You are here: Home » EIGRP

EIGRP Passive Interface

When you use the EIGRP network command, two things will happen:

All interfaces that have a network that falls within the range of your network command will be advertised in EIGRP.
EIGRP hello packets will be sent on these interfaces.

Sometimes however you might want to advertise a network in EIGRP but you don’t want to send hello packets everywhere. Take a look at the topology below for an example:

Above we have two routers, R1 and R2. On the left side there’s the 192.168.10.0 /24 network with a switch and some computers. R1 wants to advertise this network to R2 but since there are no other EIGRP routers in the 192.168.10.0 /24 network, it’s pointless to send EIGRP hello packets on the FastEthernet 0/1 interface.

It’s also a security risk, when someone connects a router in the 192.168.10.0 /24 network (or starts a virtual router on their computer) they will be able to become EIGRP neighbors with R1.

To prevent this from happening, we will use the passive-interface command. This will ensure that the network is advertised in EIGRP but it will disable hello packets on the interface.

Another trick to advertise something in EIGRP without sending hello packets on the interface is using the “redistribute” command.

Let me show you how to configure this.

Configuration

Here’s the EIGRP configuration of R1 and R2:

R1(config)#router eigrp 12
R1(config-router)#network 192.168.12.0
R1(config-router)#network 192.168.10.0

R2(config)#router eigrp 12
R2(config-router)#network 192.168.12.0

As a result, R2 will learn network 192.168.10.0 /24:

R2#show ip route eigrp 
D    192.168.10.0/24 [90/307200] via 192.168.12.1, 00:00:59, FastEthernet0/0

The problem however is that R1 is sending hello packets towards our computers. You can verify this by enabling a debug:

R1#debug eigrp packets hello
EIGRP Packets debugging is on
    (HELLO)

EIGRP: Sending HELLO on FastEthernet0/0
  AS 12, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0

EIGRP: Sending HELLO on FastEthernet0/1
  AS 12, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0

Above you can see that the hello packets are going in both directions.

Let’s use the passive interface command to disable the hello packets towards the switch:

We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is why:

Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
Full Access to our 651 Lessons. More Lessons Added Every Week!
Content created by Rene Molenaar (CCIE #41726)

Give Membership a try - it's just $1 ►

451 Sign Ups in the last 30 days

100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Previous Lesson
EIGRP Static Neighbor

Next Lesson
EIGRP Authentication

Forum Replies

abuidiris01 says:

tnks rene bedant
wilder7bc says:

Great and easy to understand lesson. I would only make one request on this for something to be added.
in my lab of this lesson everything went smoothly. Only thing I had some hiccups on that I had to search was the following.

I knew how to setup from the lesson the default command for passive interface. However, for some reason I was thinking “incorrectly” that I needed to setup the no passive-interface command under the interfaces… I tried a few times but it was not working for obvious reasons as that was the wrong place. Its small thing and I quickly d
... Continue reading in our forum
lagapides says:

Hello Brian

In EIGRP just like in OSPF, it is possible to set the default state of an interface as passive with the passive-interface default command under the router eigrp configuration. This is explicitly explained in the OSPF passive interface lesson found below, but not in the EIGRP passive interface lesson.

https://networklessons.com/ospf/ospf-passive-interface/

I will inform Rene about your suggestion to add it explicitly in this lesson as well.

I’m very pleased that you find this forum useful for you in your studies and your endeavors to obtaining your
... Continue reading in our forum
sales2161 says:
In your introduction video to EIGRP and every other book that I read, it says that

EIGRP hello messages are sent using multicast address 224.0.0.10

but this debug says otherwise. Can you please clarify?

R1#debug eigrp packets hello
EIGRP Packets debugging is on
(HELLO)
```
EIGRP: Sending HELLO on FastEthernet0/0
  AS 12, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0

EIGRP: Sending HELLO on FastEthernet0/1
  AS 12, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0
```
Update: find out why
```
R1#debug ip packet
IP packet debugging is on
R1#
*Feb  3 18:31:23.715: IP: s=192.1
```
... Continue reading in our forum
lagapides says:

Hello Takele

Let’s say you have a router R1 with the following configuration:

FastEthernet 0/1 has an IP address of 192.168.10.1/24
FastEthernet 0/2 has an IP address of 10.10.10.1/24
FastEthernet 0/3 has an IP address of 172.16.2.1/24

Here’s the topology:

//cdn-forum.networklessons.com/uploads/default/original/2X/6/6adf8e1034b79b6e6f60d528edc5fc644bae4348.png

Now let’s say that we’ve included all three subnets in the EIGRP process using the network command. This means that all updates R1 sends will contain all three subnets. Now by default, EIGRP will sent o
... Continue reading in our forum

5 more replies! Ask a question or join the discussion by visiting our Community Forum