10-21-2015 08:12 AM - edited 03-08-2019 02:18 AM
Hi As we know, passive-interface in eigrp can prevent eigrp traffic from sending out and forming eigrp neighbor for that special physical interface. However, if it is configured at vlan interface, that means that the vlan cannot have any eigrp neighbor. If so, the eigrp is no functional at all. and using the eigrp in that vlan is no any significant. The following is example. Anyone can explain it ? Thank you
interface Vlan10
no ip redirects
ip address 10.1.1.2/24
ip router eigrp 10
ip passive-interface eigrp 10
Solved! Go to Solution.
10-21-2015 08:39 AM
Hi As we know, passive-interface in eigrp can prevent eigrp traffic from sending out and forming eigrp neighbor for that special physical interface. However, if it is configured at vlan interface, that means that the vlan cannot have any eigrp neighbor. If so, the eigrp is no functional at all. and using the eigrp in that vlan is no any significant. The following is example. Anyone can explain it ? Thank you interface Vlan10 no ip redirects ip address 10.1.1.2/24 ip router eigrp 10 ip passive-interface eigrp 10
Hi,
Passive interface configuration with EIGRP is different and won't form neighbour ship with other device.
When passive-interface configured in SVI or physical interface , router cannot form a neighbour adjacencies on that interface or send or receive routing updates.
You can use Distribute list to control the updates and to form adjancecie with neighbouring devices by suppressing the outbound update and allowing incoming update.
Hope it Helps..
-GI
rate if it Helps.
10-21-2015 10:25 AM
The original poster asks this question " So I think the two commands together do not any any effect." I absolutely do not agree that the commands together do not have any effect. The ip router eigrp 10 has the effect of enabling the routing protocol on the interface which allows EIGRP to advertise the subnet found on the interface. The passive interface command stops sending and receiving EIGRP messages on the interface. The result is that EIGRP does advertise the subnet and does not form neighbor relationships on the interface. That is certainly an effect.
It is a fairly common situation that a router (or layer 3 switch) has an interface in a vlan where all of the devices in the vlan are user PCs or are all servers, etc. If there is no other device in that vlan running EIGRP then there is no benefit in sending EIGRP messages into that vlan and this is what the passive interface command is intended to do.
If there is another device running EIGRP then certainly you do not want to use passive interface. But if there is no device running EIGRP then passive interface conserves resources.
It may help to think of this as a two stage question.
- the first stage question is whether you want EIGRP to run on the interface? If so then use the ip router eigrp 10.
- if you do enable EIGRP on the interface then the second stage question is whether there is any device on that subnet which will also run EIGRP and could become a neighbor. If there will be no neighbors then use the passive interface command.
HTH
Rick
10-21-2015 08:39 AM
Hi As we know, passive-interface in eigrp can prevent eigrp traffic from sending out and forming eigrp neighbor for that special physical interface. However, if it is configured at vlan interface, that means that the vlan cannot have any eigrp neighbor. If so, the eigrp is no functional at all. and using the eigrp in that vlan is no any significant. The following is example. Anyone can explain it ? Thank you interface Vlan10 no ip redirects ip address 10.1.1.2/24 ip router eigrp 10 ip passive-interface eigrp 10
Hi,
Passive interface configuration with EIGRP is different and won't form neighbour ship with other device.
When passive-interface configured in SVI or physical interface , router cannot form a neighbour adjacencies on that interface or send or receive routing updates.
You can use Distribute list to control the updates and to form adjancecie with neighbouring devices by suppressing the outbound update and allowing incoming update.
Hope it Helps..
-GI
rate if it Helps.
10-21-2015 09:06 AM
Thank you for your reply. I notice there are below two commands under vlan interface in Nexus 7k
ip router eigrp 10 ip passive-interface eigrp 10
Do you think it is useful ? The passive-interface will block any eigrp adjacency between the vlan interface and any other interface, right ? So I think the two commands together do not any any effect. Do you think so ?
10-21-2015 09:26 AM
Thank you for your reply. I notice there are below two commands under vlan interface in Nexus 7k ip router eigrp 10 ip passive-interface eigrp 10 Do you think it is useful ? The passive-interface will block any eigrp adjacency between the vlan interface and any other interface, right ? So I think the two commands together do not any any effect. Do you think so ?
Hi,
As stated earlier, the above two commands won't able to form neighbour ship between eigrp neighbouring devices.
Either you need to apply Distribution list for allowing incoming update and suppressing outgoing for forming successful neighbour ship.
Check out the below link on applying Distribution list along with passive interface.
http://www.cisco.com/c/en/us/support/docs/ip/interior-gateway-routing-protocol-igrp/9105-34.html#disout
Hope it Helps..
-GI
Rate if it Helpss
10-21-2015 10:25 AM
The original poster asks this question " So I think the two commands together do not any any effect." I absolutely do not agree that the commands together do not have any effect. The ip router eigrp 10 has the effect of enabling the routing protocol on the interface which allows EIGRP to advertise the subnet found on the interface. The passive interface command stops sending and receiving EIGRP messages on the interface. The result is that EIGRP does advertise the subnet and does not form neighbor relationships on the interface. That is certainly an effect.
It is a fairly common situation that a router (or layer 3 switch) has an interface in a vlan where all of the devices in the vlan are user PCs or are all servers, etc. If there is no other device in that vlan running EIGRP then there is no benefit in sending EIGRP messages into that vlan and this is what the passive interface command is intended to do.
If there is another device running EIGRP then certainly you do not want to use passive interface. But if there is no device running EIGRP then passive interface conserves resources.
It may help to think of this as a two stage question.
- the first stage question is whether you want EIGRP to run on the interface? If so then use the ip router eigrp 10.
- if you do enable EIGRP on the interface then the second stage question is whether there is any device on that subnet which will also run EIGRP and could become a neighbor. If there will be no neighbors then use the passive interface command.
HTH
Rick
10-21-2015 11:08 AM
Hello,
When you configure router EIGRP and specifies some networks under it, you are actually doing two things.
1- enabling the interface to talk with its neighbor and make neighborship.
2- advertise routing table and the network defined on the interface to EIGRP neighbors.
Sometimes, for some reasons you do not want to make any neighborship on specific interface, but you need to advertise that interface to other EIGRP neighbors.
As an example, Int VLAN 10 is defined for a server farm including only some servers. You do not need to send any hello packets in order to make any neighborship because there is no one to answer those hello packet, but still you need to advertise that interface to other EIGRP neighbors because servers needs to be seen by others. it is similar to your case. interface does not take part to create EIGRP relationship, but still its IP is being advertised.
Hope it helps,
Masoud
10-21-2015 11:34 AM
Just to add to what others have said.
A very common occurrence of where you see this is when you have a pair of L3 switches interconnected via a L2 trunk running HSRP/VRRP/GLBP for client and possibly server vlans.
Without the passive interface command the L3 switches form peerings with each other over every SVI ("int vlan <x>") and this can be a lot peerings you just don't need.
So what you usually see are most of the SVIs being made passive and perhaps a dedicated vlan being used for peering between the switches.
Jon
10-25-2015 07:24 PM
Jon
This is an excellent observation. L3 switch trunks with multiple VLANs with HSRP is a very good example of when passive interface would be useful. +5
HTH
Rick
10-26-2015 05:41 PM
Rick
Thanks very much.
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide