When you use the EIGRP network command, two things will happen:
- All interfaces that have a network that falls within the range of your network command will be advertised in EIGRP.
- EIGRP hello packets will be sent on these interfaces.
Sometimes however you might want to advertise a network in EIGRP but you don’t want to send hello packets everywhere. Take a look at the topology below for an example:
Above we have two routers, R1 and R2. On the left side there’s the 192.168.10.0 /24 network with a switch and some computers. R1 wants to advertise this network to R2 but since there are no other EIGRP routers in the 192.168.10.0 /24 network, it’s pointless to send EIGRP hello packets on the FastEthernet 0/1 interface.
It’s also a security risk, when someone connects a router in the 192.168.10.0 /24 network (or starts a virtual router on their computer) they will be able to become EIGRP neighbors with R1.
To prevent this from happening, we will use the passive-interface command. This will ensure that the network is advertised in EIGRP but it will disable hello packets on the interface.
Let me show you how to configure this.
Configuration
Here’s the EIGRP configuration of R1 and R2:
R1(config)#router eigrp 12
R1(config-router)#network 192.168.12.0
R1(config-router)#network 192.168.10.0 R2(config)#router eigrp 12
R2(config-router)#network 192.168.12.0As a result, R2 will learn network 192.168.10.0 /24:
R2#show ip route eigrp
D 192.168.10.0/24 [90/307200] via 192.168.12.1, 00:00:59, FastEthernet0/0The problem however is that R1 is sending hello packets towards our computers. You can verify this by enabling a debug:
R1#debug eigrp packets hello
EIGRP Packets debugging is on
(HELLO)
EIGRP: Sending HELLO on FastEthernet0/0
AS 12, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0
EIGRP: Sending HELLO on FastEthernet0/1
AS 12, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0Above you can see that the hello packets are going in both directions.
Let’s use the passive interface command to disable the hello packets towards the switch:
Hi Rene,
Very Good Explanation!
Thanks,
SV
Hi Rene,
If we are connected different clients with a L3 Switch , we can used this command (Passive Interface) to stop hello packet to clients.
My question is , if make Passive Interface Defaults on all interface (directly connected to other router) should Adjacency will be there or will be stop ?
Thanks …
Regards
Adil Khan
Hi Adil,
The adjacency will be killed. If you use passive-interface on all interfaces then you need to use no passive-interface for the interfaces that require an EIGRP neighbor adjacency.
Rene
tnks rene bedant
Great and easy to understand lesson. I would only make one request on this for something to be added.
in my lab of this lesson everything went smoothly. Only thing I had some hiccups on that I had to search was the following.
I knew how to setup from the lesson the default command for passive interface. However, for some reason I was thinking “incorrectly” that I needed to setup the no passive-interface command under the interfaces… I tried a few times but it was not working for obvious reasons as that was the wrong place. Its small thing and I quickly d
... Continue reading in our forum