passive-interface command

Answered Question
Mar 24th, 2009
User Badges:
  • Bronze, 100 points or more

Hi every body!

I just want to confirm one thing.


Does passive-interface tell the router not to send any routing protocol related packets on the specified interface or it also tell the router ignore the received routing protocol related packets on the interface?


Thanks a lot!

Correct Answer by Mohamad Qayoom about 8 years 3 months ago

Here is what Cisco has to say:


With most routing protocols, the passive-interface command restricts outgoing advertisements only. However, when used with Enhanced Interior Gateway Routing Protocol (EIGRP), the effect is slightly different. The use of the passive-interface command in EIGRP suppresses the exchange of hello packets between two routers, which results in the loss of their neighbor relationship. This stops not only routing updates from being advertised, but it also suppresses incoming routing updates.


Thanks,

Mohamad

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
sarahr202 Tue, 03/24/2009 - 21:30
User Badges:
  • Bronze, 100 points or more

I found out passive-int command only stops the routing protocols packets such as update, hell0 etc from being transmitted on the interface configured with passive-int command.


Thanks a lot !

Correct Answer
Mohamad Qayoom Tue, 03/24/2009 - 21:50
User Badges:
  • Bronze, 100 points or more

Here is what Cisco has to say:


With most routing protocols, the passive-interface command restricts outgoing advertisements only. However, when used with Enhanced Interior Gateway Routing Protocol (EIGRP), the effect is slightly different. The use of the passive-interface command in EIGRP suppresses the exchange of hello packets between two routers, which results in the loss of their neighbor relationship. This stops not only routing updates from being advertised, but it also suppresses incoming routing updates.


Thanks,

Mohamad

viyuan700 Tue, 03/24/2009 - 21:53
User Badges:
  • Silver, 250 points or more

in RIP and EIGRP

router dont send routing updates but receive and process routing updates with passive interface


in OSPF & IS-IS

routing information is neither sent nor received through passive interface

Giuseppe Larosa Wed, 03/25/2009 - 02:20
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Vivuyan,


EIGRP has a neighbor state machine so I think only RIP is able to accept routing updates on a passive-interface.


EIGRP, OSPF, and IS-IS have the neighbor-state machine concept : updates are exchanged in a controlled way only after a certain state is reached that implies two way communication (like the OSPF state called in the same way)


Hope to help

Giuseppe


viyuan700 Wed, 03/25/2009 - 06:50
User Badges:
  • Silver, 250 points or more

Hi Giuseppe ,


Thanks for pointing out.


I have to keep in mind that few things are specific to IOS what i said is true for IOS XR but not for IOS.


"Use the passive-interface command to disable the sending of routing updates on an interface. The particular subnet continues to advertise to other interfaces, and updates from other routers on that interface continue to be received and processed."


http://www.cisco.com/en/US/docs/ios_xr_sw/iosxr_r3.7/routing/command/reference/rr37egp.html#wp1024986


Giuseppe Larosa Wed, 03/25/2009 - 07:49
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Viyaun,

yes IOS XR is different in this or this document is not correct.


Edit:

I mean in theory the right behaviour is that of IOS.


Hope to help

Giuseppe



viyuan700 Wed, 03/25/2009 - 08:52
User Badges:
  • Silver, 250 points or more

Hi Giuseppe,

IGRP was working the way RIP works for passive interface.


Maybe cisco have seen some advantage of changing with EIGRP like OSPF etc.


With distribute list you can stop send routing updates but EIGRP can form neighbor adjacencies. A behavior like RIP, IGRP.


http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080093f0a.shtml


I have no intension of arguing as you certainly have more knowledge on these topics.:)

badalam_nt Wed, 03/25/2009 - 07:50
User Badges:

From what I know, no matter what routing protocol is used, the router accepts the incoming routing protocol specific packets. It only does not transmit anymore on that interface routing protocol specific packets.


But because EIGRP, OSPF and IS-IS first have to establish neighbourship through the Hello packets, this phase will fail, as the neighbour routers will not receive from this router the Hello packets, so no routing updates will be sent to this router anymore.


In other words it is not that the router does not listen anymore to routing updates on that passive-interface updates, it is because the router does not get anymore the routing updates on that interface in case of EIGRP, OSPF and IS-IS.

Giuseppe could confirm/deny if my understanding is correct.

Giuseppe Larosa Wed, 03/25/2009 - 08:00
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Petru,

my understanding confirmed on tests on OSPF and IS-IS is what you say:


on the link other routers can form neighborships and exchange updates using well known multicast addresses.


So the router with the passive interface could listen to the multicast messages but cannot send acknowledgments for example and the others are not aware of its presence on the link.


So the update can be received but shouldn't be processed not coming from a valid neighbor (I'm sure of this for OSPF and IS-IS)


Hope to help

Giuseppe





Actions

This Discussion