Hi, When you make the ethernet interface passive, it means no igrp updates will be sent out on the ethernet interface. It doesn't stop the serial interface from advertising network 12.0.0.0 . Which explains why you can still ping to the ethernet interface. If for some reason you do not want network 12.0.0.0 to be advertised, remove the network 12.0.0.0 statement or use distribute-list to filter out the route.
Regards, cheekin ----- Original Message ----- From: To: Sent: Wednesday, January 02, 2002 15:03 Subject: Passive Interface Help [7:30648] > Happy New Year!! > > I need a little help on what a passive > interface is. From what I can gather, a passive > interface does not advertise its route to its > neighbor ? Now if that is the case, why can > I still ping an interface that is set to passive. > Please note: This is excluding directly connected > routes. > > For example, I set my Cisco 2509 ethernet interface > to passive. Why can I still ping the ethernet address > from my neighboring router Cisco 4000 ? I am > running IGRP. Why does the ethernet network show up in its routing table for > my Cisco 4000. From poking around with the passive interface command it > seems that I can not ping my ethernet address only if I set the Serial > interfaces to passive also. > This seems odd. I thought if I made an ethernet interface passive, I should > not be able to ping it from a neighboring router or any other router since > it is not being > advertised. > > Below is a sample of me being able to ping serial 1 off > my Cisco 2509 from my Cisco 4000. Serial 1 is "not" > directly connected. Serial 1 is being advertised. > > > > > Current configuration: > ! > version 12.0 > service timestamps debug uptime > service timestamps log uptime > no service password-encryption > ! > hostname Cisco2509 > ! > enable password router > ! > ip subnet-zero > ipx routing 0010.7be8.22f4 > ! > ! > ! > ! > ! > interface Ethernet0 > ip address 12.11.12.1 255.255.255.240 > no ip directed-broadcast > delay 1000 > ! > interface Serial0 > ip address 172.16.18.1 255.255.255.240 > no ip directed-broadcast > no ip mroute-cache > ipx network 3 > no fair-queue > clockrate 1000000 > ! > interface Serial1 > ip address 172.17.18.2 255.255.255.240 > no ip directed-broadcast > clockrate 4000000 > ! > router igrp 1 > passive-interface Ethernet0 > passive-interface Serial0 > passive-interface Serial1 > offset-list 2 out 11000 Serial0 > network 12.0.0.0 > network 172.16.0.0 > network 172.17.0.0 > ! > ip classless > ! > access-list 2 deny 12.11.12.1 > ! > ! > ! > ! > ! > line con 0 > transport input none > line 1 8 > line aux 0 > line vty 0 4 > password cisco > login > ! > end > > Cisco2509# > > > > Cisco_4000>ping 172.17.18.1 > > Type escape sequence to abort. > Sending 5, 100-byte ICMP Echos to 172.17.18.1, timeout is 2 seconds: > !!!!! > Success rate is 100 percent (5/5), round-trip min/avg/max = 120/120/124 ms > Cisco_4000>ping 12.11.12.1 > > Type escape sequence to abort. > Sending 5, 100-byte ICMP Echos to 12.11.12.1, timeout is 2 seconds: > ..... > Success rate is 0 percent (0/5) > Cisco_4000> Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30653&t=30648 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
