Shulou(Shulou.com)06/01 Report--

The concept of a passive interface is to prevent routing updates from being sent from that interface. All IP-based routing protocols except BGP can use passive interfaces

First, use passive interface in RIP

1. The purpose of using a passive interface in some network environments, we do not want to send RIP updates to some routers or to a certain network, so we can use the command passive-interface to prevent RIP update broadcasts from being sent to the outside world from the specified interface, but this interface can still accept RIP updates.

2. The principle of passive-interface

Interfaces with passive-interface, that is, passive interfaces, cannot send broadcasts and multicast, but RIP uses multicast and broadcast updates, so the passive interface on the router cannot send routing updates

3. Configuration case

R1 (fa0/0)-(fa0/0) R2 (fa0/1)-(fa0/0) R3 does not want R2 to send routing updates to R1 now We can set the fa0/0 of R2 as passive interface R2:conf trouter ripnetwork 192.168.1.0network 192.168.2.0passive-interface fa0/0 Note: this command will prevent RIP updates from propagating out the fa0/0 interface of R2, but it does not prevent the fa0/0 interface from continuing to accept RIP updates sent by R1, so R2 can still learn the routing updates sent by R1. It's just that R1 can't learn the routing information on R2.

4. Principle of combined use of unicast and passive interface: multicast and broadcast updates cannot be sent on passive interfaces, but unicast updates can be sent to peers through passive interfaces. There are two situations that require unicast: the first: in NBMA networks, such as frame Relay networks, multicast and broadcasting are not supported. In this case, we need to enable unicast to send routing updates (neighbor) Note: if we use the broadcast parameter when manually configuring the map, then we do not need to use the neighbor command, and the router can also learn the second kind of routing information: in a multi-access network, we do not want some routers to learn the corresponding routing information, but only send routing updates to specific routers. In this case, we need to use a combination of unicast and passive interface to achieve this purpose (neighbor+passive-interface)

The first case: the problem of RIP in frame Relay network: multicast and broadcast are not supported in frame Relay network, and RIP protocol uses multicast (224.0.0.9) or broadcast to send routing updates, so RIP can not send routing updates in frame Relay network.

R1:interface s0/0ip address 192.168.1.1 255.255.255.0no shutdownencapsulation frame-relayno frame inverse-arpframe-relay map ip 192.168.1.2 102frame-relay map ip 192.168.1.3 103 configure frame Relay using manual mapping without using the broadcast parameter, verify that the neighbor command router ripnetwork 192.168.1.0 declares the rip route neighbor 192.168.1.2 to specify its two neighbors neighbor 192.168.1.3 because this router is the central router So to specify two neighbors, R2:interface s0/0ip address 192.168.1.3 255.255.255.0no shutdownencapsulation frame-relayno frame inverse-arpframe-relay map ip 192.168.1.1 201frame-relay map ip 192.168.1.3 201router ripnetwork 192.168.1.0neighbor 192.168.1.1 this is the edge router, so you only need to designate the central router as the neighbor, mainly because there is no PVC established between the edge routers. Cannot specify neighbor

R3:interface s0/0ip address 192.168.1.3 255.255.255.0no shutdownencapsulation frame-relayno frame inverse-arpframe-relay map ip 192.168.1.1 301frame-relay map ip 192.168.1.2 301router ripnetwork 192.168.1.0neighbor 192.168.1.1

Configuration of the second case (in a multi-access network)

R1:conf trouter ripnetwork1.0.0.0network 192.168.1.0passive-interface fa0/0 uses passive interfaces to prevent neighbor 192.168.1.2 from accepting broadcast updates, specifying neighbors and enabling unicast to send updates

R2:conf trouter ripnetwork 192.168.1.0network 192.168.2.0passive-interface fa0/0 uses passive interfaces to prevent neighbor 192.168.1.1 from accepting broadcast updates, specifying neighbors and enabling unicast to send updates

Summary: unicast routing is not affected by passive interfaces (routing updates can still be sent) unicast routing is not affected by split horizon (on the interface of the central router of frame Relay, split horizon does not need to be turned off or subinterfaces need to be used, spoke routers can also learn routing) Note: when configuring a NBMA network, if we use the keyword broadcast for address mapping, we do not need to use the neighbor command

2. The application of passive interface in EIGRP

1. The purpose of using passive interface in EIGRP: in order to be able to communicate, we must use network to advertise all subnets to EIGRP, but do not want some subnets to participate in the EIGRP process. Using the passive-interface command can prohibit some interfaces from sending hello packets and routing updates.

2. Principle: we know that before EIGRP routers send routing updates, they have to establish a neighbor relationship through hello packets before sending routing updates. However, after the passive interface is used on the EIGRP router, the interface will no longer send hello packets, and the neighbor relationship cannot be established, so EIGRP traffic will not be sent through this passive interface.

3. The role of passive-interface: prohibit the establishment of neighbor relationships through passive interfaces. Prohibit receiving and sending routing updates through passive interfaces to allow EIGRP processes to advertise subnets connected to passive interfaces (see explanation below).

4. Summary on the interfaces through which the network command will attempt to establish a neighbor relationship will advertise those networks to the EIGRP neighbors: configuring the interface as passive only prohibits the establishment of neighbor relationships, but the router will still advertise the connected network to the EIGRP neighbors attention: routers configured as passive interfaces cannot use the neighbor command to establish neighbor relations with each other, which is different from RIP

5. Configuration command configuration method:

Router eigrp 10 passive-interface fa0/0 sets fa0/0 as passive interface in EIGRP routing mode. All excuses except this interface are set to passive interface-experiment: we configure a passive interface between two EIGRP routers, and then observe what happens debug eigrp packets helloshow ip protocols to see if a passive interface is used.

Third, the application of passive interface in OSPF

1. The purpose of using passive interface in OSPF the passive interface on OSPF is different from all other protocols. In OSPF, the passive interface is generally used in the stub network (only connected to the network segment of the terminal), and these terminals do not need to receive ospf traffic, so we can set the passive interface on the interface connecting these terminals to save resources.

2. The role of passive-interface prevents the API from sending and receiving ospf traffic.

3. Note that the command network specifies which interfaces OSPF will attempt to establish neighbor relationships and advertise those networks to OSPF neighbors. Configuring the interface passively only prohibits the establishment of neighbor relationships, and the router will still advertise the connected networks to ospf neighbors.

4. Command format router ospf 1passive-interface default turns all interfaces into passive interfaces no passive-interface fa1/0 only opens this port to update routing information, or router ospf 1passive-interface fa1/0 only sets this interface as the default interface, and other interfaces send and receive routing updates normally.

Click to follow

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.