All part of traffic control. Why waste bandwidth for updates that are not required.
example: OSPF domain----router------IGRP domain the OSPF domain does not require direct knowledge of the IGRP domain, so why send IGRP updates out the interface into the OSPF domain? or visa versa. also, as a matter of basic security design, suppose you have: bunch of users--------ethernet_interface-----router------routing_domain one might consider preventing routing advertisements into the user ethernet domain as a precaution against users who may be running routing protocols on their workstations and creating havoc as a result. I worked on a VPN/RLAN project for a major technology company a few months back. The company had several thousand users on this network, most of whom were engineers. The company had ongoing problems with these engineers testing equipment and services and creating situations where the engineering work caused major problems on their production network. So they opted for static routing to the end user, and suppression of all routing advertisements out any of the VPN tunnels and RLAN connections. Make sense? Chuck ""CCIEn2002"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Thank you for the info. Now I am a little confused still on > the passive interface. If it prevents routing updates > from being sent out, why would one want a > passive interface. From my understanding, a > passive interface would not advertise is routing > updates to its neighbor. If that is the case, I am perplexed > on why I can ping a passive interface that is being advertised > thru a routing protocol. In my case, my neighbor router > is seeing an IGRP update for the Ethernet network. > > Why would you make the Ethernet passive if you can still > ping it and see its routing update from a neighboring router > via the show ip route ? > This is where I get confused by the definition of passive. > > Any help..I am a rookie as you can see > > David > > > ----- Original Message ----- > From: "cheekin" > To: ; > Sent: Wednesday, January 02, 2002 4:43 AM > Subject: Re: Passive Interface Help [7:30648] > > > > Hi, > > > > When you make the ethernet interface passive, it means no igrp updates > will > > be sent out on the ethernet interface. It doesn't stop the serial > interface > > from advertising network 12.0.0.0 . Which explains why you can still ping > > to the ethernet interface. If for some reason you do not want network > > 12.0.0.0 to be advertised, remove the network 12.0.0.0 statement or use > > distribute-list to filter out the route. > > > > Regards, > > cheekin > > > > ----- Original Message ----- > > From: > > To: > > Sent: Wednesday, January 02, 2002 15:03 > > Subject: Passive Interface Help [7:30648] > > > > > > > Happy New Year!! > > > > > > I need a little help on what a passive > > > interface is. From what I can gather, a passive > > > interface does not advertise its route to its > > > neighbor ? Now if that is the case, why can > > > I still ping an interface that is set to passive. > > > Please note: This is excluding directly connected > > > routes. > > > > > > For example, I set my Cisco 2509 ethernet interface > > > to passive. Why can I still ping the ethernet address > > > from my neighboring router Cisco 4000 ? I am > > > running IGRP. Why does the ethernet network show up in its routing table > > for > > > my Cisco 4000. From poking around with the passive interface command it > > > seems that I can not ping my ethernet address only if I set the Serial > > > interfaces to passive also. > > > This seems odd. I thought if I made an ethernet interface passive, I > > should > > > not be able to ping it from a neighboring router or any other router > since > > > it is not being > > > advertised. > > > > > > Below is a sample of me being able to ping serial 1 off > > > my Cisco 2509 from my Cisco 4000. Serial 1 is "not" > > > directly connected. Serial 1 is being advertised. > > > > > > > > > > > > > > > Current configuration: > > > ! > > > version 12.0 > > > service timestamps debug uptime > > > service timestamps log uptime > > > no service password-encryption > > > ! > > > hostname Cisco2509 > > > ! > > > enable password router > > > ! > > > ip subnet-zero > > > ipx routing 0010.7be8.22f4 > > > ! > > > ! > > > ! > > > ! > > > ! > > > interface Ethernet0 > > > ip address 12.11.12.1 255.255.255.240 > > > no ip directed-broadcast > > > delay 1000 > > > ! > > > interface Serial0 > > > ip address 172.16.18.1 255.255.255.240 > > > no ip directed-broadcast > > > no ip mroute-cache > > > ipx network 3 > > > no fair-queue > > > clockrate 1000000 > > > ! > > > interface Serial1 > > > ip address 172.17.18.2 255.255.255.240 > > > no ip directed-broadcast > > > clockrate 4000000 > > > ! > > > router igrp 1 > > > passive-interface Ethernet0 > > > passive-interface Serial0 > > > passive-interface Serial1 > > > offset-list 2 out 11000 Serial0 > > > network 12.0.0.0 > > > network 172.16.0.0 > > > network 172.17.0.0 > > > ! > > > ip classless > > > ! > > > access-list 2 deny 12.11.12.1 > > > ! > > > ! > > > ! > > > ! > > > ! > > > line con 0 > > > transport input none > > > line 1 8 > > > line aux 0 > > > line vty 0 4 > > > password cisco > > > login > > > ! > > > end > > > > > > Cisco2509# > > > > > > > > > > > > Cisco_4000>ping 172.17.18.1 > > > > > > Type escape sequence to abort. > > > Sending 5, 100-byte ICMP Echos to 172.17.18.1, timeout is 2 seconds: > > > !!!!! > > > Success rate is 100 percent (5/5), round-trip min/avg/max = 120/120/124 > ms > > > Cisco_4000>ping 12.11.12.1 > > > > > > Type escape sequence to abort. > > > Sending 5, 100-byte ICMP Echos to 12.11.12.1, timeout is 2 seconds: > > > ..... > > > Success rate is 0 percent (0/5) > > > Cisco_4000> Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30697&t=30648 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
