The concept of a passive interface is to prevent routing updates from being sent from that interface. All IP-based routing protocols other than BGP can use the passive interface.
One, using the passive interface in RIP
1, the purpose of using the passive interface in some network environment, we do not want to send RIP updates to some routers or send to a network, we can use passive-interface this command to prevent RIP update broadcast from the specified interface sent to the outside world, However, this interface can accept RIP updates
2, the principle of passive-interface
The Passive-interface interface, which is the passive interface, is not capable of sending broadcasts and multicast, but RIP uses multicast and broadcast updates so that the passive interface on the router cannot send routing updates.
3. Configuration case
R1 (fa0/0)--------------(fa0/0) R2 (FA0/1)----------------(fa0/0) R3 now do not want R2 to send the route update to R1, we can set R2 fa0/0 as a passive interface r2:conf Trouter ripnetwork 192.168.1.0network192.168.2.0passive-interface fa0/0 Note: This command prevents RIP updates from being propagated from R2 's fa0/0 interface, but does not prevent fa0/ 0 interface continue to accept R1 sent over the RIP update, so R2 can still learn to R1 sent over the route update, just R1 can not learn to R2 this side of the routing information
4, unicast and passive interface of the use of the principle: the passive interface can not send multicast and broadcast updates, but unicast updates can be sent to the peer through the passive interface there are two situations need to use unicast: The first: In the NBMA network, such as Frame Relay network, not support multicast and broadcast, In this case we are going to enable unicast to send routing updates (neighbor) Note: If we use the broadcast parameter when we manually configure the mapping, then we do not need to use the neighbor command, Routers can also learn the second type of routing information: in the multi-access network, do not want some routers to learn the appropriate routing information, only the routing updates sent to a specific router, in this case we have to use the unicast and passive interface to achieve this purpose (neighbor+ Passive-interface)
first case: a problem with rip in a Frame relay network in a network in Frame Relay: Frame Relay Multicast and broadcast are not supported in the network, and the RIP protocol is used for multicast (224.0.0.9) or broadcast to send routing updates so that RIP cannot send routes in the Frame Relay network updated
r1:interface s0/0ipaddress 192.168.1.1 255.255.255.0no shutdownencapsulation Frame-relayno Frameinverse-arpframe-relay map IP 192.168.1.2 102frame-relay map IP 192.168.1.3 103 Use manual mapping to configure frame Relay, do not use broadcast parameters, Verify that the Neighbor command router ripnetwork 192.168.1.0 declares rip routing neighbor 192.168.1.2 specifies its own two neighbors neighbor192.168.1.3 because this router is the hub router, so specify two neighbors R2:interface s0/0ipaddress 192.168.1.3 255.255.255.0no shutdownencapsulation frame-relayno frameinverse-arpframe-relay map IP 192.168.1.1 201frame-relay Map IP 192.168.1.3201router ripnetwork 192.168.1.0neighbor 192.168.1.1 This is an edge router so just need to specify the hub router as a neighbor, The main reason is that no PVC is established between the edge routers and cannot specify a neighbor
R3:interfaces0/0ip address 192.168.1.3 255.255.255.0no shutdownencapsulation frame-relaynoframe Inverse-arpframe-relay map IP 192.168.1.1 301frame-relay map ip 192.168.1.2301router ripnetwork 192.168.1.0neighbor 192.168.1.1
Configuration of the second case (in multiple access networks)
r1:conf Trouterripnetwork1.0.0.0network192.168.1.0passive-interface fa0/ 0 using the passive interface to block the acceptance of broadcast updates neighbor192.168.1.2 the specified neighbor, enable unicast send updates
r2:conf trouterripnetwork 192.168.1.0network 192.168.2.0passive-interface fa0/0 Use passive interface to block receiving broadcast updates neighbor 192.168.1.1 Specify neighbors, enable unicast send updates
Summary: Unicast routing is not affected by the passive interface (still can send routing updates) unicast routing is not affected by the horizontal split (on the interface of the central router of frame relay, there is no need to turn off the horizontal split, nor the use of sub-interfaces, spoke routers can also learn to route) Note: When configuring the NBMA network , if we use the keyword broadcast when we do address mapping, we don't need to use the neighbor command.
The application of passive interface in EIGRP
1, the purpose of using the passive interface in EIGRP: in order to be able to communicate, we must use the network to advertise all subnets to EIGRP, but do not want some subnets to participate in the EIGRP process, using the Passive-interface command to prevent some interfaces from sending Hello packets and routing updates
2, principle: We know that the EIGRP router before sending routing updates, first to establish a neighbor relationship through the Hello packet, and then send the routing updates. However, after using the passive interface on the EIGRP router, the interface will no longer send hello packets, the neighbor relationship cannot be established, so the EIGRP traffic will not be sent over this passive interface
3, the role of Passive-interface: prohibit establishing a neighbor relationship through the passive interface prohibit accepting and sending routing updates through the passive interface let the EIGRP process advertise the subnet of the Passive interface connection (see explanation below)
4, about the role of the network command will attempt to establish a neighbor relationship through which interfaces will advertise those networks to the EIGRP neighbor Summary: Configuring the interface to be passive only prohibits the establishment of a neighbor relationship, The router still advertises the connected network to the EIGRP neighbor Note: Routers configured as passive interfaces cannot use the Neighbor command to establish a neighbor relationship with the other, which is not the same place as RIP
5, Configuration command configuration mode:
ROUTEREIGRP 10 Passive-interface fa0/0 set fa0/0 to passive interface in EIGRP routing mode router EIGRP 10passive-interface defaultno Passive-interface S0/0/1 Except this interface is set as a passive interface--------experiment: We configure the passive interface between two EIGRP routers, and then observe what happens to debug EIGRP packets Helloshow IP protocols See if passive interface is used
The application of passive interface in OSPF
1, the use of the passive interface in OSPF for the purpose of using the passive interface above OSPF is different from all other protocols, in OSPF, the passive interface is generally used in the stub network (only the network segment of the terminal), and these terminals do not need to receive OSPF traffic, So we can set up the passive interface on the interface to connect these terminals, save resources
2. The role of Passive-interface prevents the interface from sending and receiving OSPF traffic
3. Note that the command network specifies which interfaces OSPF will attempt to establish a neighbor relationship with, and advertises those networks to the OSPF neighbor, and configures the interface as passive only to prohibit the establishment of a neighbor relationship, and the router will still advertise the connected network to the OSPF neighbor
4, the command format router ospf1passive-interface default will all interface all become passive interface Nopassive-interface fa1/0 only open this one port for update routing information or router Ospf1passive-interface fa1/0 only sets this interface as the default interface, and other interfaces send and receive routing updates properly
Click to follow
The application of passive interface in RIP,EIGRP,OSPF