IP Routing: Protocol-Independent Configuration Guide, Cisco IOS Release 15M&T
Default Passive Interfaces
Downloads: This chapterpdf (PDF - 1.3MB) The complete bookPDF (PDF - 4.24MB) | The complete bookePub (ePub - 806.0KB) | Feedback

Default Passive Interfaces

Default Passive Interfaces

The Default Passive Interfaces feature simplifies the configuration of distribution devices by allowing all interfaces to be set as passive by default. In ISPs and large enterprise networks, many distribution devices have more than 200 interfaces. Obtaining routing information from these interfaces requires configuration of the routing protocol on all interfaces and manual configuration of the passive-interface command on interfaces where adjacencies were not desired.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

Information About Default Passive Interfaces

Default Passive Interfaces

In large enterprise networks, many distribution devices have more than 200 interfaces. Before the introduction of the Default Passive Interfaces feature, routing information could be obtained from these interfaces in these ways:

  • Configure a routing protocol such as Open Shortest Path First (OSPF) on the backbone interfaces and redistribute connected interfaces.
  • Configure a routing protocol on all interfaces and manually set most of them as passive.

Network operators might not always be able to summarize type 5 link-state advertisements (LSAs) at the device level where redistribution occurs, as in the first possibility. Thus, a large number of type 5 LSAs can be flooded over the domain.

In the second possibility, large type 1 LSAs might be flooded over the domain. The Area Border Router (ABR) creates type 3 LSAs, one for each type 1 LSA, and floods them to the backbone. You can, however, have unique summarization at the ABR level, which injects only one summary route into the backbone, thereby reducing the processing overhead.

Before the introduction of the Default Passive Interfaces feature, you could configure the routing protocol on all interfaces and manually set the passive-interface router configuration command on interfaces where adjacencies were not desired. But in some networks, this solution meant configuring 200 or more passive interfaces. The Default Passive Interfaces feature solved this problem by allowing all interfaces to be set as passive by default. You can set all interfaces as passive by default by using the passive-interface default command and then configure individual interfaces where adjacencies are desired using the no passive-interface command.

The Default Passive Interfaces feature simplifies the configuration of distribution devices and allows the network administrator to obtain routing information from interfaces in ISPs and large enterprise networks.

Preventing Routing Updates Through an Interface

To prevent other devices on a local network from learning about routes dynamically, you can keep routing update messages from being sent through a device interface. This feature applies to all IP-based routing protocols except the Border Gateway Protocol (BGP).

Open Shortest Path First (OSPF) and Intermediate System to Intermediate System (IS-IS) behave somewhat differently. In OSPF, the interface address that you specify as passive appears as a stub network in the OSPF domain. OSPF routing information is neither sent nor received through the specified device interface. In IS-IS, the specified IP addresses are advertised without actually running IS-IS on those interfaces.

To prevent routing updates through a specified interface, use the passive-interface type number command in router configuration mode.

How to Configure Default Passive Interfaces

Configuring Default Passive Interfaces

Perform this task to set all interfaces on a device, in an Enhanced Interior Gateway Routing Protocol (EIGRP) environment, as passive by default, and then activate only those interfaces where adjacencies are desired.

SUMMARY STEPS

    1.    enable

    2.    configure terminal

    3.    router eigrp {autonomous-system-number | virtual-instance-number}

    4.    passive-interface [default] [type number]

    5.    no passive-interface [default] [type number]

    6.    network network-address [options]

    7.    end

    8.    show ip eigrp interfaces

    9.    show ip interface


DETAILED STEPS
     Command or ActionPurpose
    Step 1 enable


    Example:
    Device> enable
     

    Enables privileged EXEC mode.

    • Enter your password if prompted.
     
    Step 2 configure terminal


    Example:
    Device# configure terminal
     

    Enters global configuration mode.

     
    Step 3 router eigrp {autonomous-system-number | virtual-instance-number}


    Example:
    Device(config)# router eigrp 1
     

    Configures an EIGRP process and enters router configuration mode.

    • autonomous-system-number—Autonomous system number that identifies the services to the other EIGRP address-family devices. It is also used to tag routing information. The range is 1 to 65535.
    • virtual-instance-number—EIGRP virtual instance name. This name must be unique among all address-family router processes on a single device, but need not be unique among devices
     
    Step 4 passive-interface [default] [type number]


    Example:
    Device(config-router)# passive-interface default
     

    Sets all interfaces as passive by default.

     
    Step 5no passive-interface [default] [type number]


    Example:
    Device(config-router)# no passive-interface gigabitethernet 0/0/0
     

    Activates only those interfaces that need adjacencies.

     
    Step 6 network network-address [options]


    Example:
    Device(config-router)# network 192.0.2.0
     

    Specifies the list of networks to be advertised by routing protocols.

     
    Step 7end


    Example:
    Device(config-router)# end
     

    Exits router configuration mode and returns to privileged EXEC mode.

     
    Step 8show ip eigrp interfaces


    Example:
    Device# show ip eigrp interfaces
     

    Verifies whether interfaces on your network have been set to passive.

     
    Step 9show ip interface


    Example:
    Device# show ip interface
     

    Verifies whether interfaces you enabled are active.

     

    Configuration Examples for Default Passive Interfaces

    Examples: Passive Interfaces Configuration for OSPF

    In Open Shortest Path First (OSPF), hello packets are not sent on an interface that is specified as passive. Hence, the device is not able to discover any neighbors, and none of the OSPF neighbors are able to see the device on that network. In effect, this interface appears as a stub network to the OSPF domain. This configuration is useful if you want to import routes associated with a connected network into the OSPF domain without any OSPF activity on that interface.

    The passive-interface router configuration command is typically used when the wildcard specification on the network router configuration command configures more interfaces than is desirable. The following configuration causes OSPF to run on all subnets of 172.18.0.0:

    Device(config)# interface GigabitEthernet 0/0/0
    Device(config-if)# ip address 172.18.1.1 255.255.255.0 
    Device(config-if)# exit 
    Device(config)# interface GigabitEthernet 1/0/0
    Device(config-if)# ip address 172.18.2.1 255.255.255.0 
    Device(config-if)# exit 
    Device(config)# interface GigabitEthernet 2/0/0
    Device(config-if)# ip address 172.18.3.1 255.255.255.0 
    Device(config-if)# exit 
    Device(config)# router ospf 1 
    Device(config-router)# network 172.18.0.0 0.0.255.255 area 0 
    Device(config-router)# exit 
    

    If you do not want OSPF to run on 172.18.3.0, enter the following commands:

    Device(config)# router ospf 1 
    Device(config-router)# network 172.18.0.0 0.0.255.255 area 0 
    Device(config-router)# no passive-interface GigabitEthernet 2/0/0
    Device(config-router)# exit
     
    

    Example: Default Passive Interfaces Configuration for OSPF

    The following example configures the network interfaces, sets all interfaces that are running Open Shortest Path First (OSPF) as passive, and then enables serial interface 0/0/0:

    Device(config)# interface GigabitEthernet 0/0/0
    Device(config-if)# ip address 172.19.64.38 255.255.255.0 secondary 
    Device(config-if)# ip address 172.19.232.70 255.255.255.240 
    Device(config-if)# no ip directed-broadcast 
    Device(config-if)# exit 
    Device(config)# interface Serial 0/0/0 
    Device(config-if)# ip address 172.24.101.14 255.255.255.252 
    Device(config-if)# no ip directed-broadcast 
    Device(config-if)# no ip mroute-cache 
    Device(config-if)# exit 
    Device(config)# interface TokenRing 0/0/0
    Device(config-if)# ip address 172.20.10.4 255.255.255.0 
    Device(config-if)# no ip directed-broadcast 
    Device(config-if)# no ip mroute-cache 
    Device(config-if)# ring-speed 16 
    Device(config-if)# exit 
    Device(config)# router ospf 1 
    Device(config-router)# passive-interface default 
    Device(config-router)# no passive-interface Serial 0/0/0
    Device(config-router)# network 172.16.10.0 0.0.0.255 area 0 
    Device(config-router)# network 172.19.232.0 0.0.0.255 area 4 
    Device(config-router)# network 172.24.101.0 0.0.0.255 area 4 
    Device(config-router)# end
    

    Additional References

    Related Documents

    Related Topic

    Document Title

    Cisco IOS commands

    Cisco IOS Master Command List, All Releases

    IP routing protocol-independent commands

    Cisco IOS IP Routing: Protocol-Independent Command Reference

    Technical Assistance

    Description

    Link

    The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.

    http:/​/​www.cisco.com/​cisco/​web/​support/​index.html

    Feature Information for Default Passive Interfaces

    The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

    Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

    Table 1 Feature Information for Default Passive Interfaces

    Feature Name

    Releases

    Feature Information

    Default Passive Interfaces

    In ISP and large enterprise networks, many of the distribution devices have more than 200 interfaces. Obtaining routing information from these interfaces required configuration of the routing protocol on all interfaces and manual configuration of the passive-interface command on the interfaces where adjacency was not desired. The Default Passive Interface feature simplifies the configuration of distribution devices by allowing all interfaces to be set as passive by default using a single passive-interface default command, and then by configuring individual interfaces where adjacencies are desired using the no passive-interface command.