Understand how the Passive Interface Feature Works in EIGRP

Introduction

This document describes the passive-interface command, which can be used to control the advertisement of routing information. 

Prerequisites

Requirements

There are no specific requirements for this document.

Components Used

The information in this document is based on these software and hardware versions:

• Cisco IOS® Software Release 12.2(10b)

• Cisco 2600 Series routers

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.

Background Information

This command enables the suppression of routing updates over some interfaces while it allows updates to be exchanged normally over other interfaces.

With some routing protocols, specifically Routing Information Protocol Version 2 (RIPv2), the passive-interface command restricts outgoing advertisements only. But, when used with Enhanced Interior Gateway Routing Protocol (EIGRP), the effect is slightly different. This document demonstrates that use of the passive-interface command in EIGRP suppresses the exchange of hello packets between two routers, which results in the loss of their neighbor relationship. This stops not only routing updates from being advertised, but it also suppresses incoming routing updates. This document also discusses the configuration required in order to allow the suppression of outgoing routing updates, while it also allows incoming routing updates to be learned normally from the neighbor.

The Passive Interface Command

With EIGRP running on a network, the passive-interface command stops both outgoing and incoming routing updates since the effect of the command causes the router to stop sending and receiving hello packets over an interface.

This is a sample output of debug eigrp packet hello with the passive-interface command not configured for Serial0:

R1#debug eigrp packet hello
EIGRP Packets debugging is on    
      (HELLO)
R1#
Nov 20 08:07:33.131: EIGRP: Sending HELLO on Serial0
Nov 20 08:07:33.135:   AS 1, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0
Nov 20 08:07:35.327: EIGRP: Received HELLO on Serial0 nbr 192.168.1.1
Nov 20 08:07:35.331:   AS 1, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0

You can see that hello packets are exchanged in both directions. This is the output of the show ip eigrp neighbor command.

R1#show ip eigrp neighbors
IP-EIGRP neighbors for process 1
H   Address                 Interface   Hold Uptime   SRTT   RTO  Q  Seq Type
                                        (sec)         (ms)       Cnt Num
0   192.168.1.1             Se0           13 00:24:47    1  3000  0  1

Note: The interface both sends and receives hellos, and the two routers are neighbors.

This is a sample debug output after the passive-interface command has been configured for Serial0.

R1(config)#router eigrp 1
R1(config-router)#passive-interface serial 0

R1# debug eigrp packet hello
EIGRP Packets debugging is on
    (HELLO)

Note: Since no output is displayed, EIGRP is not only suppressing outbound hellos, but ignores inbound ones as well. The two routers are not neighbors any more. Here is the output of the show ip eigrp neighbors command after you enter the passive-interface command.

R1#show ip eigrp neighbors
IP-EIGRP neighbors for process 1

When the passive-interface command is used in EIGRP, the router cannot form neighbor adjacencies on the interface, or send or receive routing updates. But, if you want the outgoing routing updates alone to be suppressed, but the inbound updates continue to be received (and the routers still continue to be neighbors), then use the distribute-list command:

R1(config)#access-list 20 deny any 

R1(config)#router eigrp 1
R1(config-router)#no passive-interface serial 0
R1(config-router)#distribute-list 20 out serial 0

Here is the output of the show ip eigrp neighbors command after you use the distribute-list command:

R1#show ip eigrp neighbors
IP-EIGRP neighbors for process 1
H   Address                 Interface   Hold Uptime   SRTT   RTO  Q  Seq Type
                                        (sec)         (ms)       Cnt Num
0   192.168.1.1             Se0           14 00:01:31    1  3000  0  3R1#

You can see that the routers are now neighbors. This example allows a neighbor adjacency to form between R1, and its neighbor on serial 0. R1 continues receiving routing updates from its neighbor, but the distribute-list command prevents routes from being advertised out of serial 0.

Related Information

• IP Routing Support Page
• Technical Support & Documentation - Cisco Systems