Passive-Interface Command on CISCO Router/Switch

Command

Passive-Interface

Use

This command prevents OSPF from forming adjacencies on specified interfaces on the router. Using no passive-interface is used to allow all OSPF communication.

Syntax

Router(config-router)#passive-interface <interface>

Example

In this example, we will use passive-interface default to block all OSPF adjacencies. After that, we will allow communication through R2’s Fa0/0.

R2(config)#do show ip route ospf
1.0.0.0/32 is subnetted, 3 subnets
O 1.1.1.1 [110/2] via 10.1.1.1, 00:00:24, FastEthernet0/0
O 1.3.3.3 [110/2] via 10.1.1.1, 00:00:24, FastEthernet0/0
O 1.2.2.2 [110/2] via 10.1.1.1, 00:00:24, FastEthernet0/0
192.168.13.0/30 is subnetted, 1 subnets
O 192.168.13.0 [110/65] via 10.2.2.3, 00:00:24, FastEthernet1/0
[110/65] via 10.1.1.1, 00:00:24, FastEthernet0/0
33.0.0.0/32 is subnetted, 1 subnets
O 33.33.33.33 [110/2] via 10.2.2.3, 00:00:24, FastEthernet1/0
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/2] via 10.2.2.3, 00:00:24, FastEthernet1/0
111.0.0.0/32 is subnetted, 1 subnets
O 111.111.111.111 [110/2] via 10.1.1.1, 00:00:24, FastEthernet0/0
10.0.0.0/24 is subnetted, 3 subnets
O 10.4.4.0 [110/65] via 10.2.2.3, 00:00:24, FastEthernet1/0
[110/65] via 10.1.1.1, 00:00:24, FastEthernet0/0
11.0.0.0/32 is subnetted, 1 subnets
O 11.11.11.11 [110/2] via 10.1.1.1, 00:00:24, FastEthernet0/0
133.133.0.0/32 is subnetted, 1 subnets
O 133.133.133.133 [110/2] via 10.2.2.3, 00:00:24, FastEthernet1/0

Here we enable passive-interface default on R2

R2(config)#router ospf 1
R2(config-router)#passive-interface default
R2(config-router)#
*Mar 1 01:17:00.523: %OSPF-5-ADJCHG: Process 1, Nbr 10.1.1.1 on FastEthernet0/0 from FULL to DOWN, Neighbor Down: Interface down or detached
*Mar 1 01:17:00.535: %OSPF-5-ADJCHG: Process 1, Nbr 133.133.133.133 on FastEthernet1/0 from FULL to DOWN, Neighbor Down: Interface down or detached
R2(config-router)#

We can see there are no longer any OSPF routes on R2.

R2(config-router)#do show ip route OSPF

R2(config-router)#

Now we will use no passive-interface fa0/0 to allow communication through R2’s Fa0/0.

R2(config-router)#no passive-interface fa0/0
R2(config-router)#
*Mar 1 01:17:35.075: %OSPF-5-ADJCHG: Process 1, Nbr 10.1.1.1 on FastEthernet0/0 from LOADING to FULL, Loading Done

Finally, we have routes coming in from Fa0/0 but not any other interface.

R2(config-router)#do show ip route ospf
1.0.0.0/32 is subnetted, 3 subnets
O 1.1.1.1 [110/2] via 10.1.1.1, 00:00:20, FastEthernet0/0
O 1.3.3.3 [110/2] via 10.1.1.1, 00:00:20, FastEthernet0/0
O 1.2.2.2 [110/2] via 10.1.1.1, 00:00:20, FastEthernet0/0
192.168.13.0/30 is subnetted, 1 subnets
O 192.168.13.0 [110/65] via 10.1.1.1, 00:00:20, FastEthernet0/0
33.0.0.0/32 is subnetted, 1 subnets
O 33.33.33.33 [110/66] via 10.1.1.1, 00:00:20, FastEthernet0/0
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/66] via 10.1.1.1, 00:00:20, FastEthernet0/0
111.0.0.0/32 is subnetted, 1 subnets
O 111.111.111.111 [110/2] via 10.1.1.1, 00:00:20, FastEthernet0/0
10.0.0.0/24 is subnetted, 3 subnets
O 10.4.4.0 [110/65] via 10.1.1.1, 00:00:20, FastEthernet0/0
11.0.0.0/32 is subnetted, 1 subnets
O 11.11.11.11 [110/2] via 10.1.1.1, 00:00:20, FastEthernet0/0
133.133.0.0/32 is subnetted, 1 subnets
O 133.133.133.133 [110/66] via 10.1.1.1, 00:00:20, FastEthernet0/0

Related Articles

Leave a Reply

avatar