Confirm my understanding of 'ospf passive-interface'

Answered Question
Apr 9th, 2009

Hey, I understand that the command 'passive-interface' will prevent routing updates from being sent on the respective interface (in this case, vlan100).

That means that the network advertised below (11.172.101.128) will be advertised, but only the vlan100 will not send routing updates about it, correct?

(...)

interface Vlan100

ip address 11.172.101.130 255.255.255.128

no clns route-cache

no shutdown

interface Port-channel1

switchport trunk allowed vlan add 100

router ospf 300

passive-interface Vlan100

network 11.172.101.128 0.0.0.127 area 0.0.0.117

(...)

I have this problem too.
0 votes
Correct Answer by lamav about 7 years 9 months ago

The passive-interface command behaves differently, depending on the protocol being used.

In RIP this command will disable sending updates via a specific interface but will allow listening to incoming updates from other RIP speaking neighbors.

In EIGRP it prevents any Hellos from being sent, and therefore does not allow a neighborship to be established, nor any routes to be learned through that interface.

In OSPF, the passive interface command does the same as in eigrp. It prevents Hellos from being sent and thereby disallows adjacencies from being formed. And if an adjacency does exist and the command is executed, the adjacency will be disolved.

However, the passive-interface command does not prevent LSAs from being passed. This is why OSPF neighbors hanging off of different interfaces on that router will learn of that passive interface's network address. LSAs will still be placed in the local OSPF database and then sent and sourced by that interface. This is true, of course, if you are advertising the network under the OSPF process (ie, running OSPF on that interface). In that case, you should see a type 1 router LSA in the OSPF database for that network.

Your other option would be to redistribute connected, which will be advertised as a type-5 extrenal LSA.

HTH

Victor

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
royalblues Thu, 04/09/2009 - 08:40

Passive interface just stops sending OSPF hellos out of their interface and hence you will not be able to make any adjacencies via that interface

This command is useful as there is no need to send ospf hellos if there is no neighbor available at the other end

In your case the subnet is still advertised via OSPF but no OSPF hellos are sent out (you can verify it via debug commands)

HTH

Narayan

Jon Marshall Thu, 04/09/2009 - 08:46

Marlon

Not strictly correct. Making the interface passive will stop an adjacency being formed with other OSPF routers on that subnet - vlan 100. So that this router will not send advertisements on vlan 100.

However the "network 11.172.101.128 0.0.0.127 area 0.0.0.117" under the router ospf 300 config does not tell this router to advertise the 11.172.101.128 network. It tells the router to start OSPF running on any interface on this router that falls within the 11.172.101.129 - 254 range. The network statement behaves the same way for EIGRP/RIP.

As an additional point, with BGP a "network x.x.x.x mask x.x.x.x" under the BGP config does actually tell the router to advertise that network.

Jon

Correct Answer
lamav Thu, 04/09/2009 - 08:56

The passive-interface command behaves differently, depending on the protocol being used.

In RIP this command will disable sending updates via a specific interface but will allow listening to incoming updates from other RIP speaking neighbors.

In EIGRP it prevents any Hellos from being sent, and therefore does not allow a neighborship to be established, nor any routes to be learned through that interface.

In OSPF, the passive interface command does the same as in eigrp. It prevents Hellos from being sent and thereby disallows adjacencies from being formed. And if an adjacency does exist and the command is executed, the adjacency will be disolved.

However, the passive-interface command does not prevent LSAs from being passed. This is why OSPF neighbors hanging off of different interfaces on that router will learn of that passive interface's network address. LSAs will still be placed in the local OSPF database and then sent and sourced by that interface. This is true, of course, if you are advertising the network under the OSPF process (ie, running OSPF on that interface). In that case, you should see a type 1 router LSA in the OSPF database for that network.

Your other option would be to redistribute connected, which will be advertised as a type-5 extrenal LSA.

HTH

Victor

CriscoSystems Thu, 04/09/2009 - 10:30

>>In EIGRP it prevents any Hellos from being sent, and therefore does not allow a neighborship to be established, nor any routes to be learned through that interface.

Well if it's not sending hellos, it forms no neighborships and thus can't advertise any routes, in addition to not learning any.

What, then, is the point of having that interface under EIGRP at all?

royalblues Thu, 04/09/2009 - 22:51

As Victor mentioned in his post, you would require this network to be configured so that it can be advertised to other eigrp neighbors on a different interface or else you would need redistribute connected under EIGRP

Narayan

Actions

This Discussion