Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2199
Views
10
Helpful
7
Replies

Confirm my understanding of 'ospf passive-interface'

Go to solution
news2010a
Level 3
Level 3

‎04-09-2009 08:28 AM - last edited on ‎04-05-2022 05:26 AM by Community Manager

Hey, I understand that the command

passive-interface

will prevent routing updates from being sent on the respective interface (in this case, vlan100).

 

That means that the network advertised below (11.172.101.128) will be advertised, but only the vlan100 will not send routing updates about it, correct?

 

(...)

interface Vlan100

ip address 11.172.101.130 255.255.255.128

no clns route-cache

no shutdown




interface Port-channel1

switchport trunk allowed vlan add 100




router ospf 300

passive-interface Vlan100

network 11.172.101.128 0.0.0.127 area 0.0.0.117

(...)


Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
lamav
Level 8
Level 8

‎04-09-2009 08:56 AM - last edited on ‎04-05-2022 05:29 AM by Community Manager

The

passive-interface

command behaves differently, depending on the protocol being used.

 

In RIP this command will disable sending updates via a specific interface but will allow listening to incoming updates from other RIP speaking neighbors.

 

In EIGRP it prevents any Hellos from being sent, and therefore does not allow a neighborship to be established, nor any routes to be learned through that interface.

 

In OSPF, the

passive interface

command does the same as in eigrp. It prevents Hellos from being sent and thereby disallows adjacencies from being formed. And if an adjacency does exist and the command is executed, the adjacency will be disolved.

 

However, the

passive-interface

command does not prevent LSAs from being passed. This is why OSPF neighbors hanging off of different interfaces on that router will learn of that passive interface's network address. LSAs will still be placed in the local OSPF database and then sent and sourced by that interface. This is true, of course, if you are advertising the network under the OSPF process (ie, running OSPF on that interface). In that case, you should see a type 1 router LSA in the OSPF database for that network.

 

Your other option would be to redistribute connected, which will be advertised as a type-5 extrenal LSA.

 

HTH

 

Victor

View solution in original post

7 Replies 7

Go to solution
royalblues
Level 10
Level 10

‎04-09-2009 08:40 AM - last edited on ‎04-05-2022 05:27 AM by Community Manager 

Passive interface

just stops sending OSPF hellos out of their interface and hence you will not be able to make any adjacencies via that interface

 

This command is useful as there is no need to send ospf hellos if there is no neighbor available at the other end

 

In your case the subnet is still advertised via OSPF but no OSPF hellos are sent out (you can verify it via debug commands)

 

HTH

Narayan

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎04-09-2009 08:46 AM - last edited on ‎04-05-2022 05:40 AM by Community Manager

Marlon

 

Not strictly correct. Making the interface passive will stop an adjacency being formed with other OSPF routers on that subnet - vlan 100. So that this router will not send advertisements on vlan 100.

 

However the

network 11.172.101.128 0.0.0.127 area 0.0.0.117

under the router ospf 300 config does not tell this router to advertise the 11.172.101.128 network. It tells the router to start OSPF running on any interface on this router that falls within the 11.172.101.129 - 254 range. The network statement behaves the same way for EIGRP/RIP.

 

As an additional point, with BGP a

network x.x.x.x mask x.x.x.x

under the BGP config does actually tell the router to advertise that network.

 

Jon

Go to solution
lamav
Level 8
Level 8

‎04-09-2009 08:56 AM - last edited on ‎04-05-2022 05:29 AM by Community Manager

The

passive-interface

command behaves differently, depending on the protocol being used.

 

In RIP this command will disable sending updates via a specific interface but will allow listening to incoming updates from other RIP speaking neighbors.

 

In EIGRP it prevents any Hellos from being sent, and therefore does not allow a neighborship to be established, nor any routes to be learned through that interface.

 

In OSPF, the

passive interface

command does the same as in eigrp. It prevents Hellos from being sent and thereby disallows adjacencies from being formed. And if an adjacency does exist and the command is executed, the adjacency will be disolved.

 

However, the

passive-interface

command does not prevent LSAs from being passed. This is why OSPF neighbors hanging off of different interfaces on that router will learn of that passive interface's network address. LSAs will still be placed in the local OSPF database and then sent and sourced by that interface. This is true, of course, if you are advertising the network under the OSPF process (ie, running OSPF on that interface). In that case, you should see a type 1 router LSA in the OSPF database for that network.

 

Your other option would be to redistribute connected, which will be advertised as a type-5 extrenal LSA.

 

HTH

 

Victor

Go to solution
news2010a
Level 3
Level 3
In response to lamav

‎04-09-2009 09:19 AM

You guys rule. Thanks!

0 Helpful

Go to solution
lamav
Level 8
Level 8
In response to news2010a

‎04-09-2009 09:24 AM

Thanks for the rating.

Anytime...

Victor

0 Helpful

Go to solution
CriscoSystems
Level 5
Level 5
In response to lamav

‎04-09-2009 10:30 AM

>>In EIGRP it prevents any Hellos from being sent, and therefore does not allow a neighborship to be established, nor any routes to be learned through that interface.

Well if it's not sending hellos, it forms no neighborships and thus can't advertise any routes, in addition to not learning any.

What, then, is the point of having that interface under EIGRP at all?

0 Helpful

Go to solution
royalblues
Level 10
Level 10
In response to CriscoSystems

‎04-09-2009 10:51 PM

As Victor mentioned in his post, you would require this network to be configured so that it can be advertised to other eigrp neighbors on a different interface or else you would need redistribute connected under EIGRP

Narayan

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card