Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

Router(config-router)#passive

advertisement 
Exam: 642-901
Exam Objective: Describe, configure or verify route filtering
(i.e., distribute-lists and passive interfaces)
Contents





Introduction
Technology Background
Lab Scenario
Lab Objectives
Lab Solution
Introduction
It is very important to control where routing updates are going and what routes are being
advertised to which neighbor. This helps in keeping routing tables small and to increase security
in certain networks by keeping their routes from being advertised everywhere. There are many
ways of controlling routing updates. Two most important are - Distribute Lists and Passive
Interfaces.
Technology Background
Distribute Lists are access-lists applied to routing processes to filter route updates. When a
routing process receives a routing update it checks to see if a Distribute list is applied. If one is
applied then each route received in the update is checked against the list. If the route is not
permitted by the list then it will not be accepted. The same applied for routing updates being sent
out by the process. Remember that each access list has an implicit deny at the end which will
cause routing protocols to drop any routes which are not permitted.
There are some limitations to distribute lists when applied to OSPF —the inbound list prevents
routes entering the routing table but does not prevent link state packets from being propagated.
Distribute lists are used with OSPF at the ABR or ASBR.
The command to apply distribute list is:
Router(config-router)#distribute-list <access-list number or name> <in | out> <interface>
Interface is optional and can be used to apply different list to different neighbors.
Example:
Router(config)#access-list 10 deny 1.1.1.0
Router(config)#access-list 10 permit any
Router(config)#router eigrp 10
Router(config-router)#distribute list 10 out fa0/0
The above example will advertised all routers except 1.1.1.0 out FastEthernet0/0 interface.
Another method of controlling router updates is passive interface. Configuring an interface as
passive will cause:



All routing protocols to stop advertising out that interface
All routing protocols except RIP to stop receiving routing updates on that interface.
EIGRP and OSPF to stop sending and receiving hello packets on that interface.
Passive Interface is used to:



Save resources by not sending updates on interface where no router is connected
Increase security by preventing unwanted neighbors
Increase reliability by preventing route injection by unknown sources
An interface can be made passive under a routing protocol using the following command:
Router(config-router)#passive-interface <interface>
You can make all interfaces passive using the following command:
Router(config-router)#passive-interface default
Interfaces can be made non-passive using the no form of the command:
Router(config-router)#no passive-interface <interface>
Lab Scenario
We are using EIGRP in our network which is shown in Figure 1.
Figure 1
The relevant configuration of the routers is shown below:
RouterA#sh run
!
hostname RouterA
!
interface Loopback0
ip address 1.1.1.1 255.255.255.0
!
interface Loopback1
ip address 2.2.2.2 255.255.255.0
!
interface Loopback2
ip address 3.3.3.3 255.255.255.0
!
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.2.1 255.255.255.0
duplex auto
speed auto
!
router eigrp 10
network 1.1.1.0 0.0.0.255
network 2.2.2.0 0.0.0.255
network 3.3.3.0 0.0.0.255
network 192.168.0.0 0.0.255.255
no auto-summary
!
RouterB#sh run
!
hostname RouterB
!
interface FastEthernet0/0
ip address 192.168.1.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.3.2 255.255.255.0
duplex auto
speed auto
!
router eigrp 10
network 192.168.0.0 0.0.255.255
no auto-summary
!
RouterC#sh run
!
hostname RouterC
!
interface FastEthernet0/0
ip address 192.168.2.3 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.3.3 255.255.255.0
duplex auto
speed auto
!
router eigrp 10
network 192.168.0.0 0.0.255.255
no auto-summary
!
We need you to configure EIGRP such that:



RouterA does not form adjacency with RouterC
RouterA does not advertise the 3.3.3.0/24 network to RouterB
RouterB does not advertise the 2.2.2.0/24 network to RouterC
Lab Objectives



Configure fa0/1 as passive on RouterA
Apply a distribute list on RouterA to stop it from advertising 3.3.3.0/24 network
Apply a distribute list on RouterB to stop it from advertising 2.2.2.0/24 network
Lab Solution
First we need to configure fa0/1 as passive on RouterA:
Router(config)#router eigrp 10
Router(config-router)#passive-interface fa0/1
Let's verify adjacency on RouterA:
RouterA#sh ip eigrp neighbors
IP-EIGRP neighbors for process 10
H Address
Interface
(sec)
0 192.168.1.2
Fa0/0
Hold Uptime SRTT RTO Q Seq
(ms)
Cnt Num
11 00:09:24 109 654 0 23
The above output shows that RouterA has not formed an adjacency with RouterC.
Next we need to configure a distribute list on RouterA to stop it from advertising the 3.3.3.0/24
network:
RouterA(config)#access-list 1 deny 3.3.3.0
RouterA(config)#access-list 1 permit any
RouterA(config)#router eigrp 10
RouterA(config-router)#distribute-list 1 out
Let's verify the routing table on RouterB:
RouterB#sh ip route
--output truncated-Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
D
1.1.1.0 [90/409600] via 192.168.1.1, 00:09:34, FastEthernet0/0
2.0.0.0/24 is subnetted, 1 subnets
D
C
2.2.2.0 [90/409600] via 192.168.1.1, 00:09:34, FastEthernet0/0
192.168.1.0/24 is directly connected, FastEthernet0/0
D 192.168.2.0/24 [90/307200] via 192.168.3.3, 00:09:43, FastEthernet0/1
[90/307200] via 192.168.1.1, 00:09:43, FastEthernet0/0
C
192.168.3.0/24 is directly connected, FastEthernet0/1
The above output shows that RouterB is not receiving the route for 2.2.2.0/24.
Finally we need to configure a distribute list on RouterB to stop it from advertising the 2.2.2.0/24
network:
RouterB(config)#access-list 1 deny 2.2.2.0
RouterB(config)#access-list 1 permit any
RouterB(config)#router eigrp 10
RouterB(config-router)#distribute-list 1 out
Let's verify the routing table on RouterC:
RouterC#show ip route
--output truncated-Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
D
1.1.1.0 [90/435200] via 192.168.3.2, 00:07:15, FastEthernet0/1
D 192.168.1.0/24 [90/307200] via 192.168.3.2, 00:07:15, FastEthernet0/1
C
192.168.2.0/24 is directly connected, FastEthernet0/0
C
192.168.3.0/24 is directly connected, FastEthernet0/1
The output above shows that RouterC is only receiving 1.1.1.0/24 route from RouterB. 2.2.2.0/24
has been filtered on RouterB.
Related documents
Lab 1 Building a Network Topology
Lab 1 Building a Network Topology
CCNA 2 - Chapter 8 Study Guide 1. Why
CCNA 2 - Chapter 8 Study Guide 1. Why
prelab2
prelab2
120252-Case Study - Cisco Support Community
120252-Case Study - Cisco Support Community
Exercise 8
Exercise 8
SI202: Week 1
SI202: Week 1
prelab2
prelab2
The ISP provided us with a C class network: 192.168.5.0/24. We
The ISP provided us with a C class network: 192.168.5.0/24. We
Adtran 1234 Reset and Web enable
Adtran 1234 Reset and Web enable
Pertemuan 25 Access Control Lists (ACLs) 1
Pertemuan 25 Access Control Lists (ACLs) 1
Download
advertisement