Passive-interface default on eigrp

Similar Messages

• IOS-XR: EIGRP passive-interface default?

  It appears there's no ability to make all interfaces passive by default in XR as there is in IOS.
  Is there a reason for this or is it just that it has not been included yet?
  Workaround is to configure all unnecessary interfaces as passive but I prefer to have all passive and then only enabled where needed.
  TIA,

  Hi Gary,
  I filed request CSCug38048 for this. It may take a day or so for it to show up in teh bug toolkit, but then you have something for tracking. I dont have a definitive release for this either, but I am trying to see if we can do this short(er) term.
  As for the other question on the use of passive sparingly. I don't necessarily agree with that statement. Passive is very useful to include prefixes in the advertisement, but to prevent forming adj. Loopbacks are to be made passive, because it is a waste of cpy cycles trying to generate a hello on that stub interface and then drop it in software. Passive is the proper solution. Same thing with access facing interfaces that dont need adj to the CE's, but have to be included in the routing.
  The alternative of using redistribute connected is indeed an option, but the disadvantage for that is that it creates EXTERNAL routes, in both OSPF and EIGRP, with different metric calculations.
  The magnitude of "many" in this regard is dependent on the number of times you don't mind configuring "passive-interface" under the eigrp enabled interface configuration. For me personally that would be about 20
  What I mean to say is, it is not dependent on a scaling limitation or anything other then operator/user.
  cheers!
  xander

• Passive-interface default resets configuration

  Hello all,
  I would like to run a scenario by you guys and get your input regarding the "passive-interface default" OSPF command. Let's assume I am working on an existing configured OSPF router with the following configuration:
  router ospf 1 router-id 10.10.10.1 passive-interface default no passive-interface GigabitEthernet6/1 no passive-interface GigabitEthernet6/2 network 10.10.10.0
  If I go and paste the duplicate configuration in as follows what would the expected result be?
  router ospf 1 router-id 10.10.10.1 passive-interface default
  My thoughts were that there would be no impact to OSPF, routing, or the likes. Unfortunately this is not the case. I have found on my device that when you repaste the "passive-interface default" command in to the config that it actually resets all existing "no passive-interface" commands and enables passive-interface on all interfaces globally.
  Router#sh run | sec router ospfrouter ospf 1 router-id 10.10.10.1 passive-interface default no passive-interface GigabitEthernet6/1 no passive-interface GigabitEthernet6/2 network 10.10.10.0Router#config tRouter(config)#router ospf 1Router(config-router)# passive-interface defaultRouter(config-router)#endRouter#sh run | sec router ospfrouter ospf 1 router-id 10.10.10.1 passive-interface default network 10.10.10.0
  This is especially bad if you are performing maintenance on the router out of network where your connectivity requires a default route to be learned via OSPF. Has anyone else encountered this or do they feel this behavior to be a bit odd?

  Documentation says:
  "The default keyword sets all interfaces as passive by default. You can then configure individual interfaces where adjacencies are desired using the nopassive-interface command. The default keyword is useful in Internet service provider (ISP) and large enterprise networks where many of the distribution routers have more than 200 interfaces."
  I'm not sure why it doesn't honor the existing no passive-interface commands but maybe it was something in the code that was necessary to put them all passive first.
  At least it's good that you tested the behavior so you know what to expect. If you already have passive-interface why would you want to enter it again? If you want to make interfaces passive that were non passive before you could do no no-passive interface x/x.
  Daniel Dib
  CCIE #37149

• EIGRP network vs. no passive-interface

  What is the difference between configuring EIGRP with the "network" command, then specifying the IP addresses of the interfaces you want to use OR using the no passive-interface command.
  The examples below might make more sense:
  gi0/0.1 has an IP of 192.168.1.1
  gi0/0.2 has an IP of 192.168.2.1
  s1/0 has an IP of 192.168.3.1
  s1/0 has an IP of 192.168.4.1
  router eigrp 100
  passive-interface default
  no passive-interface GigabitEthernet0/0.1
  no passive-interface GigabitEthernet0/0.2
  no passive-interface Serial1/0
  no passive-interface Serial1/1
  network 192.168.0.0
  no auto-summary
  router eigrp 100
  network 192.168.1.1
  network 192.168.2.1
  network 192.168.3.1
  network 192.168.4.1
  no auto-summary
  Don't both of these configurations accomplish the same thing? If so, is there any advantage to using one over the other?
  Thanks,
  Nate

  Actually, on a technecality, they do not do the same thing. And it is one of the subtlties of the behavior of EIGRP that may be important to understand when preparing for the CCIE or when administering an EIGRP network.
  The important aspect to recognize here is the classful network boundaries. The first example had network 192.168.0.0. This happens to be a class C network. And EIGRP would be looking for interfaces that are in that particular network. And it would not process the interfaces on 192.168.1.0 or 192.168.2.0 etc. Even though EIGRP works very well in a classless addressing environment, its roots are in a classful background. And one manifestation of that is the default behavior to treat the network statement as looking for classful boundaries. So in fact if you configure EIGRP with network 192.168.1.1 and then do a show run what you will see is 192.168.1.0 because EIGRP is processing classful network boundaries.
  If the example had used a class B like 172.16.1.1 and 172.16.2.1 etc then the two approaches would have produced the same results.
  There are two more aspects of this I would like to comment on. One is the background of the passive default. This ties back to the essentially classful nature of the processing that EIGRP does on the network statement. If you were bringing up a router that would eventually have many interfaces that would be subnets of the same classful network and you put in network 172.16.0.0 then EIGRP would attempt to process every interface with an address in the subnets of that network. But you might not want them to be advertised when they were configured, you might want to wait till there was actually something deployed there, or perhaps you might not want EIGRP to process a particular interface at all (perhaps that interface connected to something external to your network. Cisco introduced the passive default to accomodate this situation. With passive default EIGRP does not process the interface till you specifically activate it.
  Another interesting aspect is that Cisco then introduced the ability within EIGRP to use a netmask on the network statement which allows you to specifically identify the particular interface you want to process. This addresses the classful default behavior and makes EIGRP truly more of a classless routing protocol.
  So lets take the example that started this discussion and change it a little bit. Suppose there was a router with interfaces 172.16.1.1, 172.16.2.1, 172.16.3.1, and 172.16.4.1. And suppose that you wanted (for whatever reason) to include 1, 2, and 4 but not 3. How could you do it?
  The more traditional solution would be to use passive default and leave the 3 as passive. Or the more recent solution would be to use network statements with netmask to include only the specific interfaces that you wanted.
  HTH
  Rick

• Passive-interface

  Hi
  10xs ankur for ur previous link;so i need to control route propogation to access layer switchs using dist-list;and allow only default route to be advertised to the access layer(i'll configure access as eigrp stub.have a check to this config
  access-switch
  router eigrp 1
  eigrp stub connected
  Dist-node
  Dist-node EIGRP configuration:
  interface Port-channel1
  description to Core
  ip address 10.1.0.1 255.255.255.252
  ip hello-interval eigrp 1 1
  ip hold-time eigrp 1 3
  ip summary-address eigrp 10 10.2.0.0 255.255.0.0
  interface GigabitEthernet1/1
  description To Access (L3)
  ip address 10.1.0.9 255.255.255.252
  ip hello-interval eigrp 1 1
  ip hold-time eigrp 1 3
  router eigrp 1
  passive-interface default
  no passive-interface Port-channel1
  no passive-interface GigabitEthernet1/1
  network 10.0.0.0
  distribute-list Default out GigabitEthernet1/1
  no auto-summary
  ip Access-list standard Default
  permit 0.0.0.0.
  do i need inverse maske when i advertise the 10.0.0.0?like this config i prevent access switch to act as transit node?why should only permit default route?
  10xs for ur reply
  ali

  Hi,
  do i need inverse maske when i advertise the 10.0.0.0? ?
  The answer depends on details of how you configure EIGRP. You have configured it like this:
  router eigrp 1
  network 10.0.0.0
  then EIGRP will look for every interface on the router which is in 10.0.0.0 and include that interface into EIGRP processing.
  If you want to configure it like this
  router eigrp 1
  network 10.0.0.0 0.0.0.3
  then EIGRP will look for the interface that matches the address and mask and will find at most one interface that matches and that interface will be included into EIGRP processing.
  HTH, Please rate if it does.
  -amit singh

• Passive interface on a SVI, does that work or not?

  Hello all,
  At my office, I am trying to clean some of the routing table and fix some routing issues. We run eigrp for internal network. In one of the routers, eigrp neighbor relationship is through SVIs only. I'm actively trying to use "passive interface default" for all the L3 devices, and doing "no passive... " for the interfaces that are currently forming neighbor relationship. So, does that work the same for SVIs? Do I just do "no passive interface default int vlan XX" for all the SVI that are forming the neighbor relationship? will that work the same as for a physical interface? or do I need to track the physical ports that are actively using that vlan? I have looked around and haven't found a definitive answer. I would really appreciate some help.
  Thank you in advance.

  Disclaimer
  The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
  Liability Disclaimer
  In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
  Posting
  I know it works for OSPF, I would assume it would for EIGRP too, but cannot say for sure.

• Passive interface command on RIP

  Hi all,
  This command below
  passive-interface command give additional information to RIP, that it can't send updates via this particular interface ---
  As per my understanding is this if we have 2 routers that are directly connected with each other and we enable this command on the interface of one of
  routers then that router will not send any RIP updates to other router right?
  secondly if these 2 routers are point to point connection we can ping directly conencted interfaces IP of  routers because they are directly connected even though there is no routing protocol running between these two right?
  3rd thing when i run sh ip protocols on one of router it shows
  Routing Protocol is "rip"
    Sending updates every 30 seconds, next due in 1 seconds
    Invalid after 180 seconds, hold down 180, flushed after 240
    Outgoing update filter list for all interfaces is not set
    Incoming update filter list for all interfaces is not set
    Redistributing: rip
    Default version control: send version 2, receive version 2
      Interface             Send  Recv  Triggered RIP  Key-chain
      FastEthernet0/0       2     2
    Automatic network summarization is in effect
    Maximum path: 4
    Routing for Networks:
      192.168.4.0
    Routing Information Sources:
      Gateway         Distance      Last Update
      192.168.4.2          120      00:23:38 ****************************************************
  here last update time keeps on incrementing but  sh ip route does not show now that rip is running.
  so this line means
  Invalid after 180 seconds, hold down 180, flushed after 240
  that after 240 secs router will flush the rip routes fron the routing table right?
  but sh ip protocol  will always show rip as routing protocol as we have config the rip and last update time will keep on incrementing right?
  thanks
  mahesh

  Hi Mahesh,
  From the config guide:
  To control the set of interfaces with which you  want to exchange routing updates, you can disable the sending of routing  updates on specified interfaces by configuring the
  passive-interface
  here is the link:
  http://www.cisco.com/en/US/docs/ios/12_0/np1/configuration/guide/1crip.html
  Correct, you do not need a routing protocol.  The interfaces are directly connected.  Now, if for example you add a loopback address to each router, you need a routing protocol or static router to reach the opposite router's loopback address.
  The reason the interfaces/IPs do not show up in the RIP routing table is because they are directly connected and directly connected routes have a lower admin distance (1) which is preferred over rip which is 120.
  yes
  HTH

• Passive interface vlan 50

  Hi
  i need to know with detail what does it mean this command"passive interface vlan 50"?;description;usefulllink it is very much appreciated.
  10xs
  ali

  Hi Ali,
  "passive-interface" router configuration command is applied to stop sending routing updates on an interface.
  It behaves different for different routing protocol like for EIGRP the passive-interface command disables the transmission and receipt of EIGRP hello packets on an interface so the neighborship will not form on that interface which is configured as passive interface.
  In OSPF, hello packets are not sent on an interface that is specified as passive. Hence, the router will not be able to discover any neighbors, and none of the OSPF neighbors will be able to see the router on that network.
  But for RIP and IGRP it does not send the routing updates out on that interface which is configured as passive but still that interface will be advertised out from other interfaces.
  Have a look at this link for more details
  http://www.cisco.com/en/US/products/sw/iosswrel/ps1830/products_feature_guide09186a008008784e.html#wp11573
  http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fipr_c/ipcprt2/1cfindep.htm#wp1019396
  Now depending upon the routing protocol you have configured interface vlan 50 will not advertise the routes out from the interface vlan 50 and if you have configured eigrp or ospf it will not form any neighborship with peer on interface vlan 50.
  HTH, if yes please rate the post.
  Ankur

• Bug in APEX 4.2.4 User Interface defaults

  Hi,
  I set the user defaults in a table. I select to create a static set of values for a field. All is good. Saved and used in a form like a charm.
  When I go back to edit and add a new set of values to an existing List, I click on Add Row Button but nothing happens.
  the path is: SQL Workshop > Utilities > User Interface Defaults > Table Dictionary > Table and Column Properties > Column Defaults > Static List of Values
  Am I missing something? or is this a bug?

  I tried (SELECT ...) UNION (SELECT ...) as simple Interactive Report query in APEX 4.1.0.00.32 and received "SQL statement needs to start with SELECT".
  What version are you upgrading from?
  I was able to do this in a Classic Report but it complained, wanting a unique key in the Interactive Report.
  select * from ((select 1, EMPNO from EMP) UNION (select 2, EMPNO from EMP))
  Howard

• Master Detail Wizard and User Interface Defaults

  Trying to create a master/detail form (on one page, no report).
  1. Wizard is giving the option to use User Interface Defaults for the master table, but not for the detail (I don't want to for either) - is this the expected behaviour? If so, why the inconsistency? Will/can this be changed in the future?
  2. Despite selecting NOT to use UI defaults, and entering new region titles, wizard is creating default region titles using the UI defaults. Is this a bug?
  3. Supplementary: Is it possible to get rid of UI defaults?
  HTML DB 1.6.0.00.87

  I asked about this last month:
  Master Detail Wizard and User Interface Defaults
  with no response.
  Anyone?

• "mpls traffic eng passive-interface" mapping on XR

  Dears,
  ON IOS for TE-InterAS ,the command "mpls traffic-eng passive-interface" is used on InterAS link which isn't running IGP so i am seeking for the equivlent command on XR but i can't find it so please advise what is the equivlent command on XR
  Thanks

  Hello Amr,
  There is no equivalent command on IOS-XR. Are you trying to set up Inter-AS MPLS TE on XR? In IOS-XR, inter-AS tunnels are supported only by using verbatim path-options. Verbatim path-options are supported on both IOS and IOS-XR.
  HTH,
  Rivalino

• Pix/Asa OSPF passive interface

  Hi.
  I am going to have an OSPF process for two internal interfaces. But I also have one external interface where I do not want any OSPF traffic going out. I have not so far found any OSPF PASSIVE INTERFACE type of commands om PIX/ASA. Is there any one out there who knows if there is one command like that or how one can stop OSPF packet from going out. I presume that an outgoing access-list will not stop this traffic.
  Regards Bjorn

  Hi,
  Don't define external interface as partecipating to OSPF process.
  That is you have to define the two interface partecipating to OSPF process:
  view: "Enabling OSPF ". Here is the link:http://www.cisco.com/en/US/docs/security/asa/asa70/configuration/guide/ip.html#wp1041629.
  I hope this helps.
  Best regards.
  Massimiliano.

• VRF & OSPF passive interfaces

  Hello,
  if configuring OSPF for a VRF you cannot configure passive interfaces! The command does not even exist!
  This seems to be related to CSCeb86068.
  Does anyone have experiences with that issue??
  Any intelligent solution??
  Thanks
  Juerg

  1.For no neighbor in your VPN, you can try BGP as PE-CE routing protocol.
  router bgp 65000
  address-family ipv4 vrf school
  network x.x.x.x mask x.x.x.x
  no auto-summary
  no synchronization
  exit-address-family
  R1#v all 172.16.1.0
  BGP routing table entry for 172:16:172.16.1.0/24, version 373
  Paths: (1 available, best #1, table school)
  Flag: 0x820
  Advertised to update-groups:
  1 2
  Local
  0.0.0.0 from 0.0.0.0 (172.16.0.1)
  Origin IGP, metric 0, localpref 100, weight 32768, valid, sourced, local, best
  Extended Community: RT:172:16
  2.If you still need use ospf and passive interface in your ospf vrf, upgrade to 12.4.2 or above. :)

• Physical interface Default Gateway connecting VPN with AnyConnect

  When I connect vpn with AnyConnect, I can't see default gateway on Physical Interface.
  before connect vpn
  ==========================================
  C:\WINDOWS\system32>ipconfig
  Windows IP Configuration
  Ethernet adapter Local Area
          Connection-specific DNS Suffix  . :
          IP Address. . . . . . . . . . . . : 10.1.1.100
          Subnet Mask . . . . . . . . . . . : 255.255.255.0
          Default Gateway . . . . . . . . . : 10.1.1.10
  after connect vpn with anyconnect
  ==========================================
  C:\WINDOWS\system32>
  C:\WINDOWS\system32>ipconfig
  Windows IP Configuration
  Ethernet adapter Local Area
          Connection-specific DNS Suffix  . :
          IP Address. . . . . . . . . . . . : 10.1.1.100
          Subnet Mask . . . . . . . . . . . : 255.255.255.0
          Default Gateway . . . . . . . . . :'Can't see default gateway'
  Is this the specification of Anyconnect?

  Nyanko,
  This will happen when you are using tunnel all as the split tunneling policy, the computer will encrypt all the traffic so the default gateway will be removed from the physical connection and placed into the virtual adapter. If you take a look at the routing table you will see that what really happens is that the original default route's metric will be changed so that it is higher than the one injected by the virtual adapter, once you disconnect it should go back to normal.
  Further information on split tunneling:
  http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080975e83.shtml
  HTH
  Jonnathan

• Question on passive serial sub interface EIGRP

                     Hi Everyone,
  I know how passive interface default works in EIGRP.
  I need to confirm below say we have
  se0/0/0
  no ip address
  se0/0/0.10
  ip address 192.168.50.1 x.x.x.x
  Router eigrp 100
  passive interface default
  no passive interface se0/0/0
  I do not have device to test this so need to confirm if i also need command
  no passive interface se0/0/0.10 or not?
  Regards
  Mahesh

  Mahesh
  I do not have any device that would allow me to test this either. But I believe that you need to specify the subinterface and not just the physical interface.
  HTH
  Rick