Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

When do you use "passive-interface vlanX"

Is this a command that is normally used? I see it on my two core switches but not on the core switches at my other two sites. I understand that it is used for an interface that does not participate in eigrp but its network is advertised. Is this command necessary only behind a ACL/firewall? If no firewall exists can this command be removed? Does this command cut down on the amount traffic on the switches?

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Blue

Re: When do you use "passive-interface vlanX"

The command can be used for a number of reasons but on core switches it is usually because you have a lot of vlan interfaces and if you do not make any of them passive then they all form eigrp neighborships between the core switches. So when you do a "sh ip eigrp neigh" you get a huge list with all the vlan interfaces. It also means each vlan interface will be exchanging keepalives etc.

So in order to cut down the neighborships and make it eaiser to troubleshoot often 2 vlans are used to peer and then all other vlan interfaces are made passive.

In this case it has nothing to do with firewalls. You can remove it and nothing disastrous will happen but unless it is causing you problems i would leave as is. Just make sure you are using at least 2 vlans for neighborships in case one of them accidentally gets shutdown.

Jon

2 REPLIES

Re: When do you use "passive-interface vlanX"

This command could be used in your network for 2 reasons:-

1) Not advertise a specific network - as it's no required to form a neighbour on that interface.

2) Prevent asymmetric routing loops.

HTH>

Hall of Fame Super Blue

Re: When do you use "passive-interface vlanX"

The command can be used for a number of reasons but on core switches it is usually because you have a lot of vlan interfaces and if you do not make any of them passive then they all form eigrp neighborships between the core switches. So when you do a "sh ip eigrp neigh" you get a huge list with all the vlan interfaces. It also means each vlan interface will be exchanging keepalives etc.

So in order to cut down the neighborships and make it eaiser to troubleshoot often 2 vlans are used to peer and then all other vlan interfaces are made passive.

In this case it has nothing to do with firewalls. You can remove it and nothing disastrous will happen but unless it is causing you problems i would leave as is. Just make sure you are using at least 2 vlans for neighborships in case one of them accidentally gets shutdown.

Jon

149
Views
0
Helpful
2
Replies