Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6227
Views
55
Helpful
8
Replies

Why using passive-interface eigrp in vlan interface ?

Go to solution
eigrpy
Level 4
Level 4

‎10-21-2015 08:12 AM - edited ‎03-08-2019 02:18 AM

Hi As we know, passive-interface in eigrp can prevent eigrp traffic from sending out and forming eigrp neighbor for that special physical interface. However, if it is configured at vlan interface, that means that the vlan cannot have any eigrp neighbor. If so, the eigrp is no functional at all. and using the eigrp in that vlan is no any significant. The following is example. Anyone can explain it ? Thank you 

 

interface Vlan10
  no ip redirects
  ip address 10.1.1.2/24
  ip router eigrp 10
  ip passive-interface eigrp 10

 

 

 

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Ganesh Hariharan
VIP Alumni
VIP Alumni

‎10-21-2015 08:39 AM 

Hi As we know, passive-interface in eigrp can prevent eigrp traffic from sending out and forming eigrp neighbor for that special physical interface. However, if it is configured at vlan interface, that means that the vlan cannot have any eigrp neighbor. If so, the eigrp is no functional at all. and using the eigrp in that vlan is no any significant. The following is example. Anyone can explain it ? Thank you 


interface Vlan10
  no ip redirects
  ip address 10.1.1.2/24
  ip router eigrp 10
  ip passive-interface eigrp 10

Hi,

Passive interface configuration with EIGRP is different and won't form neighbour ship with other device.

When passive-interface configured in SVI or physical interface , router cannot form a neighbour adjacencies on that interface or send or receive routing updates.

You can use Distribute list to control the updates and to form adjancecie with neighbouring devices by suppressing the outbound update and allowing incoming update.

Hope it Helps..

-GI

rate if it Helps.

View solution in original post

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Ganesh Hariharan

‎10-21-2015 10:25 AM

The original poster asks this question " So I think the two commands together do not any any effect." I absolutely do not agree that the commands together do not have any effect. The ip router eigrp 10 has the effect of enabling the routing protocol on the interface which allows EIGRP to advertise the subnet found on the interface. The passive interface command stops sending and receiving EIGRP messages on the interface. The result is that EIGRP does advertise the subnet and does not form neighbor relationships on the interface. That is certainly an effect.

 

It is a fairly common situation that a router (or layer 3 switch) has an interface in a vlan where all of the devices in the vlan are user PCs or are all servers, etc. If there is no other device in that vlan running EIGRP then there is no benefit in sending EIGRP messages into that vlan and this is what the passive interface command is intended to do.

 

If there is another device running EIGRP then certainly you do not want to use passive interface. But if there is no device running EIGRP then passive interface conserves resources.

 

It may help to think of this as a two stage question.

- the first stage question is whether you want EIGRP to run on the interface? If so then use the ip router eigrp 10.

- if you do enable EIGRP on the interface then the second stage question is whether there is any device on that subnet which will also run EIGRP and could become a neighbor. If there will be no neighbors then use the passive interface command.

 

HTH

 

Rick

HTH

Rick

View solution in original post

8 Replies 8

Go to solution
Ganesh Hariharan
VIP Alumni
VIP Alumni

‎10-21-2015 08:39 AM 

Hi As we know, passive-interface in eigrp can prevent eigrp traffic from sending out and forming eigrp neighbor for that special physical interface. However, if it is configured at vlan interface, that means that the vlan cannot have any eigrp neighbor. If so, the eigrp is no functional at all. and using the eigrp in that vlan is no any significant. The following is example. Anyone can explain it ? Thank you 


interface Vlan10
  no ip redirects
  ip address 10.1.1.2/24
  ip router eigrp 10
  ip passive-interface eigrp 10

Hi,

Passive interface configuration with EIGRP is different and won't form neighbour ship with other device.

When passive-interface configured in SVI or physical interface , router cannot form a neighbour adjacencies on that interface or send or receive routing updates.

You can use Distribute list to control the updates and to form adjancecie with neighbouring devices by suppressing the outbound update and allowing incoming update.

Hope it Helps..

-GI

rate if it Helps.

Go to solution
eigrpy
Level 4
Level 4
In response to Ganesh Hariharan

‎10-21-2015 09:06 AM

Thank you for your reply. I notice there are below two commands under vlan interface in Nexus 7k

ip router eigrp 10
ip passive-interface eigrp 10

Do you think it is useful ? The passive-interface will block any eigrp adjacency between the vlan interface and any other interface, right ? So I think the two commands together do not any any effect. Do you think so ?  

0 Helpful

Go to solution
Ganesh Hariharan
VIP Alumni
VIP Alumni
In response to eigrpy

‎10-21-2015 09:26 AM 

Thank you for your reply. I notice there are below two commands under vlan interface in Nexus 7k

ip router eigrp 10
ip passive-interface eigrp 10

Do you think it is useful ? The passive-interface will block any eigrp adjacency between the vlan interface and any other interface, right ? So I think the two commands together do not any any effect. Do you think so ?

Hi,

As stated earlier, the above two commands won't able to form neighbour ship between eigrp neighbouring devices.

Either you need to apply Distribution list for allowing incoming update and suppressing outgoing for forming successful neighbour ship.

Check out the below link on applying Distribution list along with passive interface.

http://www.cisco.com/c/en/us/support/docs/ip/interior-gateway-routing-protocol-igrp/9105-34.html#disout

Hope it Helps..

-GI

Rate if it Helpss

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Ganesh Hariharan

‎10-21-2015 10:25 AM

The original poster asks this question " So I think the two commands together do not any any effect." I absolutely do not agree that the commands together do not have any effect. The ip router eigrp 10 has the effect of enabling the routing protocol on the interface which allows EIGRP to advertise the subnet found on the interface. The passive interface command stops sending and receiving EIGRP messages on the interface. The result is that EIGRP does advertise the subnet and does not form neighbor relationships on the interface. That is certainly an effect.

 

It is a fairly common situation that a router (or layer 3 switch) has an interface in a vlan where all of the devices in the vlan are user PCs or are all servers, etc. If there is no other device in that vlan running EIGRP then there is no benefit in sending EIGRP messages into that vlan and this is what the passive interface command is intended to do.

 

If there is another device running EIGRP then certainly you do not want to use passive interface. But if there is no device running EIGRP then passive interface conserves resources.

 

It may help to think of this as a two stage question.

- the first stage question is whether you want EIGRP to run on the interface? If so then use the ip router eigrp 10.

- if you do enable EIGRP on the interface then the second stage question is whether there is any device on that subnet which will also run EIGRP and could become a neighbor. If there will be no neighbors then use the passive interface command.

 

HTH

 

Rick

HTH

Rick

Go to solution
Masoud Pourshabanian
VIP Alumni
VIP Alumni

‎10-21-2015 11:08 AM

Hello,

When you configure router EIGRP and specifies some networks under it, you are actually doing two things.

 

1- enabling the interface to talk with its neighbor and make neighborship.

2- advertise routing table and the network defined on the interface to EIGRP neighbors.

 

Sometimes, for some reasons you do not want to make any neighborship on specific interface, but you need to advertise that interface to other EIGRP neighbors.

 

As an example, Int VLAN 10 is defined for a server farm including only some servers. You do not need to send any hello packets in order to make any neighborship because there is no one to answer those hello packet, but still you need to advertise that interface to other EIGRP neighbors because servers needs to be seen by others. it is similar to your case. interface does not take part to create EIGRP relationship, but still its IP is being advertised.

Hope it helps,

Masoud

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎10-21-2015 11:34 AM

Just to add to what others have said.

A very common occurrence of where you see this is when you have a pair of L3 switches interconnected via a L2 trunk running HSRP/VRRP/GLBP for client and possibly server vlans.

Without the passive interface command the L3 switches form peerings with each other over every SVI ("int vlan <x>") and this can be a lot peerings you just don't need.

So what you usually see are most of the SVIs being made passive and perhaps a dedicated vlan being used for peering between the switches.

Jon

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Jon Marshall

‎10-25-2015 07:24 PM

Jon

 

This is an excellent observation. L3 switch trunks with multiple VLANs with HSRP is a very good example of when passive interface would be useful. +5

 

HTH

 

Rick

HTH

Rick

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to Richard Burts

‎10-26-2015 05:41 PM

Rick

Thanks very much.

Jon

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card