Solved: Confirm my understanding of 'ospf passive-interface'

news2010a · ‎04-09-2009

Hey, I understand that the command

passive-interface

will prevent routing updates from being sent on the respective interface (in this case, vlan100).

That means that the network advertised below (11.172.101.128) will be advertised, but only the vlan100 will not send routing updates about it, correct?

(...)

interface Vlan100

ip address 11.172.101.130 255.255.255.128

no clns route-cache

no shutdown




interface Port-channel1

switchport trunk allowed vlan add 100




router ospf 300

passive-interface Vlan100

network 11.172.101.128 0.0.0.127 area 0.0.0.117

(...)

lamav · ‎04-09-2009

The

passive-interface

command behaves differently, depending on the protocol being used.

In RIP this command will disable sending updates via a specific interface but will allow listening to incoming updates from other RIP speaking neighbors.

In EIGRP it prevents any Hellos from being sent, and therefore does not allow a neighborship to be established, nor any routes to be learned through that interface.

In OSPF, the

passive interface

command does the same as in eigrp. It prevents Hellos from being sent and thereby disallows adjacencies from being formed. And if an adjacency does exist and the command is executed, the adjacency will be disolved.

However, the

passive-interface

command does not prevent LSAs from being passed. This is why OSPF neighbors hanging off of different interfaces on that router will learn of that passive interface's network address. LSAs will still be placed in the local OSPF database and then sent and sourced by that interface. This is true, of course, if you are advertising the network under the OSPF process (ie, running OSPF on that interface). In that case, you should see a type 1 router LSA in the OSPF database for that network.

Your other option would be to redistribute connected, which will be advertised as a type-5 extrenal LSA.

HTH

Victor

View solution in original post

royalblues · ‎04-09-2009

Passive interface

just stops sending OSPF hellos out of their interface and hence you will not be able to make any adjacencies via that interface

This command is useful as there is no need to send ospf hellos if there is no neighbor available at the other end

In your case the subnet is still advertised via OSPF but no OSPF hellos are sent out (you can verify it via debug commands)

HTH

Narayan

Jon Marshall · ‎04-09-2009

Marlon

Not strictly correct. Making the interface passive will stop an adjacency being formed with other OSPF routers on that subnet - vlan 100. So that this router will not send advertisements on vlan 100.

However the

network 11.172.101.128 0.0.0.127 area 0.0.0.117

under the router ospf 300 config does not tell this router to advertise the 11.172.101.128 network. It tells the router to start OSPF running on any interface on this router that falls within the 11.172.101.129 - 254 range. The network statement behaves the same way for EIGRP/RIP.

As an additional point, with BGP a

network x.x.x.x mask x.x.x.x

under the BGP config does actually tell the router to advertise that network.

Jon

lamav · ‎04-09-2009

The

passive-interface

command behaves differently, depending on the protocol being used.

In RIP this command will disable sending updates via a specific interface but will allow listening to incoming updates from other RIP speaking neighbors.

In EIGRP it prevents any Hellos from being sent, and therefore does not allow a neighborship to be established, nor any routes to be learned through that interface.

In OSPF, the

passive interface

command does the same as in eigrp. It prevents Hellos from being sent and thereby disallows adjacencies from being formed. And if an adjacency does exist and the command is executed, the adjacency will be disolved.

However, the

passive-interface

command does not prevent LSAs from being passed. This is why OSPF neighbors hanging off of different interfaces on that router will learn of that passive interface's network address. LSAs will still be placed in the local OSPF database and then sent and sourced by that interface. This is true, of course, if you are advertising the network under the OSPF process (ie, running OSPF on that interface). In that case, you should see a type 1 router LSA in the OSPF database for that network.

Your other option would be to redistribute connected, which will be advertised as a type-5 extrenal LSA.

HTH

Victor

news2010a · ‎04-09-2009

You guys rule. Thanks!

lamav · ‎04-09-2009

Thanks for the rating.

Anytime...

Victor

CriscoSystems · ‎04-09-2009

>>In EIGRP it prevents any Hellos from being sent, and therefore does not allow a neighborship to be established, nor any routes to be learned through that interface.

Well if it's not sending hellos, it forms no neighborships and thus can't advertise any routes, in addition to not learning any.

What, then, is the point of having that interface under EIGRP at all?

royalblues · ‎04-09-2009

As Victor mentioned in his post, you would require this network to be configured so that it can be advertised to other eigrp neighbors on a different interface or else you would need redistribute connected under EIGRP

Narayan