Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1203
Views
0
Helpful
2
Replies

When do you use "passive-interface vlanX"

Go to solution
zzbronski
Level 1
Level 1

‎08-27-2008 04:54 AM - edited ‎03-06-2019 01:01 AM

Is this a command that is normally used? I see it on my two core switches but not on the core switches at my other two sites. I understand that it is used for an interface that does not participate in eigrp but its network is advertised. Is this command necessary only behind a ACL/firewall? If no firewall exists can this command be removed? Does this command cut down on the amount traffic on the switches?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎08-27-2008 05:06 AM

The command can be used for a number of reasons but on core switches it is usually because you have a lot of vlan interfaces and if you do not make any of them passive then they all form eigrp neighborships between the core switches. So when you do a "sh ip eigrp neigh" you get a huge list with all the vlan interfaces. It also means each vlan interface will be exchanging keepalives etc.

So in order to cut down the neighborships and make it eaiser to troubleshoot often 2 vlans are used to peer and then all other vlan interfaces are made passive.

In this case it has nothing to do with firewalls. You can remove it and nothing disastrous will happen but unless it is causing you problems i would leave as is. Just make sure you are using at least 2 vlans for neighborships in case one of them accidentally gets shutdown.

Jon

View solution in original post

0 Helpful
2 Replies 2

Go to solution
andrew.prince
Level 10
Level 10

‎08-27-2008 05:05 AM

This command could be used in your network for 2 reasons:-

1) Not advertise a specific network - as it's no required to form a neighbour on that interface.

2) Prevent asymmetric routing loops.

HTH>

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎08-27-2008 05:06 AM

The command can be used for a number of reasons but on core switches it is usually because you have a lot of vlan interfaces and if you do not make any of them passive then they all form eigrp neighborships between the core switches. So when you do a "sh ip eigrp neigh" you get a huge list with all the vlan interfaces. It also means each vlan interface will be exchanging keepalives etc.

So in order to cut down the neighborships and make it eaiser to troubleshoot often 2 vlans are used to peer and then all other vlan interfaces are made passive.

In this case it has nothing to do with firewalls. You can remove it and nothing disastrous will happen but unless it is causing you problems i would leave as is. Just make sure you are using at least 2 vlans for neighborships in case one of them accidentally gets shutdown.

Jon

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card