EIGRP Passive Interface

When you use the EIGRP network command, two things will happen:

  • All interfaces that have a network that falls within the range of your network command will be advertised in EIGRP.
  • EIGRP hello packets will be sent on these interfaces.

Sometimes however you might want to advertise a network in EIGRP but you don’t want to send hello packets everywhere. Take a look at the topology below for an example:

EIGRP Passive Interface Demo Topology

Above we have two routers, R1 and R2. On the left side there’s the 192.168.10.0 /24 network with a switch and some computers. R1 wants to advertise this network to R2 but since there are no other EIGRP routers in the 192.168.10.0 /24 network, it’s pointless to send EIGRP hello packets on the FastEthernet 0/1 interface.

It’s also a security risk, when someone connects a router in the 192.168.10.0 /24 network (or starts a virtual router on their computer) they will be able to become EIGRP neighbors with R1.

To prevent this from happening, we will use the passive-interface command. This will ensure that the network is advertised in EIGRP but it will disable hello packets on the interface.

Another trick to advertise something in EIGRP without sending hello packets on the interface is using the “redistribute” command.

Let me show you how to configure this.

Configuration

Here’s the EIGRP configuration of R1 and R2:

R1(config)#router eigrp 12
R1(config-router)#network 192.168.12.0
R1(config-router)#network 192.168.10.0 
R2(config)#router eigrp 12
R2(config-router)#network 192.168.12.0

As a result, R2 will learn network 192.168.10.0 /24:

R2#show ip route eigrp 
D    192.168.10.0/24 [90/307200] via 192.168.12.1, 00:00:59, FastEthernet0/0

The problem however is that R1 is sending hello packets towards our computers. You can verify this by enabling a debug:

R1#debug eigrp packets hello
EIGRP Packets debugging is on
    (HELLO)

EIGRP: Sending HELLO on FastEthernet0/0
  AS 12, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0

EIGRP: Sending HELLO on FastEthernet0/1
  AS 12, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0

Above you can see that the hello packets are going in both directions.

EIGRP Sending Hello Packets

Let’s use the passive interface command to disable the hello packets towards the switch:

We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 660 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

503 Sign Ups in the last 30 days

satisfaction-guaranteed
100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Forum Replies

  1. Great and easy to understand lesson. I would only make one request on this for something to be added.
    in my lab of this lesson everything went smoothly. Only thing I had some hiccups on that I had to search was the following.

    I knew how to setup from the lesson the default command for passive interface. However, for some reason I was thinking “incorrectly” that I needed to setup the no passive-interface command under the interfaces… I tried a few times but it was not working for obvious reasons as that was the wrong place. Its small thing and I quickly d

    ... Continue reading in our forum

  2. Hello Brian

    In EIGRP just like in OSPF, it is possible to set the default state of an interface as passive with the passive-interface default command under the router eigrp configuration. This is explicitly explained in the OSPF passive interface lesson found below, but not in the EIGRP passive interface lesson.

    ... Continue reading in our forum

  3. In your introduction video to EIGRP and every other book that I read, it says that

    EIGRP hello messages are sent using multicast address 224.0.0.10

    but this debug says otherwise. Can you please clarify?

    R1#debug eigrp packets hello
    EIGRP Packets debugging is on
    (HELLO)

    EIGRP: Sending HELLO on FastEthernet0/0
      AS 12, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0
    
    EIGRP: Sending HELLO on FastEthernet0/1
      AS 12, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0
    

    Update: find out why

    R1#debug ip packet
    IP packet debugging is on
    R1#
    *Feb  3 18:31:23.715: IP: s=192.1
    ... Continue reading in our forum

  4. Hello Takele

    Let’s say you have a router R1 with the following configuration:

    FastEthernet 0/1 has an IP address of 192.168.10.1/24
    FastEthernet 0/2 has an IP address of 10.10.10.1/24
    FastEthernet 0/3 has an IP address of 172.16.2.1/24

    Here’s the topology:

    //cdn-forum.networklessons.com/uploads/default/original/2X/6/6adf8e1034b79b6e6f60d528edc5fc644bae4348.png

    Now let’s say that we’ve included all three subnets in the EIGRP process using the network command. This means that all updates R1 sends will contain all three subnets. Now by default, EIGRP will sent o

    ... Continue reading in our forum

5 more replies! Ask a question or join the discussion by visiting our Community Forum