Passive Interface

OcNOS-SP : Layer 3 Guide : Layer 3 Unicast Configuration Guide : IS-IS IPv4 : Passive Interface

Passive Interface

In ISP and large enterprise networks, many of the distribution routers have more than 200 interfaces. Before the Default Passive-Interface feature, there were two possibilities for obtaining routing information from all of these interfaces:

• Configure a routing protocol on the backbone interfaces and redistribute connected interfaces.

• Configure the routing protocol on all interfaces and manually set most of them as passive, which was time consuming.

The solution to this problem was to configure the routing protocol on all interfaces and manually set the passive-interface command on the interfaces where adjacency was not desired. In certain networks, this meant coding 200 or more passive-interface statements. With the Default Passive Interface feature, this problem is solved by allowing all interfaces to be set as passive by default using a single passive-interface default command, then configuring individual interfaces in which adjacencies are desired using the passive-interface <interface-name> disable command.

Usage

1. When a specific interface is configured as passive using the passive-interface <interface-name> command:

• The interface loses its adjacency on that interface, for example, eth1.

• The interface (eth1) is still advertised by other IS-IS speaking interfaces to their neighbors.

2. When a specific interface is configured as passive using passive-interface <interface-name> command followed by removing the configuration using no passive-interface <interface-name> command:

• The interface is IS-IS disabled and must be enabled using the ip router isis command (for example, ip router isis 1).

• If IS-IS is not configured, the interface (for example, eth1) will not be advertised by other IS-IS speaking interfaces to their neighbors.

3. When an interface is configured with the passive interface command:

• All IS-IS enabled interfaces lose their adjacency.

• All IS-IS enabled interfaces in the system will be made passive.

• To establish adjacency on a particular interface, the passive interface <interface-name> disable command must be enabled.

• All interfaces which were made passive are advertised by the active IS-IS speaking interface to its neighbors.

4. When an interface is configured with the no passive interface command:

• All interfaces which are currently passive, will become active.

• If IS-IS is configured on those interface, it will start sending out IS-IS packets and attempt to form adjacency.

• If IS-IS is not configured on those interfaces, it will not be advertised by the active IS-IS speaking interface to its neighbors.

Topology

Figure 13-111 shows a passive-interface configuration example.

Figure 13-111: IS-IS Passive Interface

Configuration

#configure terminal	Enter configure mode.
(config)#router isis 1	Create an IS-IS routing instance (1).
(config-router)#net 49.0001.0000.0000.0001.00	Define the NET address.
(config-router)#is-type level-2-only	Configure instance as level-2-only routing.
(config-if)#commit	Commit candidate configuration to the running configuration
(config-router)#exit	Exit router mode.
(config)#interface eth1	Specify the interface (eth1)to configure and enter Interface mode.
(config-if)#ip address 20.20.20.1/24	Configure IP address on interface.
(config-if)#ip router isis 1	Enable IS-IS routing on interface eth1 (connected to R2).
(config-if)#commit	Commit candidate configuration to the running configuration

#configure terminal	Enter configure mode.
(config)#interface eth1	Specify the interface (eth1)to configure and enter Interface mode.
(config-if)#ip address 20.20.20.2/24	Configure IP address on interface.
(config-if)#ip router isis 1	Enable IS-IS routing on interface eth1 (connected to R1).
(config-if)#exit	Exit interface mode and return to Configure mode.
(config)#interface eth2	Specify the interface (eth2)to configure and enter Interface mode.
(config-if)#ip address 30.30.30.1/24	Configure IP address on interface.
(config-if)#ip router isis 1	Enable IS-IS routing on interface eth2 (connected to R3).
(config-if)#commit	Commit candidate configuration to the running configuration
(config-if)#exit	Exit interface mode and return to Configure mode.
(config)#router isis 1	Create an IS-IS routing instance (1).
(config-router)#net 49.0001.0000.0000.0002.00	Define the NET address.
(config-router)#is-type level-2-only	Configure instance as level-2-only routing.
(config-router)#passive-interface eth1	Configure the eth1 interface as passive.

#configure terminal	Enter configure mode.
(config)#router isis 1	Create an IS-IS routing instance (1).
(config-router)#is-type level-2-only	Configure instance as level-2-only routing.
(config-router)#net 49.0001.0000.0000.0003.00	Define the NET address.
(config-if)#commit	Commit candidate configuration to the running configuration
(config-router)#exit	Exit router mode.
(config)#interface eth2	Specify the interface (eth2)to configure and enter Interface mode.
(config-if)#ip address 30.30.30.2/24	Configure IP address on interface.
(config-if)#ip router isis 1	Enable IS-IS routing on interface eth1 (connected to R2).
(config-if)#commit	Commit candidate configuration to the running configuration

Validation

R1#show clns neighbors

Total number of L1 adjacencies: 0

Total number of L2 adjacencies: 0

Total number of adjacencies: 0

Tag 1: VRF : default

System Id Interface SNPA State Holdtime Type Protocol

R2#show clns neighbors

Total number of L1 adjacencies: 0

Total number of L2 adjacencies: 1

Total number of adjacencies: 1

Tag 1: VRF : default

System Id Interface SNPA State Holdtime Type Protocol

0000.0000.0003 eth2 5254.00a8.940d Up 9 L2 IS-IS

R3#show clns neighbors

Total number of L1 adjacencies: 0

Total number of L2 adjacencies: 1

Total number of adjacencies: 1

Tag 1: VRF : default

System Id Interface SNPA State Holdtime Type Protocol

0000.0000.0002 eth2 5254.007e.5ade Up 19 L2 IS-IS

R1#show ip isis route

Codes: C - connected, E - external, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, D - discard, e - external metric

** - invalid

Tag 1: VRF : default

Destination Metric Next-Hop Interface Tag

C 20.20.20.0/24 10 -- eth1 0

R2#show ip isis route

Codes: C - connected, E - external, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, D - discard, e - external metric

** - invalid

Tag 1: VRF : default

Destination Metric Next-Hop Interface Tag

C 20.20.20.0/24 0 -- eth1 0

C 30.30.30.0/24 10 -- eth2 0

R3#show ip isis route

Codes: C - connected, E - external, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, D - discard, e - external metric

** - invalid

Tag 1: VRF : default

Destination Metric Next-Hop Interface Tag

L2 20.20.20.0/24 10 30.30.30.1 eth2 0

C 30.30.30.0/24 10 -- eth2 0

R1#show isis database verbose

Tag 1: VRF : default

IS-IS Level-2 Link State Database:

LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL

0000.0000.0001.00-00* 0x00000004 0x3A02 923 0/0/0

Area Address: 49.0001

NLPID: 0xCC

IP Address: 20.20.20.1

Metric: 10 IP 20.20.20.0 255.255.255.0

0000.0000.0001.01-00* 0x00000001 0xF108 0 (923) 0/0/0

R2#show isis database verbose

Tag 1: VRF : default

IS-IS Level-2 Link State Database:

LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL

0000.0000.0001.00-00 0x00000002 0x3EFF 887 0/0/0

Area Address: 49.0001

NLPID: 0xCC

IP Address: 20.20.20.1

Metric: 10 IP 20.20.20.0 255.255.255.0

0000.0000.0001.01-00 0x00000001 0x21B9 888 0/0/0

Metric: 0 IS 0000.0000.0001.00

Metric: 0 IS 0000.0000.0002.00

0000.0000.0002.00-00* 0x00000003 0x3761 906 0/0/0

Area Address: 49.0001

NLPID: 0xCC

IP Address: 30.30.30.1

Metric: 10 IS 0000.0000.0003.01

Metric: 0 IP 20.20.20.0 255.255.255.0

Metric: 10 IP 30.30.30.0 255.255.255.0

0000.0000.0003.00-00 0x00000002 0x530E 909 0/0/0

Area Address: 49.0001

NLPID: 0xCC

IP Address: 30.30.30.2

Metric: 10 IS 0000.0000.0003.01

Metric: 10 IP 30.30.30.0 255.255.255.0

0000.0000.0003.01-00 0x00000001 0x2DA9 905 0/0/0

Metric: 0 IS 0000.0000.0003.00

Metric: 0 IS 0000.0000.0002.00

R3#show isis database verbose

Tag 1: VRF : default

IS-IS Level-2 Link State Database:

LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL

0000.0000.0001.00-00 0x00000002 0x3EFF 883 0/0/0

Area Address: 49.0001

NLPID: 0xCC

IP Address: 20.20.20.1

Metric: 10 IP 20.20.20.0 255.255.255.0

0000.0000.0001.01-00 0x00000001 0x21B9 884 0/0/0

Metric: 0 IS 0000.0000.0001.00

Metric: 0 IS 0000.0000.0002.00

0000.0000.0002.00-00 0x00000003 0x3761 901 0/0/0

Area Address: 49.0001

NLPID: 0xCC

IP Address: 30.30.30.1

Metric: 10 IS 0000.0000.0003.01

Metric: 0 IP 20.20.20.0 255.255.255.0

Metric: 10 IP 30.30.30.0 255.255.255.0

0000.0000.0003.00-00* 0x00000002 0x530E 906 0/0/0

Area Address: 49.0001

NLPID: 0xCC

IP Address: 30.30.30.2

Metric: 10 IS 0000.0000.0003.01

Metric: 10 IP 30.30.30.0 255.255.255.0

0000.0000.0003.01-00* 0x00000001 0x2DA9 902 0/0/0

Metric: 0 IS 0000.0000.0003.00

Metric: 0 IS 0000.0000.0002.00

R1# show isis topology

Tag 1: VRF : default

IS-IS paths to level-2 routers

System Id Metric Next-Hop Interface SNPA

0000.0000.0001 --

R2#show isis topology

Tag 1: VRF : default

IS-IS paths to level-2 routers

System Id Metric Next-Hop Interface SNPA

0000.0000.0001 **

0000.0000.0002 --

0000.0000.0003 10 0000.0000.0003 eth2 5254.00a8.940d

R3#show isis topology

Tag 1: VRF : default

IS-IS paths to level-2 routers

System Id Metric Next-Hop Interface SNPA

0000.0000.0001 **

0000.0000.0002 10 0000.0000.0002 eth2 5254.007e.5ade

0000.0000.0003 --

Last modified date: 10/16/2023