Mistake 2: Forgetting to Make User VLANs Passive
Problem: User-facing VLANs send OSPF Hellos
Impact:
- Security risk (rogue routers can join)
- Wasted resources
Fix:
router ospf 1
passive-interface vlan 10
passive-interface vlan 20
Or use default:
router ospf 1
passive-interface default
no passive-interface gi0/0 ← Uplink only
Mistake 3: Using passive-default Without Exclusions
Problem:
router ospf 1
passive-interface default
! (Forgot to exclude uplinks)
Impact: ALL interfaces passive, no neighbors
Fix:
router ospf 1
no passive-interface gi0/0
no passive-interface gi0/1
Verification
R1# show ip protocols | include Passive
Passive Interface(s):
Vlan10
Vlan20
Loopback0
Should see: User VLANs, loopbacks
Should NOT see: Uplinks to other OSPF routers
Summary
✅ Never make uplinks passive
✅ Always make user VLANs passive
✅ Always make loopbacks passive
✅ Use passive-default on edge routers
Next: Subnet Mask Mismatch (Article 25)
Internal Links:
- ← Routes Not Appearing (Article 23)
- ← OSPF Passive Interfaces (Article 9)
- ← Neighbors Not Forming (Article 18)
