Confirm my understanding of 'ospf passive-interface'

Answered Question
Apr 9th, 2009
User Badges:

Hey, I understand that the command 'passive-interface' will prevent routing updates from being sent on the respective interface (in this case, vlan100).


That means that the network advertised below (11.172.101.128) will be advertised, but only the vlan100 will not send routing updates about it, correct?


(...)

interface Vlan100

ip address 11.172.101.130 255.255.255.128

no clns route-cache

no shutdown


interface Port-channel1

switchport trunk allowed vlan add 100


router ospf 300

passive-interface Vlan100

network 11.172.101.128 0.0.0.127 area 0.0.0.117

(...)


Correct Answer by lamav about 8 years 2 months ago

The passive-interface command behaves differently, depending on the protocol being used.


In RIP this command will disable sending updates via a specific interface but will allow listening to incoming updates from other RIP speaking neighbors.


In EIGRP it prevents any Hellos from being sent, and therefore does not allow a neighborship to be established, nor any routes to be learned through that interface.


In OSPF, the passive interface command does the same as in eigrp. It prevents Hellos from being sent and thereby disallows adjacencies from being formed. And if an adjacency does exist and the command is executed, the adjacency will be disolved.


However, the passive-interface command does not prevent LSAs from being passed. This is why OSPF neighbors hanging off of different interfaces on that router will learn of that passive interface's network address. LSAs will still be placed in the local OSPF database and then sent and sourced by that interface. This is true, of course, if you are advertising the network under the OSPF process (ie, running OSPF on that interface). In that case, you should see a type 1 router LSA in the OSPF database for that network.


Your other option would be to redistribute connected, which will be advertised as a type-5 extrenal LSA.


HTH


Victor

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
royalblues Thu, 04/09/2009 - 08:40
User Badges:
  • Green, 3000 points or more

Passive interface just stops sending OSPF hellos out of their interface and hence you will not be able to make any adjacencies via that interface


This command is useful as there is no need to send ospf hellos if there is no neighbor available at the other end


In your case the subnet is still advertised via OSPF but no OSPF hellos are sent out (you can verify it via debug commands)


HTH

Narayan

Jon Marshall Thu, 04/09/2009 - 08:46
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Marlon


Not strictly correct. Making the interface passive will stop an adjacency being formed with other OSPF routers on that subnet - vlan 100. So that this router will not send advertisements on vlan 100.


However the "network 11.172.101.128 0.0.0.127 area 0.0.0.117" under the router ospf 300 config does not tell this router to advertise the 11.172.101.128 network. It tells the router to start OSPF running on any interface on this router that falls within the 11.172.101.129 - 254 range. The network statement behaves the same way for EIGRP/RIP.


As an additional point, with BGP a "network x.x.x.x mask x.x.x.x" under the BGP config does actually tell the router to advertise that network.


Jon

Correct Answer
lamav Thu, 04/09/2009 - 08:56
User Badges:
  • Blue, 1500 points or more

The passive-interface command behaves differently, depending on the protocol being used.


In RIP this command will disable sending updates via a specific interface but will allow listening to incoming updates from other RIP speaking neighbors.


In EIGRP it prevents any Hellos from being sent, and therefore does not allow a neighborship to be established, nor any routes to be learned through that interface.


In OSPF, the passive interface command does the same as in eigrp. It prevents Hellos from being sent and thereby disallows adjacencies from being formed. And if an adjacency does exist and the command is executed, the adjacency will be disolved.


However, the passive-interface command does not prevent LSAs from being passed. This is why OSPF neighbors hanging off of different interfaces on that router will learn of that passive interface's network address. LSAs will still be placed in the local OSPF database and then sent and sourced by that interface. This is true, of course, if you are advertising the network under the OSPF process (ie, running OSPF on that interface). In that case, you should see a type 1 router LSA in the OSPF database for that network.


Your other option would be to redistribute connected, which will be advertised as a type-5 extrenal LSA.


HTH


Victor

lamav Thu, 04/09/2009 - 09:24
User Badges:
  • Blue, 1500 points or more

Thanks for the rating.


Anytime...


Victor

CriscoSystems Thu, 04/09/2009 - 10:30
User Badges:
  • Bronze, 100 points or more

>>In EIGRP it prevents any Hellos from being sent, and therefore does not allow a neighborship to be established, nor any routes to be learned through that interface.


Well if it's not sending hellos, it forms no neighborships and thus can't advertise any routes, in addition to not learning any.


What, then, is the point of having that interface under EIGRP at all?


royalblues Thu, 04/09/2009 - 22:51
User Badges:
  • Green, 3000 points or more

As Victor mentioned in his post, you would require this network to be configured so that it can be advertised to other eigrp neighbors on a different interface or else you would need redistribute connected under EIGRP


Narayan



Actions

This Discussion