Default Passive Interface

Default Passive Interface

Problem

You want to disable RIP on all of a router's interfaces, except for a few that you specify.

Solution

You can disable the sending of RIP updates on all interfaces with the passive-interface default command:

Router1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router1(config)#router rip
Router1(config-router)#passive-interface default
Router1(config-router)#no passive-interface FastEthernet0/0.1
Router1(config-router)#network 172.22.0.0
Router1(config-router)#network 172.25.0.0
Router1(config-router)#network 192.168.1.0
Router1(config-router)#exit
Router1(config)#end
Router1#

Discussion

The RIP network command has two functions. The first function tells RIP which routing prefixes to distribute. The second turns on RIP updates on all interfaces whose addresses are included in the range specified by the network command. Sometimes you want to send routing information for a subnet, but you don't want to actually run RIP on the corresponding interface, as we described in Recipe 6.6. If there are interfaces that you don't want to send RIP updates, you can individually disable them by using the passive-interface command, as we did in Recipe 6.6. But sometimes you don't want interfaces to take part in RIP unless you explicitly enable them, even if they happen to have addresses that are covered by a network command.

This is mostly used as a convenience on routers that have a lot of interfaces, particularly when only a few of those interfaces will be running RIP. You use this feature by entering the passive-interface default command, and then explicitly re-enabling RIP with the no passive-interface command on those interfaces where you do want it:

Router1(config)#router rip
Router1(config-router)#passive-interface default
Router1(config-router)#no passive-interface FastEthernet0/0.1

You can then use as many network commands as you like, but RIP updates will only be sent on the interfaces that you explicitly list.

Using the passive-interface default command can save time, while also making it simpler to troubleshoot problems because you don't have to carefully count all of the interfaces to figure out which ones should be running the routing protocol:

Router1#show ip protocols
Routing Protocol is "rip"
 Sending updates every 30 seconds, next due in 13 seconds
 Invalid after 180 seconds, hold down 180, flushed after 240
 Outgoing update filter list for all interfaces is not set
 Incoming update filter list for all interfaces is not set
 Redistributing: rip
 Default version control: send version 1, receive any version
   Interface             Send  Recv  Triggered RIP  Key-chain
   FastEthernet0/0.1     1     1 2                                 
  Automatic network summarization is in effect
 Maximum path: 4
 Routing for Networks:
   172.22.0.0
   172.25.0.0
 Passive Interface(s):
   FastEthernet0/1
   Serial0/0.2
 Routing Information Sources:
   Gateway         Distance      Last Update
   172.25.1.7           120      00:00:09
   172.25.2.2           120      00:00:01
 Distance: (default is 120)

Router1#

See Also