a
floating static. After all, the purpose of OSPF DC is so that all routers
can still share identical LSA database.
Regards,
Daniel
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Gregory W. Posey Jr.
Sent: Thursday, 16 August 2001 5:47 AM
To: Brittan Walker; ccielab@groupstudy.com
Subject: RE: ISDN/OSPF Question
I've usually been successful with the following setup...
dialer-group 1 (under Interface BRI0)
dialer-list 1 protocol ip list 101
access-list 101 deny ospf any any
access-list 101 permit ip any any
(So to answer your question - yes I would add an access list to deny OSPF,
but not applied to an interface, rather apply it to the dialer list)
Also, with your current config, when you do a "show dialer", what is the
dial reason that shows up in the display? If it's IP to a destination of
224.0.0.5, then yeah the OSPF is keeping the line up (and the UP UP
(Spoofing) doesn't mean the interface is actually up - if I remember
correctly).
Thank you,
Greg Posey Jr.
CONECTS Network Analyst
CCIE #7981
CCDA/CCNP - Security Specialist
Cisco Voice Access Specialist
313-875-2088 ext. 347
www.conects.com
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Brittan Walker
Sent: Thursday, August 16, 2001 8:23 AM
To: ccielab@groupstudy.com
Subject: ISDN/OSPF Question
I was working in the lab last night on ISDN and OSPF.
I have included the following basic commands I was using.
I was trying to block all hellos and updates. My thought
process was based on the following URL:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/np1_c
/1cprt1/1cospf.htm#xtocid709123
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/np1_c
/1cprt1/1cospf.htm#xtocid709128
When I would do a sh int, the BRI would be up, up (spoofing).
When I would do a debug ip ospf packets & events, I would
continue to see updates from networks on the other side of the
ISDN link. I also tried adding passive-interface bri0. CDP
is disabled in this case.
Based on the URL above, this should do it. The dialer-list
permits ip. Should I set up an access list to block OSPF
hellos and updates? Let me know what you think.
Brit
int bri0
ip ospf demand-circuit
ip ospf network non-broadcast
ip ospf database-filter all out
router ospf 100
neighbor 172.16.35.1 priority 0
area 5 nssa
**Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:31:53 GMT-3