You can use the passive-interface command in order to control the advertisement of routing information. The command enables the suppression of routing updates over some interfaces while it allows updates to be exchanged normally over other interfaces.
With most routing protocols, the passive-interface command restricts outgoing advertisements only. But, when used with Enhanced Interior Gateway Routing Protocol (EIGRP), the effect is slightly different. This document demonstrates that use of the passive-interface command in EIGRP suppresses the exchange of hello packets between two routers, which results in the loss of their neighbor relationship. This stops not only routing updates from being advertised, but it also suppresses incoming routing updates. This document also discusses the configuration required in order to allow the suppression of outgoing routing updates, while it also allows incoming routing updates to be learned normally from the neighbor.
There are no specific requirements for this document.
The information in this document is based on these software and hardware versions:
Cisco IOS® Software Release 12.2(10b)
Cisco 2600 series routers
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
For more information on document conventions, refer to the Cisco Technical Tips Conventions.
With EIGRP running on a network, the passive-interface command stops both outgoing and incoming routing updates, since the effect of the command causes the router to stop sending and receiving hello packets over an interface.
This is a sample output of debug eigrp packet hello with the passive-interface command not configured for Serial0:
R1#debug eigrp packet hello EIGRP Packets debugging is on (HELLO) R1# Nov 20 08:07:33.131: EIGRP: Sending HELLO on Serial0 Nov 20 08:07:33.135: AS 1, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0 Nov 20 08:07:35.327: EIGRP: Received HELLO on Serial0 nbr 192.168.1.1 Nov 20 08:07:35.331: AS 1, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0
You can see that hello packets are being exchanged in both directions. This is the output of the show ip eigrp neighbors .
R1#show ip eigrp neighbors IP-EIGRP neighbors for process 1 H Address Interface Hold Uptime SRTT RTO Q Seq Type (sec) (ms) Cnt Num 0 192.168.1.1 Se0 13 00:24:47 1 3000 0 1
Note: The interface both sends and receives hellos, and the two routers are neighbors.
This is a sample debug output after the passive-interface command has been configured for Serial0.
R1(config)#router eigrp 1 R1(config-router)#passive-interface serial 0 R1# debug eigrp packet hello EIGRP Packets debugging is on (HELLO)
Note: Since no output is displayed, EIGRP is not only suppressing outbound hellos, but ignores inbound ones as well. The two routers are not neighbors any more. Here is the output of the show ip eigrp neighbors after you enter the passive-interface command.
R1#show ip eigrp neighbors IP-EIGRP neighbors for process 1
When the passive-interface command is used in EIGRP, the router cannot form neighbor adjacencies on the interface, or send or receive routing updates. But, if you want the outgoing routing updates alone be suppressed but the inbound updates continue to be received (and the routers still continue to be neighbors), then use the distribute-list command:
R1(config)#access-list 20 deny any R1(config)#router eigrp 1 R1(config-router)#no passive-interface serial 0 R1(config-router)#distribute-list 20 out serial 0
Here is the output of the show ip eigrp neighbors command after you use the distribute-list command:
R1#show ip eigrp neighbors IP-EIGRP neighbors for process 1 H Address Interface Hold Uptime SRTT RTO Q Seq Type (sec) (ms) Cnt Num 0 192.168.1.1 Se0 14 00:01:31 1 3000 0 3R1#
You can see that the routers are now neighbors. This example allows a neighbor adjacency to form between R1 and its neighbor on serial 0. R1 continues receiving routing updates from its neighbor, but the distribute-list prevents routes from being advertised out of serial 0.
The Cisco Support Community is a forum for you to ask and answer questions, share suggestions, and collaborate with your peers.
Refer to Cisco Technical Tips Conventions for information on conventions used in this document.