Question on passive serial sub interface EIGRP

                   Hi Everyone,
I know how passive interface default works in EIGRP.
I need to confirm below say we have
se0/0/0
no ip address
se0/0/0.10
ip address 192.168.50.1 x.x.x.x
Router eigrp 100
passive interface default
no passive interface se0/0/0
I do not have device to test this so need to confirm if i also need command
no passive interface se0/0/0.10 or not?
Regards
Mahesh

Mahesh
I do not have any device that would allow me to test this either. But I believe that you need to specify the subinterface and not just the physical interface.
HTH
Rick

Similar Messages

  • The difference between IEEE802.1Q Native VLAN sub-interface and Physical interface?

    Hello
    I think the following topologies are supported for Cisco Routers
    And the Physical interface also can be using as Native VLAN interface right? 
    Topology 1.
     R1 Gi0.1 ------ IEEE802.1Q Tunneling  L2SW ------ Gi0 R2
    R1 - configuration
    interface GigabitEthernet0.1
     encapsulation dot1Q 1 native
     ip address 10.0.0.1 255.255.255.0
    Topology 2.
    R1 Gi0 ------ IEEE802.1Q Tunneling L2SW ------ Gi0 R2
    interface GigabitEthernet0
    ip address 10.0.0.1 255.255.255.0
     And is it ok to use the physical interface and sub-interface with dynamic routing such as EIGRP or OSPF etc?
    R1 Gi 0 ---- Point to Multipoint EIGRP or OSPF ---- Gi0 R2 / R3 
          Gi 0.20--- Point to Point EIGRP or OSPF --- Gi0.10 R4  (same VLAN-ID) 
    R1 - configuration
    interface GigabitEthernet0
     ip address 10.0.0.1 255.255.255.0
    interface GigabitEthernet8.20
     encapsulation dot1Q 20
     ip address 20.0.0.1 255.255.255.0
    Any information is very appreciated. but if there is any CCO document please let me know.
    Thank you very much and regards,
    Masanobu Hiyoshi

    Hello,
    The diagram is helpful.
    If I am getting you correctly, you have three routers interconnected by a switch, and you want them to operate in a hub-and-spoke fashion even though the switch is capable of allowing direct communication between any of these routers.
    Your first scenario is concerned with all three routers being in the same VLAN, and by using neighbor commands, you force these routers to establish targeted EIGRP adjacencies R1-R2 and R1-R3, with R1 being the hub.
    Your second scenario is concerned with creating one VLAN per spoke, having subinterfaces for each spoke VLAN created on R1 as the router, and putting each spoke just in its own VLAN.
    Your scenarios are not really concerned with the concept of native VLAN or the way it is configured, to be honest. Whether you use a native VLAN in either of your scenarios, or whether you configure the native VLAN on a subinterface or on the physical interface makes no difference. There is simply no difference to using or not using a native VLAN in any of your scenarios, and there is no difference to the native VLAN configuration being placed on a physical interface or a subinterface. It's as plain as that. Both your scenarios will work.
    My personal opinion, though, is that forcing routers on a broadcast multi-access segment such as Ethernet to operate in a hub-and-spoke fashion is somewhat artificial. Why would you want to do this? Both scenarios have drawbacks: in the first scenario, you need to add a neighbor statement for each spoke to the hub, limiting the scalability. In the second scenario, you waste VLANs and IP subnets if there are many spokes. The primary question is, though: why would you want an Ethernet segment to operate as a hub-and-spoke network? Sure, these things are done but they are motivated by specific needs so I would like to know if you have any.
    Even if you needed your network to operate in a hub-and-spoke mode, there are more efficient means of achieving that: Cisco switches support so-called protected ports that are prevented from talking to each other. By configuring the switch ports to spokes as protected, you will prevent the spokes from seeing each other. You would not need, then, to configure static neighbors in EIGRP, or to waste VLANs for individual spokes. What you would need to do would be deactivating the split horizon on R1's interface, and using the ip next-hop-self eigrp command on R1 to tweak the next hop information to point to R1 so that the spokes do not attempt to route packets to each other directly but rather route them over R1.
    I do not believe I have seen any special CCO documents regarding the use of physical interfaces or subinterfaces for native VLAN or for your scenarios.
    Best regards,
    Peter

  • Sub-interfaces on n5k

    Hi, I am trying to connect N5k (layer-3) and ASA, there is a requirement where some of the security-sensitive vlans have their layer-3 on the ASA and for those vlans who are less-sensitive have their svis on the N5k. I am doing a POC in my lab gear first. The n5k and the ASA are connected by 1 physical link having sub-interfaces on both the ends. There is a sub-int with vlan 10 (10.1.1.0/30) on both sides and the ASA injects a default-route to the N5k over this. so in case a non-secure vlan needs to talks to a secure-vlan it goes through via this path. My issue is that, if i create a sub-intf on the ASA, give it a vlan tag of 20, and on my N5k i add a port in that same vlan, i cannot ping my GW (ASA) from the laptop. I have also created a similar sub-int on the N5k side as well with tag 20, BUT still does not work.
    attached visio.
    Any clues??
    Thnx
    Sandev

    Hello Sande,
    That is correct! Please mark this question as answered so future users having a similar problem can learn from your
    solution.
    Regards,
    Julio

  • SSI (Serial Synchronous Interface) displacement sensor.

    Hi,
    Thanks advanced for your reply.
    How can I measure the signal from SSI (Serial Synchronous Interface) displacement sensor (MTS) with NI CompacDAQ or other products? Which module should I use? How to interprete the signal with Labview8.2?
    Thanks,
    jason

    Hi Jason,
    There is another discussion form that has worked on this same issue. Please look here for further information. If you have any further questions please let us know.
    Regards
    Krista S.
    Applications Engineering
    National Instruments

  • DMZ Sub interfaces into sub interface

    Hi,
    We have ASA FW 5010 in our organization and we have 4 DMZ's under the DMZ interface on ASA and all DMZ's are created on sub interfaces and assigned different VLANS on each DMZ's like
    DMZ-1 = 172.20.1.x - VLAN 1000
    DMZ-2 = 172.20.2.x - VLAN 1200
    DMZ-3 = 172.20.3.x - VLAN 1300
    DMZ-4 = 172.20.4.x - VLAN 1400
    My question is:
    Can we break sub interface (DMZ-4) into again another sub interface and assign another IP address like
    DMZ-4 = 172.20.4.x
    ---------= 172.20.5.x
    Means one VLAN has two IP addresses for gateway.
    One thing more how many times we can break one interface into subinterfaces.
    I hope my question is enough for understanding.
    Regards,
    Saeed

    > Can we break this feature on catalyst switches 2960 or 3560?
    You just want to have two IP-networks in one VLAN? If yes, that is possible on Routers and Switches with secondary IP-addresses. But the ASA doesn't support that.

  • Sub-interfaces on PO

    Hi, I have put 2 physicl interfaces (te0/8 & 9) on the ASA-5585 into a PO and am assigning ips/vlans to the sub-interfaces. I have 2 issues: - Why am I not able to ping the other sub-interface from the ASA itself? (I can ping the 1st one), Secondly, why the IPs are not visible in "sh int ip brief" ?Although I can see them in "sh ip" ..
    /actNoFailover(config-if)# int po17.100
    /actNoFailover(config-subif)# vlan 100
    /actNoFailover(config-subif)# ip add
    /actNoFailover(config-subif)# ip address 100.1.1.1 255.255.255.0
    /actNoFailover(config-subif)# int po17.101
    /actNoFailover(config-subif)# vlan 101
    /actNoFailover(config-subif)# ip address 101.1.1.1 255.255.255.0
    /actNoFailover(config-subif)# int po17.102
    /actNoFailover(config-subif)# vlan 102
    /actNoFailover(config-subif)# ip address 102.1.1.1 255.255.255.0
    /actNoFailover(config-subif)# ping 100.1.1.1
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 100.1.1.1, timeout is 2 seconds:
    Success rate is 100 percent (5/5), round-trip min/avg/max = 30/32/40 ms
    /actNoFailover(config-subif)# ping 101.1.1.1
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 101.1.1.1, timeout is 2 seconds:
    /actNoFailover(config)# sh int ip brie
    Interface                  IP-Address      OK? Method Status                Protocol
    TenGigabitEthernet0/8      unassigned      YES unset  up                    up
    TenGigabitEthernet0/9      unassigned      YES unset  up                    up
    Port-channel17             unassigned      YES unset  up                    up
    Port-channel17.100         unassigned      YES manual up                    up
    Port-channel17.101         unassigned      YES manual up                    up
    Port-channel17.102         unassigned      YES manual up                    up
    Please advise?

    Hello Sande,
    That is correct! Please mark this question as answered so future users having a similar problem can learn from your
    solution.
    Regards,
    Julio

  • ATOM on dot1q sub interfaces

    Hello, networkers!
    Long time no see ;-)
    Straight on question now. Imagine a MPLS network with the following topology:
    A B C D E
    (X) --- (X) --- (X) --- (X) --- (X)
    CE PE P PE CE
    Router A & E are customer's routers.
    Router B & D are PE routers
    Let's say that we have created MPLS ATOM using Xconnect in between routers B and D. They are both using FastEthernet interfaces with sub-interfaces configured on. Router D is configured to RouterE in this way:
    interface FastEthernet0/0.15
    description ** RouterD->RouterE **
    encapsulation dot1Q 15
    no cdp enable
    xconnect 2.2.2.2 666 encapsulation mpls
    on the other end, router B is configured as follow:
    interface FastEthernet0/0.26
    description ** RouterB->RouterA **
    encapsulation dot1Q 26
    no cdp enable
    xconnect 1.1.1.1 666 encapsulation mpls
    end
    Where 1.1.1.1 is RouterD loopback and 2.2.2.2 is Router B lo0.
    What do you think about that scenario? Should it work with this configuration when the dot1q vlans differs? In my opinion this shouldn't work as expected as long as MPLS is doing just transparent transport of entire L2 frame (instead of using internetworking on IP level)
    Can anyone, please explain how does Cisco handle this? I remember that I've read somewhere during my CCIE journey that there are different types of AtOM VC's which can either carry the dot1q tag or not.
    Thank you in advance!
    Kind regards,
    Dani Petrov
    P.p. I tried it in a few different configurations and the results are very interesting but please first share your thoughts ;-)

    Hi,
    You can't force the vc-type and don't need to.
    To summarize:
    - switchport trunk mode and subinterfaces will always pop the outer tag
    - EVC interfaces do nothing by default.
    On top of that vc-type 4 will add a service-delimiter tag to the frame received from the AC. It's the responsibility of the egress router to know what to do with this tag (rewrite or remove it).
    GSR and 7200 will negotiate a vc-type 4 if the AC is a subinterface. 7600 will always negotiate a vc-type 5 except if the peer wants a vc-type 4.
    HTH
    Laurent.

  • Cable Sub-Interface in VRF - DHCP Intermittent Problem

    I've configured multiple VRF's to support third party access to our cable infrastructure.
    Of the 15 CMTS' I have configured, all of them work fine except for one which happens to be a UBR10K running 12.2.15.BC1b. The other CMTS' (7200's and 7100's) are running fine with an older IOS revision but I need the latest IOS on the 10K to support VLAN sub-interfaces.
    The problem is occasionally, DHCP clients will obtain an IP address/netmask from within the proper VRF subnet, but the client is unreachable from the CMTS.
    If we disable the IP address in question from CNR and have the client renew their IP, service is restored.
    This is a big problem. Even though this only happens occasionally, when you have 8000+ users on a CMTS, 'occasionally' still works out to quite a few problem calls.
    Sub-interfaces set up to use static IP addressing on the client experience no problems.
    Any advice would be appreciated.
    = K

    More information may be require to understand the problem, mean while you can go through link :
    http://www.cisco.com/en/US/netsol/ns341/ns396/ns172/ns126/networking_solutions_design_guide_chapter09186a00800eeee8.html

  • Srp521w ethernet sub interfaces on WAN

    Hi there,
    Have followed the admin guide, and can setup this up fine, however what we're wanting is to turn off any IP connection for the main wan ethernet interface and only have the sub-interface have an IP connection method.
    I can't see how you can turn this off, which is causing a double-up of dhcp requests being sent when using both the main/sub ethernet interfaces to use dhcp.
    This has been tested on the 521w and 521w-u versions, and I've just used the latest firmware 1.2.4 on the u version.
    How can this be configured so that there is only 1 WAN interface that is using IP (the sub interface)
    Setting default routes to point to the sub interface doesn't make a difference.
    Thanks in advance.
    Chaz

    Hi Chaz,
    Configuring a static IP address on the main interface would be the only way to make it passive.  The address to use here could be the same for all routers, as technically it will never be used.
    Ensure that you set the interface default route for the WAN interface to the new sub interface.
    See the following as an example (I use private 192.168.. addressing in my lab.)
    Cheers
    Andy

  • ACLs on Sub-Interfaces

    Question on IP ACL...
    If you configure an IP ACL for a subinterface on a router-on-a-stick, will it affect the entire physical interface or will it only affect the sub-interface, for which the ACL has been applied to? Just a thought that's been bugging me...Advanced thanks for your response...

    Hi
    It will only affect the sub-interface. The ACL applies only to the logical construct which is the sub-interface.
    Hope that helps - pls do remember to rate posts that help.
    Paresh

  • How many sub-interfaces we are able to create with ISR 4321 ?

    Hi,
    I want to buy an ISR 4321 router. I would like to know how many sub-interfaces we are able to create with this router (802.1Q) ?
    http://www.cisco.com/c/dam/en/us/products/collateral/routers/4000-series-integrated-services-routers-isr/at-a-glance-c45-732425.pdf
    Thanks.
    Regards,
    Nurul Kabir KHAN

    Hello Nurul,
    The maximum number of interfaces (physical, subinterface, or virtual) a router can handle depends on the maximum number of SWIDBs that the router can use. This limit used to be set to 300 for all platforms, but with the emergence of features such as frame-relay subinterfaces, multilink Point-to-Point Protocol (PPP), and virtual private dial-up network (VPDN) that uses virtual interfaces, this value has proven to be insufficient on some platforms
    Maximum Number of interfaces
    Every interface uses an IDB. Therefore, the IDB limit indicates the maximum number of interfaces a router can handle.
    The IDB limit is, therefore, the answer to the common question "How many (sub)interfaces can be configured on this platform?"
    For further details, you can read this document
    Please don't forget to rate and mark as correct the helpful post!
    David castro 
    Regards,

  • DMVPN over two sub-interfaces

    Hello,
    I need to configure a DMVPN spoke to join an existing DMVPN.
    My problem is that the interface that connects to the Internet has a double feed. Basically fa0/0 is configured with two sub-interfaces fa0/0.X and fa0/0.Y.
    My doubt is if I can put the tunnel source as fa0/0 simply and it will apply it on both? I know it is a fairly simple question but since I am about to apply it on a live system I really wanted to be sure.
    Thanks,
    Paulo

    Because ip addresses are assigned to sub-interfaces I think tunnel source should be pointing to sub-interfaces.

  • HSRP Interface Tracking on ATM Sub-Interface?

    I want to enable HSRP interface tracking to monitor an ATM sub-interface. As I understand it, when using the (standby 1 track <interface>) command, the HSRP group priority will be decremented only if the line protocol goes down on the interface being tracked. For this reason I need to track an ATM sub-interface (i.e. atm1/0.77). I am wondering if this will work properly. Has anyone ever used this configuration successfully?

    Hi Friend,
    I find no reason why it should not work?
    When it work for serial subinterface and frame relay interfces it should also work for atm subinterface.
    I have implemented in serial subinterface.
    Yes it should work fine. Go ahead and implement and update the status.
    Regards,
    Ankur

  • Shaping on physical and sub interface

    Hello,
    I currently have a few sub interfaces on my router for various reasons.  I have a service policy applied to those sub interfaces and the service policy has the shaping command in it, and its all working fine.  My physcial interface G0/0 is where I have an EIGRP neighbor and all of the routes are populated.
    The problem is I want to apply a service policy to the physical interface and I am not able do so.
    I get this:
    router(config-if)#service-policy output g0-shape-out
    user-defined classes with queueing features are not allowed in a service-policy at sub-interface/pvc
    in conjunction with user-defined classes with queueing features in a service-policy at sub-interface/pvc
    This is becuase the shaping command is already used in the service policy on the existing sub interfaces.
    What I am wondering is, would it be best practice for me to not use the physical interface eg G0/0 when I have sub interfaces?  For example my existing subinterfaces are g0/0.802, g0/0.803 ,g0/0.804.  Should I setup a new sub interfaced call g0/0.100 and move the config from G0/0 to this new sub interface and use that as my main eigrp neighbor interface so that I can apply shaping to that sub interface?  Or is there a better way to apply multiple services policies that include shaping?
    Thanks,
    Dan.

    I can't put it as input because :
    gw-a(config-subif)#service-policy input policy_upload                     
    Traffic Shaping feature not supported in input policy.
    Here's a show during a bandwidth test. You can see the offered rate is properly measured and is _way_ above the target shape rate.
    gw-a#show policy-map interface Port-channel 1.2
    Port-channel1.2
      Service-policy output: policy_upload
        Class-map: class-default (match-any)
          624006 packets, 842239036 bytes
          5 minute offered rate 12774000 bps, drop rate 0 bps
          Match: any
          Queueing
          queue limit 64 packets
          (queue depth/total drops/no-buffer drops) 0/0/0
          (pkts output/bytes output) 0/0
          shape (average) cir 100000, bc 400, be 400
          target shape rate 100000

  • Disable BFD in multiple Router Sub interfaces that participates in OSPF

    Hi team,
    Please help me on this. Here is the scenario:
    We are on an enterprise set up and running on 100+ routers.
    We have 200 to 300+ sub interfaces for virtual circuits
    Our protocol is OSPF over MPLS
    One of our provider in LA encountered link flaps on SONET causing our LA router that is directly connected to that link to recalculate multiple times.
    Recalculation of OSPF routes caused disconnection of users in LA VM's.
    We were advised by our provider in LA to disable BFD so minor link flaps will no affect recalculation of routes.
    We are now tasked by our design team to Disable BFD in multiple Router Sub interfaces that participates in OSPF.
    My questions are:
    What is the implication in disabling all BFD in routers' interface and sub interface?
    Will this improve recalculation of OSPF routes in cause of link flaps or it will totally ignore the link flaps?
    Will the routers only recognize a "full down" status of the interface?
    How can we Disable BFD in multiple Router Sub interfaces that participates in OSPF in a faster way? Or do we have to do this one by one?
    Please advise before we present this to the CAB and implementation. Thank you.

    My questions are:
    What is the implication in disabling all BFD in routers' interface and sub interface?
    Answer:  the implication would be eliminating sub-second millisecond convergence.
    BFD detect failure at the link layer very fast , once detected it informs the upper layer protocol about the failure causing it to converge immediately. 
    Will this improve recalculation of OSPF routes in cause of link flaps or it will totally ignore the link flaps?
    Answer: if your Provider experiencing intermittent flaps, then yes it will be advisable to turn BFD off. this however doesn't totally ignore the link flaps, once the upper protocol detect the failure based on the dead interval parameter on OSPF, it will recalculate OSPF routes again.  Keep in mind, if you have redundant or more links to your provider , then I wouldn't recommend disabling BFD , as it should improve Convergence and you shouldn't notice the failure. 
    Will the routers only recognize a "full down" status of the interface?
    Answer: disabling BFD allows the router recognize a full down status once the upper protocol dead interval occurs or full down status of interface. which ever occurs the earliest.
    How can we Disable BFD in multiple Router Sub interfaces that participates in OSPF in a faster way? Or do we have to do this one by one?
    You can disable it one by one. or if you have configuration management software, it allows you to do it for all nodes at a time. but this depends if you have it or not.
    Please consider not to disable BFD if you have multiple OSPF links towards your provider from any branch, as it shouldn't impact your VMs, it should rather improve Convergence at milliseconds which is absolutely not noticeable.
    BR,
    Mohamed 

Maybe you are looking for