Case Study Passive Interfaces

The router Floyd has been added to the internetwork (Figure 5.10). It is desired that no RIP advertisements be exchanged between Floyd and Andy. This is easy enough at Floyd:

Figure 5.10. Network policy calls for no RIP exchanges between Andy and Floyd.

Figure 5.10. Network policy calls for no RIP exchanges between Andy and Floyd.

Floyd(config)#router rip

Floyd(config-router)#network 192.168.100.0

By not including a network statement for 192.168.12.0, Floyd will not advertise on interface 192.168.12.66. Andy, however, has two interfaces attached to 172.17.0.0; the network must be included under RIP. To block RIP broadcasts on an interface connected to a subnet of a RIP-enabled network, add the passive-interface command to the RIP process. Andy's RIP configuration is:

router rip passive-interface Ethernet0 network 172.17.0.0 network 192.168.12.0 network 192.168.83.0

Passive-interface is not a RIP-specific command; it may be configured under any IP routing protocol. Using the passive-interface command essentially makes a router a silent host on the data link specified. Like other silent hosts, it still listens to RIP broadcasts on the link and updates its routing table accordingly. If the desired result is to prevent the router from learning routes on the link, it must be achieved by more intricate control of routing updates, namely by filtering out updates. (Route filters are discussed in Chapter 13, "Route Filtering." ) Unlike a silent host, the router does not respond to a RIP Request received on a passive interface.

0 0

Post a comment