Command
Passive-Interface Default
Use
This command prevents OSPF from forming adjacencies on all interfaces on the router. Using no passive interface default command is used to allow OSPF communication.
Syntax
Router(config-router)#passive-interface default
Example
In this example, we will use passive-interface default to block all OSPF adjacencies. Afterwards, we will allow communication through R2’s Fa0/0.
R2(config)#do show ip route ospf 1.0.0.0/32 is subnetted, 3 subnets O 1.1.1.1 [110/2] via 10.1.1.1, 00:00:24, FastEthernet0/0 O 1.3.3.3 [110/2] via 10.1.1.1, 00:00:24, FastEthernet0/0 O 1.2.2.2 [110/2] via 10.1.1.1, 00:00:24, FastEthernet0/0 192.168.13.0/30 is subnetted, 1 subnets O 192.168.13.0 [110/65] via 10.2.2.3, 00:00:24, FastEthernet1/0 [110/65] via 10.1.1.1, 00:00:24, FastEthernet0/0 33.0.0.0/32 is subnetted, 1 subnets O 33.33.33.33 [110/2] via 10.2.2.3, 00:00:24, FastEthernet1/0 3.0.0.0/32 is subnetted, 1 subnets O 3.3.3.3 [110/2] via 10.2.2.3, 00:00:24, FastEthernet1/0 111.0.0.0/32 is subnetted, 1 subnets O 111.111.111.111 [110/2] via 10.1.1.1, 00:00:24, FastEthernet0/0 10.0.0.0/24 is subnetted, 3 subnets O 10.4.4.0 [110/65] via 10.2.2.3, 00:00:24, FastEthernet1/0 [110/65] via 10.1.1.1, 00:00:24, FastEthernet0/0 11.0.0.0/32 is subnetted, 1 subnets O 11.11.11.11 [110/2] via 10.1.1.1, 00:00:24, FastEthernet0/0 133.133.0.0/32 is subnetted, 1 subnets O 133.133.133.133 [110/2] via 10.2.2.3, 00:00:24, FastEthernet1/0
Here we enable passive-interface default on R2.
R2(config)#router ospf 1 R2(config-router)#passive-interface default R2(config-router)# *Mar 1 01:17:00.523: %OSPF-5-ADJCHG: Process 1, Nbr 10.1.1.1 on FastEthernet0/0 from FULL to DOWN, Neighbor Down: Interface down or detached *Mar 1 01:17:00.535: %OSPF-5-ADJCHG: Process 1, Nbr 133.133.133.133 on FastEthernet1/0 from FULL to DOWN, Neighbor Down: Interface down or detached R2(config-router)#
We can see there are no longer any OSPF routes on R2.
R2(config-router)#do show ip route OSPF R2(config-router)#
Now we will use no passive-interface fa0/0 to allow communication through R2’s Fa0/0.
R2(config-router)#no passive-interface fa0/0 R2(config-router)# *Mar 1 01:17:35.075: %OSPF-5-ADJCHG: Process 1, Nbr 10.1.1.1 on FastEthernet0/0 from LOADING to FULL, Loading Done
Finally, we have routes coming in from Fa0/0, but not any other interface.
R2(config-router)#do show ip route ospf 1.0.0.0/32 is subnetted, 3 subnets O 1.1.1.1 [110/2] via 10.1.1.1, 00:00:20, FastEthernet0/0 O 1.3.3.3 [110/2] via 10.1.1.1, 00:00:20, FastEthernet0/0 O 1.2.2.2 [110/2] via 10.1.1.1, 00:00:20, FastEthernet0/0 192.168.13.0/30 is subnetted, 1 subnets O 192.168.13.0 [110/65] via 10.1.1.1, 00:00:20, FastEthernet0/0 33.0.0.0/32 is subnetted, 1 subnets O 33.33.33.33 [110/66] via 10.1.1.1, 00:00:20, FastEthernet0/0 3.0.0.0/32 is subnetted, 1 subnets O 3.3.3.3 [110/66] via 10.1.1.1, 00:00:20, FastEthernet0/0 111.0.0.0/32 is subnetted, 1 subnets O 111.111.111.111 [110/2] via 10.1.1.1, 00:00:20, FastEthernet0/0 10.0.0.0/24 is subnetted, 3 subnets O 10.4.4.0 [110/65] via 10.1.1.1, 00:00:20, FastEthernet0/0 11.0.0.0/32 is subnetted, 1 subnets O 11.11.11.11 [110/2] via 10.1.1.1, 00:00:20, FastEthernet0/0 133.133.0.0/32 is subnetted, 1 subnets O 133.133.133.133 [110/66] via 10.1.1.1, 00:00:20, FastEthernet0/0