passive-interface command RIP and loopback interfaces

rakemrakem Member Posts: 800
in CCNA & CCENT
Hey peoples,

just a quick question, we have a cisco router which is running RIPv2. This router has two loopback interfaces which we don't need to be participating in RIP routing but in the routing table they are being shown.

can i just use the passive-interface loopback 0 to supress RIP from these interfaces?

p.s i think they are being advertised through RIP because of the redistribute connected command.
CCIE# 38186
showroute.net
· Share on FacebookShare on Twitter

Comments

  • r_durantr_durant Member Posts: 486 ■■■□□□□□□□
    I could possibly say yes here. I say possibly, because I've tried it with physical interfaces, but not loopback interfaces, and it did stop the interfaces from participating in RIP...
    CCNA (Expired...), MCSE, CWNA, BSc Computer Science
    Working on renewing CCNA!
    · Share on FacebookShare on Twitter
  • rakemrakem Member Posts: 800
    so here is the config:


    Building configuration...

    Current configuration : 3669 bytes
    !
    version 12.4

    interface Loopback0
    description Used for telnet access
    ip address 203.xxx.xxx.xx6 255.255.255.255
    !
    interface Loopback1
    description outbound Internet access IP
    ip address 203.xxx.xxx.xx7 255.255.255.255
    !

    router rip
    version 2
    timers basic 10 30 30 30
    redistribute connected
    passive-interface Loopback0
    passive-interface Loopback1
    network 10.0.0.0
    distribute-list 2 out FastEthernet0/0
    distribute-list 1 in
    no auto-summary
    !

    end

    NSW-CP#sh ip route
    : C - connected, S - static, R - RIP, M - mobile, B - BGP
    D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
    N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
    E1 - OSPF external type 1, E2 - OSPF external type 2
    i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
    ia - IS-IS inter area, * - candidate default, U - per-user static route
    o - ODR, P - periodic downloaded static route

    Gateway of last resort is 10.250.247.137 to network 0.0.0.0


    R 210.xxx.xxx.0 [120/1] via 10.250.247.137, 00:00:03, Serial0/0/0.1
    203.xxx.xxx.0/32 is subnetted, 2 subnets
    C 203.xxx.xxx.xx7 is directly connected, Loopback1
    C 203.xxx.xxx.xx6 is directly connected, Loopback0
    10.0.0.0/8 is variably subnetted, 36 subnets, 4 masks
    R 10.20.20.0/30 [120/1] via 10.250.247.137, 00:00:03, Serial0/0/0.1
    R 10.198.197.2/32 [120/1] via 10.250.247.137, 00:00:03, Serial0/0/0.1
    R 10.224.8.242/32 [120/1] via 10.250.247.137, 00:00:05, Serial0/0/0.1

    R 10.198.69.5/32 [120/1] via 10.250.247.137, 00:00:05, Serial0/0/0.1


    So the 203.xxx.xxx.xx7 and 203.xxx.xxx.xx6 are the two loopback addresses that i dont want ro be advertised through RIP. so according to my routing table now with the passive-interface commands enabled on the two loopbacks they are not participating in RIP since they have a C not R in the routing table....

    is this correct?



    edit: actually i found this on the cisco site "Use of the command ‘passive interface fa 0/0’ under ‘route rip’ ensures that broadcasts are not sent out but the network is still included in the RIP database. Note that it still listens on a passive interface, which may be a security issue if somebody is trying to poison your routing table"

    I dont really want these loopback interfaces in the rip database at all... maybe a distribute list command would be better in this case..
    can anyone help?
    CCIE# 38186
    showroute.net
    · Share on FacebookShare on Twitter
  • r_durantr_durant Member Posts: 486 ■■■□□□□□□□
    Yes, that looks correct...

    You can also look on the neighbor router(s) to verify that it has not learnt the addresses....
    CCNA (Expired...), MCSE, CWNA, BSc Computer Science
    Working on renewing CCNA!
    · Share on FacebookShare on Twitter
  • rakemrakem Member Posts: 800
    hmm i have checked a neighbor router and it has learned of the loopback interfaces... i have cleared the routing tables so that it gets re-populated but it still shows the loopback interfaces in the routing table..
    CCIE# 38186
    showroute.net
    · Share on FacebookShare on Twitter
  • dtlokeedtlokee Member Posts: 2,378 ■■■■□□□□□□
    Because RIP uses the network address in the "network" command you cannot prevent it from including the subnet (your loopbacks) in the updates using the passive-interface command. What you need is a distribute-list

    Somthing like:

    access-list 10 deny 203.xxx.xxx.xx6
    access-list 10 deny 203.xxx.xxx.xx7
    access-list 10 permit any

    router rip
    distribute-list 10 out
    The only easy day was yesterday!
    · Share on FacebookShare on Twitter
  • r_durantr_durant Member Posts: 486 ■■■□□□□□□□
    dtlokee...does this only occur with RIP (and possibly IGRP), since they are classful?

    So what is the use of the passive-interface command under RIP? If it doesn't prevent the updates?
    CCNA (Expired...), MCSE, CWNA, BSc Computer Science
    Working on renewing CCNA!
    · Share on FacebookShare on Twitter
  • rakemrakem Member Posts: 800
    So by using a distribute-list would that remove the loopback addresses from neighboring routing tables?
    CCIE# 38186
    showroute.net
    · Share on FacebookShare on Twitter
  • maniac_73maniac_73 Member Posts: 10 ■□□□□□□□□□
    I think the passive-interface is just set so that your WAN link doesn't advertise your routing table to the outside world.
    · Share on FacebookShare on Twitter
  • dtlokeedtlokee Member Posts: 2,378 ■■■■□□□□□□
    r_durant wrote:
    dtlokee...does this only occur with RIP (and possibly IGRP), since they are classful?

    So what is the use of the passive-interface command under RIP? If it doesn't prevent the updates?

    Passive interface will stop RIP from sending updates on an interface, but it will still advertise the interface via RIP and receive updates on the interface (aka silent host). The problem is that you have no way of excluding an interface from participating in RIP (or IGRP) if it's part of the same classful network as other interfaces you want to include in RIP. For example:

    192.168.1.0/26
    (E0) R1 (E1)
    192.168.1.64/26

    Now the problem: I want to advertise the 192.168.1.0/26 subnet but not the 192.168.1.64/26 subnet. The network command for rip will only accept a classful network 192.168.1.0 which would include both interfaces.
    The only easy day was yesterday!
    · Share on FacebookShare on Twitter
  • NetstudentNetstudent Member Posts: 1,693 ■■■□□□□□□□
    Not trying to take away from the RIP concept here, but just know that the passive-interface command will have different rules depending on the routing protocol. For example RIP will listen on a passive-interface, it just will not send out. HOwever with EIGRP, a passive-interface will niether listen nor send by default. it still includes the address of the interface in routing updates sent out of other non-passive interfaces

    I can't remember where I read that but I'm pretty sure I read it somewhere.
    There is no place like 127.0.0.1 BUT 209.62.5.3 is my 127.0.0.1 away from 127.0.0.1!
    · Share on FacebookShare on Twitter
  • rakemrakem Member Posts: 800
    well i have this sorted out now anyway... just blocked the updates using an access-list and the distribute-list command.

    passive-interface did not do anything in this case.
    CCIE# 38186
    showroute.net
    · Share on FacebookShare on Twitter
  • dtlokeedtlokee Member Posts: 2,378 ■■■■□□□□□□
    Netstudent wrote:
    Not trying to take away from the RIP concept here, but just know that the passive-interface command will have different rules depending on the routing protocol. For example RIP will listen on a passive-interface, it just will not send out. HOwever with EIGRP, a passive-interface will niether listen nor send by default. it still includes the address of the interface in routing updates sent out of other non-passive interfaces

    I can't remember where I read that but I'm pretty sure I read it somewhere.

    EIGRP and OSPF require a neighbor adjacency before they will send/receive updates, so if you use the passive interface command the router will not send hello's and therefore will not form an adjacency and no routing information will be passed

    For RIP passive interface implements a "passive host" which is defined in the RFC for RIP. A host that will receive routes but not send them. The intention of this design was to allow hosts to receive the routing tables from the routers. This would be desirable in cases where there are hosts attached to a segment that has 2 or more routers connected to it. To acheive optimal routing between the host and 2 or more routers you would need to share the routing table, or the packets may be subject to redirection from one router to another.
    The only easy day was yesterday!
    · Share on FacebookShare on Twitter
  • r_durantr_durant Member Posts: 486 ■■■□□□□□□□
    Thanks dtlokee...that was a learning curve. I knew or had an idea what passive-interface does, but I wasn't aware of the differences between the classful and classless routing protocols, and I know I've used it before and it worked, maybe it was with EIGRP icon_confused.gif
    CCNA (Expired...), MCSE, CWNA, BSc Computer Science
    Working on renewing CCNA!
    · Share on FacebookShare on Twitter
Sign In or Register to comment.