cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2945
Views
0
Helpful
5
Replies

passive interface

anitachoi3
Level 1
Level 1

Hi,

In ospf, I config the passve-interfce to interface. e.g.

router ospf 1

network 192.168.1.0 0.0.0.255

passive-interface fe0/0

Does it mean that the interface FE 0/0 MUST be the "stub area"?

or

does the "passive-interface" appear in stub area?

If config the stub area, the passive-interface should be config aslo.

rdgs

1 Accepted Solution

Accepted Solutions

Hello Anita,

the purpose of passive-interface is to allow the advertisement of the IP subnet associated to the interface without sending out:

- periodic updates for RIP and IGRP: these older protocol miss the state machine concept so they still accept routing updates heard on a passive interface. The same applies to RIPv2

- stop to send Hello packets out the interface: this applies to OSPF IS-IS and EIGRP: all of these protocols have a neighbor state machine: they cannot accept an update from someone that is not a neighbor so for them the passive interface stops sending and also receiving routing updates.

BGPv4: the passive-interface concept doesn't apply to BGP: for BGP a network is not a trigger for sending or receiving updates, hellos out the interface(s) whose IP addresses match the network command. In BGP a network command makes BGP to advertise the prefix if it is present in the routing table by any routing source (not only connected interfaces but also static routes or other routing protocols).

BGP packets are exchanged only on manually configured TCP sockets that act as communication channels for exchanging reachability information.

ODR:

ODR is based on CDP version2: if CDP is disabled on the link ODR will not work. But there is no passive-interface concept.

Hope to help

Giuseppe

View solution in original post

5 Replies 5

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Anita,

with passive-interface fa0/0 you tell the router that even if fa0/0's ip address match a network area statement you don't want it to build OSPF adjacencies on it: it does this by blocking hello protocol messages.

On a simpler protocol like RIP the passive-interfaces inhibits the sending of RIP updates but does not block the interface to receive RIP updates from other routers on the segment

The passive-interface is not related to stub area: you can passive also an interface in area 0.

To be noted the network associated to fa0/0 is still advertised in OSPF on other interfaces as an O route / O IA route. (if it matches a network area command)

Hope to help

Giuseppe

Hi,

I check the cisco link about the passive-interface,

http://www.cisco.com/en/US/docs/ios/iproute/command/reference/irp_pi1.html#wp1015271

it mentioned that "For the Open Shortest Path First (OSPF) protocol, OSPF routing information is neither sent nor received through the specified router interface. The specified interface address appears as a stub network in the OSPF domain."

base on the description, I config "passive-interface" or "area 1 stub no summary" to achieve above result?

rdgs

Hello Anita,

OSPF terminology is sometimes misleading:

a stub network: a segment where there are no other routers for example a client vlan with only user Pcs on it.

Used to classify links in Router LSA.

There is no need to send out OSPF hello packets stating the router is the DR for the segment no one can use it (an inside attacker may be interested)

a stub area: an OSPF area that has a built-in filter for every LSA type 5 (external type 5) that are not allowed to pass from area 0 to the stub area.

a stub area no summary: in addition to the filter on LSA type 5 also LSA type 4 and type 3 (O IA routes) are filtered

this a totally stub area

from the point of view of a router internal to the OSPF stub area it has a minimized database with detailed info of the area and just an O IA default route to the ABR router(s) that connect it to the backbone area.

This is useful if you have old or small routers and you want to avoid to overload them with the full OSPF database

passive-interface is explained in previous post is a different matter.

Hope to help

Giuseppe

Hi Giuseppe,

It means that function of the passive-interface:

-it does not send out the hello packet from that interface

-it still sends out "routes update" to that interfaces

-it can receive any incoming traffic from that interface

e.g. incoming "routes update" from that interface

e.g. incoming "hello packet" from that interface" but not take any action)

Does it have the same behaviour for all routing protocols?

eigrp

ospf

igrp

isis

rip

rip v2

bgp4

odr

rdgs

Hello Anita,

the purpose of passive-interface is to allow the advertisement of the IP subnet associated to the interface without sending out:

- periodic updates for RIP and IGRP: these older protocol miss the state machine concept so they still accept routing updates heard on a passive interface. The same applies to RIPv2

- stop to send Hello packets out the interface: this applies to OSPF IS-IS and EIGRP: all of these protocols have a neighbor state machine: they cannot accept an update from someone that is not a neighbor so for them the passive interface stops sending and also receiving routing updates.

BGPv4: the passive-interface concept doesn't apply to BGP: for BGP a network is not a trigger for sending or receiving updates, hellos out the interface(s) whose IP addresses match the network command. In BGP a network command makes BGP to advertise the prefix if it is present in the routing table by any routing source (not only connected interfaces but also static routes or other routing protocols).

BGP packets are exchanged only on manually configured TCP sockets that act as communication channels for exchanging reachability information.

ODR:

ODR is based on CDP version2: if CDP is disabled on the link ODR will not work. But there is no passive-interface concept.

Hope to help

Giuseppe

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco