As I mentioned in my first reply, the passive-interface command operates a little differently depending on the protocol you're using. For protocols that need to establish neighbors--such as EIGRP, OSPF, and IS-IS--this command stops those relationships from forming so no routes will ever be exchanged.
In RIP and IGRP, no neighbor relationship is formed. The passive-interface command simply stops the router from sending updates out that interface but it will *not* stop updates from coming in on that interface. This can be a handy feature if you only want to receive routes but not send them. If you are receiving IGRP routes that you don't want to receive, then you need to make sure that you apply this command to both sides of the connection. HTH, John ________________________________________________ Get your own "800" number Voicemail, fax, email, and a lot more http://www.ureach.com/reg/tag ---- On Wed, 2 Jan 2002, CCIEn2002 ([EMAIL PROTECTED]) wrote: > Thank you for the info. Now I am a little confused still on > the passive interface. If it prevents routing updates > from being sent out, why would one want a > passive interface. From my understanding, a > passive interface would not advertise is routing > updates to its neighbor. If that is the case, I am perplexed > on why I can ping a passive interface that is being advertised > thru a routing protocol. In my case, my neighbor router > is seeing an IGRP update for the Ethernet network. > > Why would you make the Ethernet passive if you can still > ping it and see its routing update from a neighboring router > via the show ip route ? > This is where I get confused by the definition of passive. > > Any help..I am a rookie as you can see > > David > > > ----- Original Message ----- > From: "cheekin" > To: ; > Sent: Wednesday, January 02, 2002 4:43 AM > Subject: Re: Passive Interface Help [7:30648] > > > > Hi, > > > > When you make the ethernet interface passive, it means no igrp updates > will > > be sent out on the ethernet interface. It doesn't stop the serial > interface > > from advertising network 12.0.0.0 . Which explains why you can still > ping > > to the ethernet interface. If for some reason you do not want network > > 12.0.0.0 to be advertised, remove the network 12.0.0.0 statement or > use > > distribute-list to filter out the route. > > > > Regards, > > cheekin > > > > ----- Original Message ----- > > From: > > To: > > Sent: Wednesday, January 02, 2002 15:03 > > Subject: Passive Interface Help [7:30648] > > > > > > > Happy New Year!! > > > > > > I need a little help on what a passive > > > interface is. From what I can gather, a passive > > > interface does not advertise its route to its > > > neighbor ? Now if that is the case, why can > > > I still ping an interface that is set to passive. > > > Please note: This is excluding directly connected > > > routes. > > > > > > For example, I set my Cisco 2509 ethernet interface > > > to passive. Why can I still ping the ethernet address > > > from my neighboring router Cisco 4000 ? I am > > > running IGRP. Why does the ethernet network show up in its routing > table > > for > > > my Cisco 4000. From poking around with the passive interface command > it > > > seems that I can not ping my ethernet address only if I set the > Serial > > > interfaces to passive also. > > > This seems odd. I thought if I made an ethernet interface passive, I > > should > > > not be able to ping it from a neighboring router or any other router > since > > > it is not being > > > advertised. > > > > > > Below is a sample of me being able to ping serial 1 off > > > my Cisco 2509 from my Cisco 4000. Serial 1 is "not" > > > directly connected. Serial 1 is being advertised. > > > > > > > > > > > > > > > Current configuration: > > > ! > > > version 12.0 > > > service timestamps debug uptime > > > service timestamps log uptime > > > no service password-encryption > > > ! > > > hostname Cisco2509 > > > ! > > > enable password router > > > ! > > > ip subnet-zero > > > ipx routing 0010.7be8.22f4 > > > ! > > > ! > > > ! > > > ! > > > ! > > > interface Ethernet0 > > > ip address 12.11.12.1 255.255.255.240 > > > no ip directed-broadcast > > > delay 1000 > > > ! > > > interface Serial0 > > > ip address 172.16.18.1 255.255.255.240 > > > no ip directed-broadcast > > > no ip mroute-cache > > > ipx network 3 > > > no fair-queue > > > clockrate 1000000 > > > ! > > > interface Serial1 > > > ip address 172.17.18.2 255.255.255.240 > > > no ip directed-broadcast > > > clockrate 4000000 > > > ! > > > router igrp 1 > > > passive-interface Ethernet0 > > > passive-interface Serial0 > > > passive-interface Serial1 > > > offset-list 2 out 11000 Serial0 > > > network 12.0.0.0 > > > network 172.16.0.0 > > > network 172.17.0.0 > > > ! > > > ip classless > > > ! > > > access-list 2 deny 12.11.12.1 > > > ! > > > ! > > > ! > > > ! > > > ! > > > line con 0 > > > transport input none > > > line 1 8 > > > line aux 0 > > > line vty 0 4 > > > password cisco > > > login > > > ! > > > end > > > > > > Cisco2509# > > > > > > > > > > > > Cisco_4000>ping 172.17.18.1 > > > > > > Type escape sequence to abort. > > > Sending 5, 100-byte ICMP Echos to 172.17.18.1, timeout is 2 seconds: > > > !!!!! > > > Success rate is 100 percent (5/5), round-trip min/avg/max = > 120/120/124 > ms > > > Cisco_4000>ping 12.11.12.1 > > > > > > Type escape sequence to abort. > > > Sending 5, 100-byte ICMP Echos to 12.11.12.1, timeout is 2 seconds: > > > ..... > > > Success rate is 0 percent (0/5) > > > Cisco_4000> [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30698&t=30648 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
