Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1913
Views
0
Helpful
4
Replies

Passive-interface default resets configuration

joshuacmoore
Level 1
Level 1

‎10-30-2013 12:58 AM - edited ‎03-04-2019 09:27 PM

Hello all,

I would like to run a scenario by you guys and get your input regarding the "passive-interface default" OSPF command. Let's assume I am working on an existing configured OSPF router with the following configuration:

router ospf 1
 router-id 10.10.10.1
 passive-interface default
 no passive-interface GigabitEthernet6/1
 no passive-interface GigabitEthernet6/2
 network 10.10.10.0

If I go and paste the duplicate configuration in as follows what would the expected result be?

router ospf 1
 router-id 10.10.10.1
 passive-interface default

My thoughts were that there would be no impact to OSPF, routing, or the likes. Unfortunately this is not the case. I have found on my device that when you repaste the "passive-interface default" command in to the config that it actually resets all existing "no passive-interface" commands and enables passive-interface on all interfaces globally.

Router#sh run | sec router ospf
router ospf 1
 router-id 10.10.10.1
 passive-interface default
 no passive-interface GigabitEthernet6/1
 no passive-interface GigabitEthernet6/2
 network 10.10.10.0
Router#config t
Router(config)#router ospf 1
Router(config-router)# passive-interface default
Router(config-router)#end
Router#sh run | sec router ospf
router ospf 1
 router-id 10.10.10.1
 passive-interface default
 network 10.10.10.0

This is especially bad if you are performing maintenance on the router out of network where your connectivity requires a default route to be learned via OSPF. Has anyone else encountered this or do they feel this behavior to be a bit odd?

Labels:
0 Helpful
4 Replies 4

daniel.dib
Level 7
Level 7

‎10-30-2013 01:42 AM

Documentation says:

"The default keyword sets all interfaces as passive by default. You can then configure individual interfaces where adjacencies are desired using the nopassive-interface command. The default keyword is useful in Internet service provider (ISP) and large enterprise networks where many of the distribution routers have more than 200 interfaces."

I'm not sure why it doesn't honor the existing no passive-interface commands but maybe it was something in the code that was necessary to put them all passive first.

At least it's good that you tested the behavior so you know what to expect. If you already have passive-interface why would you want to enter it again? If you want to make interfaces passive that were non passive before you could do no no-passive interface x/x.

Daniel Dib
CCIE #37149

Daniel Dib
CCIE #37149
CCDE #20160011

Please rate helpful posts.
0 Helpful

joshuacmoore
Level 1
Level 1
In response to daniel.dib

‎10-30-2013 03:32 AM

I hit this issue while performing actual maintenance. When I build my standardized config templates, I keep an all-inclusive list of commands that should be part of the config and paste them in as a whole. I guess this is just something that I am going to have to omit from the standard config template used for OSPF as there is no way to apply "passive-interface default" command to OSPF without it being service impacting.

Sent from Cisco Technical Support iPhone App

0 Helpful

James Sears
Level 1
Level 1

‎06-09-2014 11:31 AM

Hi Joshua,

We recently deployed the passive-interface default command throughout our network and the first time I was configuring it I tried to paste the command in along with the 'no passive-interface [WAN int]'. Of course what happened was that as soon as the passive command hit I lost connection to the router since every interface went passive and the no passive-interface commands never made it to the router. The solution I came up with was to tftp all of my commands to the router as a text file and then copy the *.txt file to the running config. Then it took the new passive-interface command (which wiped out all the non passive interfaces) but then it also added the 'no' version of the command for the WAN interfaces that we didn't want passive. These commands were all together in the same text file I tftp-ed to the router. Worked great for us maybe it'll help you also.

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to James Sears

‎06-09-2014 04:38 PM

It may be surprising when you first encounter it, but the behavior that passive-interface default will reset the configuration of every interface has been in IOS for quite a while. Using TFTP to send the commands rather then keying them in manually is a good workaround.

 

HTH

 

Rick

HTH

Rick
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card