What is a passive interface? Its configuration and use in RIP, EIGRP, and OSPF routing
The passive-interface command disables the routing on the specified interfaces. In the RIP routing, we can use the following command to disable the routing on all the interfaces at once.
Router(config-router)#passive-interface default
The above command will suppress routing updates on all the interfaces, this command is useful in big routers with lots of interfaces as using this command we can save a lot of time when we have to disable routing on multiple interfaces.
After disabling the routing updates on all the interfaces using the above command, we can allow routing updates on the specific interface using the following command.
Router(config-router)#no passive-interface gigabitEthernet 0/0
OSFP passive interface
In OSPF configuration, we can use the following command to configure the passive-interface
Router(config-router)#passive-interface default
The above command will prevent the router from forming a neighbor relationship with the linked router on all interfaces.
The below command can be used for any specific interface
Router(config-router)#passive-interface gigabitEthernet 0/0
Passive interface configuration on OSFP will not block the routing updates; it will only prevent the router from forming a neighbor relationship. To block the routing updates, we have other options.
EIGRP passive interface
We can use the following command to configure the passive-interface in the EIGRP configuration.
Router(config-router)#passive-interface default
The following command can be used to configure a specific interface as a passive interface.
Router(config-router)#passive-interface gigabitEthernet 0/0
Passive interface configuration in EIGRP will prevent the router from sending the hello packets from specified interfaces.
Without hello packets, the router will not form neighbor adjacency however routing updates will not stop so we have to use other options like access list to fully block the routing updates while using EIGRP.
Network scenarios where we should use the passive-interface configuration
In the below network, we have a router that is connected to the ISP router.
ISP router connects our internal network to the internet so we should not send the routing updates to the vendor router as it poses a security threat.
We should suppress the routing updates on the interface that is connected to the ISP router however we can enable the routing on other interfaces.
In the following network, we have a router interface that is connected to the cloud service so for our network security, we should not send the routing updates on the interface that is connected to the cloud computing.
