Thank you for all your input. This has helped me a great deal. David
----- Original Message ----- From: "Louie Belt" To: "CCIEn2002" Sent: Wednesday, January 02, 2002 2:53 PM Subject: RE: Passive Interface Help [7:30648] > A passive interface prevents a routing protocol from advertising its routes > via that interface. If you had a loopback interface is there any need to > advertise routes out of it? No one would hear them - so why waste processor > cycles sending a routing update to an interface that has nothing else > connected. > > However, that same passive interface has it's IP address (or network) > advertised to all other interfaces - therefore it is pingable. > > Other uses for passive interfaces would be when redistributing routing > protocols (especially between FLSM and VLSM routing protocols), or even to > limit an advertisement to a unicast (single destination instead of a > broadcast) - for instance an interface advertising RIP (v1) uses a broadcast > to make that advertisement out of each interface that is using RIP. By > setting an interface to passive and using a neighbor statement in the > routing protocol you can force RIP to only advertise its routes to a single > unicast address instead of broadcasting it to every device on the IP > network. > > > Hope this helps. > > Louie A Belt > CCIE #7054 > Pomeroy Select Integration Systems > [EMAIL PROTECTED] > > > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > CCIEn2002 > Sent: Wednesday, January 02, 2002 1:01 PM > To: [EMAIL PROTECTED] > Subject: Re: Passive Interface Help [7:30648] > > > Thank you for the info. Now I am a little confused still on > the passive interface. If it prevents routing updates > from being sent out, why would one want a > passive interface. From my understanding, a > passive interface would not advertise is routing > updates to its neighbor. If that is the case, I am perplexed > on why I can ping a passive interface that is being advertised > thru a routing protocol. In my case, my neighbor router > is seeing an IGRP update for the Ethernet network. > > Why would you make the Ethernet passive if you can still > ping it and see its routing update from a neighboring router > via the show ip route ? > This is where I get confused by the definition of passive. > > Any help..I am a rookie as you can see > > David > > > ----- Original Message ----- > From: "cheekin" > To: ; > Sent: Wednesday, January 02, 2002 4:43 AM > Subject: Re: Passive Interface Help [7:30648] > > > > Hi, > > > > When you make the ethernet interface passive, it means no igrp updates > will > > be sent out on the ethernet interface. It doesn't stop the serial > interface > > from advertising network 12.0.0.0 . Which explains why you can still ping > > to the ethernet interface. If for some reason you do not want network > > 12.0.0.0 to be advertised, remove the network 12.0.0.0 statement or use > > distribute-list to filter out the route. > > > > Regards, > > cheekin > > > > ----- Original Message ----- > > From: > > To: > > Sent: Wednesday, January 02, 2002 15:03 > > Subject: Passive Interface Help [7:30648] > > > > > > > Happy New Year!! > > > > > > I need a little help on what a passive > > > interface is. From what I can gather, a passive > > > interface does not advertise its route to its > > > neighbor ? Now if that is the case, why can > > > I still ping an interface that is set to passive. > > > Please note: This is excluding directly connected > > > routes. > > > > > > For example, I set my Cisco 2509 ethernet interface > > > to passive. Why can I still ping the ethernet address > > > from my neighboring router Cisco 4000 ? I am > > > running IGRP. Why does the ethernet network show up in its routing table > > for > > > my Cisco 4000. From poking around with the passive interface command it > > > seems that I can not ping my ethernet address only if I set the Serial > > > interfaces to passive also. > > > This seems odd. I thought if I made an ethernet interface passive, I > > should > > > not be able to ping it from a neighboring router or any other router > since > > > it is not being > > > advertised. > > > > > > Below is a sample of me being able to ping serial 1 off > > > my Cisco 2509 from my Cisco 4000. Serial 1 is "not" > > > directly connected. Serial 1 is being advertised. > > > > > > > > > > > > > > > Current configuration: > > > ! > > > version 12.0 > > > service timestamps debug uptime > > > service timestamps log uptime > > > no service password-encryption > > > ! > > > hostname Cisco2509 > > > ! > > > enable password router > > > ! > > > ip subnet-zero > > > ipx routing 0010.7be8.22f4 > > > ! > > > ! > > > ! > > > ! > > > ! > > > interface Ethernet0 > > > ip address 12.11.12.1 255.255.255.240 > > > no ip directed-broadcast > > > delay 1000 > > > ! > > > interface Serial0 > > > ip address 172.16.18.1 255.255.255.240 > > > no ip directed-broadcast > > > no ip mroute-cache > > > ipx network 3 > > > no fair-queue > > > clockrate 1000000 > > > ! > > > interface Serial1 > > > ip address 172.17.18.2 255.255.255.240 > > > no ip directed-broadcast > > > clockrate 4000000 > > > ! > > > router igrp 1 > > > passive-interface Ethernet0 > > > passive-interface Serial0 > > > passive-interface Serial1 > > > offset-list 2 out 11000 Serial0 > > > network 12.0.0.0 > > > network 172.16.0.0 > > > network 172.17.0.0 > > > ! > > > ip classless > > > ! > > > access-list 2 deny 12.11.12.1 > > > ! > > > ! > > > ! > > > ! > > > ! > > > line con 0 > > > transport input none > > > line 1 8 > > > line aux 0 > > > line vty 0 4 > > > password cisco > > > login > > > ! > > > end > > > > > > Cisco2509# > > > > > > > > > > > > Cisco_4000>ping 172.17.18.1 > > > > > > Type escape sequence to abort. > > > Sending 5, 100-byte ICMP Echos to 172.17.18.1, timeout is 2 seconds: > > > !!!!! > > > Success rate is 100 percent (5/5), round-trip min/avg/max = 120/120/124 > ms > > > Cisco_4000>ping 12.11.12.1 > > > > > > Type escape sequence to abort. > > > Sending 5, 100-byte ICMP Echos to 12.11.12.1, timeout is 2 seconds: > > > ..... > > > Success rate is 0 percent (0/5) > > > Cisco_4000> > _________________________________________________________ > Do You Yahoo!? > Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30803&t=30648 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
