Passive Interfaces

Passive interfaces are configured so that neighbor adjacencies do not form. In that case, why does someone configure the routing protocol in the first place?

Also does passive interface ONLY block routing protocols from forming adjacencies? How about DHCP relay information? Does it get passed on?

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

JustFred

It enables the suppression of routing updates over some interfaces while it allows updates to be exchanged normally over other interfaces.

daveyb

dppagc wrote: »

Passive interfaces are configured so that neighbor adjacencies do not form. In that case, why does someone configure the routing protocol in the first place?

Passive interfaces bring the routes associated with those interfaces into your IGP, without letting adjacencies form over them.
Imagine you have something like the following.

R1 <-> R2 <-> Customer.

R1 and R2 are under your control. You are running OSPF as your IGP.

You may want routes to your customer in OSPF, but you certainly don't want your customer being able to join in your OSPF domain. You would make the interface facing your customer passive.

Another use case I've seen is for OOB ports. You may want your OOB interface in your IGP, but you would not want routers forming an adjacency over a common LAN segment that you connect all your routers OOB ports to.

dppagc wrote: »

Also does passive interface ONLY block routing protocols from forming adjacencies? How about DHCP relay information? Does it get passed on?

Configuring a passive interface only affects the routing protocol that it was configured under.

Node Man

Passive is often use for network edge interfaces. Like when handing off to other networks that routing table exchange is not desirable.

Hondabuff

I use the passive interface command on all my edge routers then I tell it to only advertise out the VPN tunnel to our firewall. At the CCNA level they just tell you to turn on the routing protocol and advertise it out every thing without even thinking about it. At the CCNP level you learn that's a bad thing and should only advertise out the interface that your router is connected to that needs to know about the connected routes.

DCD

If you have a setup like this PC<=>SW<=>R1<=>R2<=>R3 you want to use a passive interface on R1 interface pointing at the switch and PC they don't need the routing updates and waste resources on R1. Also it prevents someone from adding a router to the network and having all the routing information as well.

dppagc

ok. Once passive interface is between R1 and Sw, does the PC then have a default route to R1.

What is the difference between a passive interface and totally stubby area?

Node Man

dppagc wrote: »

What is the difference between a passive interface and totally stubby area?

Totally Stubby is a feature of just OSPF. Passive Interface is a feature of multiple protocols such as EIGRP and OSPF.

DCD

PC don't use routing protocols and take a look at your PC IP configuration.

IP PC.jpg