RIP Passive Interface

When you use the RIP network command, two things will happen:

  • All interfaces that have a network that falls within the range of your network command will be advertised in RIP.
  • RIP updates will be sent on these interfaces.

Sometimes, however, you might want to advertise a network in RIP but you don’t want to send updates everywhere. Take a look at the topology below for an example:

EIGRP Passive Interface Demo Topology

Above we have two routers, R1 and R2. On the left side, there’s the 192.168.10.0 /24 network with a switch and some computers. R1 wants to advertise this network to R2 but since there are no other RIP routers in the 192.168.10.0 /24 network, it’s pointless to send RIP updates on the FastEthernet 0/1 interface.

To prevent this from happening, we will use the passive-interface command. This will ensure that the network is advertised in RIP but it will not send RIP updates on the interface.

Let me show you how to configure this.

Configuration

Here’s the RIP configuration of R1 and R2:

R1(config)#router rip R1(config-router)#version 2 R1(config-router)#no auto-summary R1(config-router)#network 192.168.12.0 R1(config-router)#network 192.168.10.0 R2(config)#router rip R2(config-router)#version 2 R2(config-router)#no auto-summary R2(config-router)#network 192.168.12.0

As a result, R2 will learn network 192.168.10.0 /24:

R2#show ip route rip R 192.168.10.0/24 [120/1] via 192.168.12.1, 00:00:07, FastEthernet0/0

The problem however, is that R1 is also sending RIP updates to our computers. You can verify this by enabling a debug:

R1#debug ip rip RIP: sending v2 update to 224.0.0.9 via FastEthernet0/0 (192.168.12.1) RIP: build update entries 192.168.10.0/24 via 0.0.0.0, metric 1, tag 0 RIP: sending v2 update to 224.0.0.9 via FastEthernet0/1 (192.168.10.254) RIP: build update entries 192.168.12.0/24 via 0.0.0.0, metric 1, tag 0

Above you can see that the RIP updates are going in both directions.

r1 sending rip updates

Let’s use the passive interface command to disable the hello packets towards the switch:

R1(config)#router rip R1(config-router)#passive-interface FastEthernet 0/1

That’s all you have to do. You can find all passive interfaces with the following command:

R1#show ip protocols *** IP Routing is NSF aware *** Routing Protocol is “application” Sending updates every 0 seconds Invalid after 0 seconds, hold down 0, flushed after 0 Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Maximum path: 32 Routing for Networks: Routing Information Sources: Gateway Distance Last Update Distance: (default is 4) Routing Protocol is “rip” Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Sending updates every 30 seconds, next due in 20 seconds Invalid after 180 seconds, hold down 180, flushed after 240 Redistributing: rip Default version control: send version 2, receive version 2 Interface Send Recv Triggered RIP Key-chain FastEthernet0/0 2 2 Automatic network summarization is not in effect Maximum path: 4 Routing for Networks: 192.168.10.0 192.168.12.0 Passive Interface(s): FastEthernet0/1 Routing Information Sources: Gateway Distance Last Update Distance: (default is 120)

If you left the debug enabled;

R1# RIP: sending v2 update to 224.0.0.9 via FastEthernet0/0 (192.168.12.1) RIP: build update entries 192.168.10.0/24 via 0.0.0.0, metric 1, tag 0

The network is still advertised which we can confirm by checking R2:

R2#show ip route rip R 192.168.10.0/24 [120/1] via 192.168.12.1, 00:00:14, FastEthernet0/0

Problem solved. The network is still advertised but we don’t send any RIP updates anymore towards our computers. You should use this command on all interfaces where you don’t have any RIP routers but you do want to advertise this network to other RIP routers.

If you have many interfaces that should be passive then you can also use the passive-interface default command. This will disable the sending of RIP updates on all interfaces, if you do want to send RIP updates then you need to use the no passive-interface command for these interfaces.

EIGRP and OSPF also support the passive interface command, it works similar to RIP. The difference with RIP is that OSPF and EIGRP will suppress their hello packets, preventing neighbor adjacencies from being formed.

Configurations

Want to take a look for yourself? Here you will find the final configuration of each device.

R1

hostname R1 ! ip cef ! interface FastEthernet0/0 ip address 192.168.12.1 255.255.255.0 ! interface FastEthernet0/1 ip address 192.168.10.254 255.255.255.0 ! router rip passive-interface FastEthernet0/1 network 192.168.10.0 network 192.168.12.0 no auto-summary ! control-plane ! end

R2

hostname R2 ! ip cef ! interface FastEthernet0/0 ip address 192.168.12.2 255.255.255.0 ! router rip network 192.168.12.0 no auto-summary ! end

Conclusion

You have now learned how you can use the RIP passive interface command to prevent RIP updates from being sent on particular interfaces.

Source

Leave a comment

Your email address will not be published. Required fields are marked *