We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is Why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 622 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

 

447 New Members signed up the last 30 days!

satisfaction-guaranteed

100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!


Forum Replies

  1. Hi Rene!
    You mention that passive-interface command is preventing an interface from sending hello packets.
    I’d like to know technically does it prevent interface from RECEIVING hello packets as well?
    Also, I read in an official Cisco literature that it is recommended ISP facing interfaces to be passive for security.
    However I don’t understand, if this is the case how is my router going to receive routing to external destinations using OSPF if it doesn’t become neighbor
    with the next hop.
    Thank you in advance!

  2. Hi Ivaylo,

    It won’t prevent us from receiving the hello packets but I believe it does stop processing them. Here’s a little experiment I did with two routers, directly connected to each other:

    R1#debug ip ospf hello 
    OSPF hello debugging is on
    

    Now we can see we are sending and receiving hello packets:

    R1#
    OSPF-1 HELLO Gi0/1: Send hello to 224.0.0.5 area 0 from 192.168.12.1
    OSPF-1 HELLO Gi0/1: Rcv hello from 2.2.2.2 area 0 192.168.12.2
    

    Let’s make the interface passive:

    R1(config)#router ospf 1
    R1(config-router)#passive-interface GigabitEthernet 0/1
    

    At this mo

    ... Continue reading in our forum

  3. Hi Ahmad,

    OSPF and EIGRP have one thing in common, they both establish a neighbor adjacency before they advertise any routing information. RIP doesn’t establish a neighbor adjacency, it just advertises routing updates.

    When you use the passive interface command for RIP then it stops advertising RIP routing updates on that interface. When you use it for OSPF or EIGRP, they won’t send any hello packets anymore so that it becomes impossible to establish a neighbor adjacency on the passive interface.

    Rene

  4. Hello Monir

    When you indicate that an interface is passive, it means that any and all OSPF related messages are never sent out that interface. The connected network does participate in the OSPF process, that is, the connected subnet is advertised to other OSPF routers, but no hellos, LSAs or any other OSPF related packets are sent out that interface.

    The passive interface is configured on interfaces where you KNOW there is no OSPF router connected to it to receive any kind of OSPF information.

    I hope this has been helpful!

    Laz

  5. Hello Rene,

    I have a question for passive interface. If one interface having many sub interfaces for example fa0/0.1, fa0/0.2, fa0/0.3 and so on and we use the command passive interface fa0/0 under OSPF, this makes all sub interfaces passive or no ?

9 more replies! Ask a question or join the discussion by visiting our Community Forum