CCNP ROUTE Study – EIGRP Passive Interfaces

By | June 19, 2013

We know that enabling EIGRP on an interface has two effects:

  • EIGRP Hello packets will start being sent out of the interface to multicast  address 224.0.0.10.  This means that neighbour relationships (adjacencies) can be formed with other routers directly connected to the same subnet and using the same EIGRP AS number
  • the network that the interface is part of will be advertised by the EIGRP routing process

If we have a router with interfaces that are not connected to other routers,  then there is no point in it sending Hello packets out of those interfaces.  It is also good security practice to prevent neighbour relationships being formed via interfaces that we know (as the network designer) that no router should ever connect to.

With EIGRP we have the option to make an interface passive, which has two effects on the interface:

  • EIGRP packets are never sent out
  • EIGRP packets received are ignored

 

Here’s our network for this lab:

EIGRP Passive Interfaces

If we turn on some debugging on router WEST, we can see the default behaviour with Hello packets being sent out of all interfaces that are matched by the EIGRP network statements:

WEST#debug eigrp packets hello
EIGRP Packets debugging is on
 (HELLO)
WEST#
*Mar 1 02:58:47.207: EIGRP: Sending HELLO on FastEthernet2/0
*Mar 1 02:58:47.207: AS 1000, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0
*Mar 1 02:58:47.535: EIGRP: Sending HELLO on FastEthernet1/0
*Mar 1 02:58:47.535: AS 1000, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0
*Mar 1 02:58:48.671: EIGRP: Sending HELLO on FastEthernet0/0
*Mar 1 02:58:48.671: AS 1000, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0

 

Objective

On router WEST, advertise all connected networks into EIGRP AS 1000, but prevent neighbour relationships being formed over interfaces f1/0 and f2/0.

We have three options up our sleeve to achieve this.  The first two use passive interfaces, and the third uses route redistribution.

Option 1

Configure interfaces f1/0 and f2/0 to be passive:

WEST(config)#router eigrp 1000
WEST(config-router)#passive-interface fastEthernet 1/0
WEST(config-router)#passive-interface fastEthernet 2/0

Option 2

Configure all interfaces to be passive by default, and then explicitly make interface f0/0 active:

WEST(config-router)#passive-interface default

Note that at this point WEST’s neighbour relationship with HQ goes down as EIGRP packets are no longer being sent out of any interfaces:

*Mar 1 00:23:52.867: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1000: 
Neighbor 192.168.1.2 (FastEthernet0/0) is down: interface passive

Then we make f0/0 active and the neighbour relationship comes back:

WEST(config-router)#no passive-interface fastEthernet 0/0
*Mar 1 00:29:12.587: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1000: 
Neighbor 192.168.1.2 (FastEthernet0/0) is up: new adjacency

 

To verify options 1 and 2, we could turn on debugging again and observe Hello packets only being sent out of interface f0/0.  A nicer way is  by using a couple of show commands:

To show all passive interfaces:

WEST#show ip protocols
Routing Protocol is "eigrp 1000"
 Outgoing update filter list for all interfaces is not set
 Incoming update filter list for all interfaces is not set
 Default networks flagged in outgoing updates
 Default networks accepted from incoming updates
 EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0
 EIGRP maximum hopcount 100
 EIGRP maximum metric variance 1
 Redistributing: eigrp 1000
 EIGRP NSF-aware route hold timer is 240s
 Automatic network summarization is not in effect
 Maximum path: 4
 Routing for Networks:
 10.1.1.0/24
 10.1.2.0/24
 192.168.1.0/30
 Passive Interface(s):
 FastEthernet1/0
 FastEthernet2/0
 VoIP-Null0
 Routing Information Sources:
 Gateway Distance Last Update
 Distance: internal 90 external 170

To show only active interfaces:

WEST#show ip eigrp interfaces 
IP-EIGRP interfaces for process 1000
                Xmit Queue  Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes
Fa0/0     0     0/0         0    0/1         0          0

 

Option 3

Instead of using a network statement to advertise the networks connected to f1/0 and f2/0, redistribute these connected networks into EIGRP:

WEST#sh run | s router
router eigrp 1000
 redistribute connected
 network 192.168.1.0 0.0.0.3
 no auto-summary

Although our objective is achieved with all three options, there is a subtle difference with option 3 that we should be aware of.   When directly connected routes are redistributed into EIGRP they are advertised as external routes (admin distance 170) instead of internal routes (admin distance 90), even though they are within the same AS:

EAST#show ip route eigrp
 10.0.0.0/24 is subnetted, 2 subnets
D EX 10.1.2.0 [170/33280] via 192.168.1.5, 00:03:18, FastEthernet0/0
D EX 10.1.1.0 [170/33280] via 192.168.1.5, 00:03:18, FastEthernet0/0
 192.168.1.0/30 is subnetted, 2 subnets
D 192.168.1.0 [90/30720] via 192.168.1.5, 00:37:24, FastEthernet0/0

 

I hope this has been a useful explanation.  Thanks for reading, and good luck with your CCNP studies!

Rich

 

Follow Rich on Twitter

 

Category: CCNP Certification Cisco ROUTE Study Notes Tags: , , , ,

About Rich Bibby

Rich Bibby is a Network Engineer with extensive experience in designing, deploying and supporting enterprise networks of varying size and scale. Areas of expertise include Campus LAN, WAN, Data Centre, VPN and Remote Access solutions from vendors including Juniper, Cisco, Arista, Checkpoint and Pulse Secure. Rich is currently JNCIA-JUNOS certified and has previously held several other certifications from Juniper, Cisco, Checkpoint and Microsoft. Follow Rich on Twitter

5 thoughts on “CCNP ROUTE Study – EIGRP Passive Interfaces

    1. Rich Bibby Post author

      Thanks for the comment Vicky. Nice blog of your own BTW

      Rich

      Reply
  1. Mark G.

    Rich, this has been the best explanation I have found online! It’s what I thought it should be but other peoples explanations confused me more then help. Thanks again!

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *