Apa itu Passive Interface (RIP,OSPF and EIGRP)

Apa itu Passive Interface (RIP,OSPF and EIGRP)

   20.32       Around The Word

---

Passive-interface command is used in all routing protocols to disable sending updates out from a specific interface. However the command behavior varies from o­ne protocol to another.

In RIP this command will disable sending multicast updates via a specific interface but will allow listening to incoming updates from other RIP enabled neighbors.This simply means that the router will still be able to receive updates o­n that passive interface and use them in the routing table.

Syntax

 R1(config)#router rip R1(config-router)#  Version 2 R1(config-router)#  network 10.4.0.0 R1(config-router)#  network 10.2.0.0
 R1(config-router)#  passive-interface s0

The passive-interface command will prevent updates from being sent out of the Serial0 interface, but R1 will still receive updates on this interface.We can configure all interfaces to be passive using the passive-interface default command, and then individually use the no passive-interface command on the interfaces we do want updates to be sent out:

Syntax

 R1(config)#router rip R1(config-router)#  network 10.4.0.0 R1(config-router)#  network 10.2.0.0 R1(config-router)#  passive-interface default R1(config-router)#  no passive-interface e0

If you used the neighbor command under the RIP process, the router will send unicast updates as well as multicast updates.The passive-interface command must be used disable Multicast/broadcast updates and allowing only unicast.

Router(config)#router ripRouter(config-router)#  passive-interface s0Router(config-router)#  passive-interface s1Router(config-router)#  neighbor 10.3.5.1Router(config-router)#  neighbor 10.4.5.1

In EIGRP the passive-interface command stops sending outgoing hello packets, hence the router can not form any neighbor relationship via the passive interface. This behavior stops both outgoing and incoming routing updates.

Syntax :

R1(config)# router eigrp 10R1(config-router)# network 10.4.0.0R1(config-router)# network 10.2.0.0R1(config-router)# passive-interface s0

In OSPF the passive-interface has a similar behavior to EIGRP. The command suppresses hello packets and hence neighbor relationships.

R1(config)# router OSPF 101R1(config-router)#  network 10.4.0.0R1(config-router)#  network 10.2.0.0R1(config-router)#  passive-interface s0

Passive interface default command can be used in both EIGRP and OSPF like we used in RIP

Always remember, that the passive-interface command will prevent EIGRP (and OSPF) from forming neighbor relationships out of that interface. No routing updates are passed in either direction.

Important: Passive interface command applying on interfaces wont effect on the sub interfaces created under it.If you want to active "passive interface" command on sub interface,it should be given on that specific sub interface

------ > sumber http://sysnetnotes.blogspot.co.id

$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

Passive interface adalah perintah yang dapat kita gunakan untuk mengontrol perkembangan update tabel routing. Cara kerjanya adalah dengan menjadikan suatu interface menjadi silent host atau dengan kata lain membiarkan interface tersebut tetap menerima broadcast dari interface yang aktif, sementara interface yang passive tidak memberikan broadcast ke neighbor.

Topologi

Topologi diatas memiliki 4 router cisco : Jakarta, Surabaya, Semarang dan Serang. Sedangkan area Semarang memiliki client tersendiri.
Yang ingin kita jadikan silent host adalah interface serial0/1 (ip address 10.10.30.2) pada router Jakarta, sehingga tidak lagi memberikan broadcast data kepada router Surabaya (ip address 10.10.30.2).

berikut running configurationnya :

SurabayaSurabaya#sh run Building configuration…Current configuration : 612 bytes ! version 12.2 no service timestamps log datetime msec no service timestamps debug datetime msec no service password-encryption ! hostname Surabaya ! ! ! ip name-server 0.0.0.0 ! ! ! interface FastEthernet0/0 no ip address duplex auto speed auto shutdown ! interface FastEthernet0/1 no ip address duplex auto speed auto shutdown ! interface Serial0/0 description to Jakarta no ip address clock rate 64000 ! interface Serial0/1 ip address 10.10.30.2 255.255.255.0 ! router rip version 2 network 10.0.0.0 ! ip classless ! ! ! line con 0 line vty 0 4 login ! ! end

JakartaJakarta#sh run Building configuration…Current configuration : 834 bytes ! version 12.2 no service timestamps log datetime msec no service timestamps debug datetime msec no service password-encryption ! hostname Router ! ! ! ip name-server 0.0.0.0 ! ! ! interface FastEthernet0/0 no ip address duplex auto speed auto shutdown ! interface FastEthernet0/1 no ip address duplex auto speed auto shutdown ! interface Serial0/0 description to Serang ip address 10.10.10.2 255.255.255.0 clock rate 64000 ! interface Serial0/1 description to Surabaya ip address 10.10.30.2 255.255.255.0 clock rate 64000 ! interface Serial0/2 description to Semarang ip address 10.10.20.2 255.255.255.0 ! interface Serial0/3 no ip address shutdown ! router rip version 2 passive-interface Serial0/1 network 10.0.0.0 ! ip classless ! ! ! line con 0 line vty 0 4 login ! ! end

Serang Serang>en Serang# Serang#sh run Building configuration…Current configuration : 602 bytes ! version 12.2 no service timestamps log datetime msec no service timestamps debug datetime msec no service password-encryption ! hostname Serang ! ! ! ip name-server 0.0.0.0 ! ! ! interface FastEthernet0/0 no ip address duplex auto speed auto shutdown ! interface FastEthernet0/1 no ip address duplex auto speed auto shutdown ! interface Serial0/0 description to Jakarta ip address 10.10.10.1 255.255.255.0 ! interface Serial0/1 no ip address shutdown ! router rip version 2 network 10.0.0.0 ! ip classless ! ! ! line con 0 line vty 0 4 login ! ! end

Semarang Semarang#sh run Building configuration…Current configuration : 664 bytes ! version 12.2 no service timestamps log datetime msec no service timestamps debug datetime msec no service password-encryption ! hostname Semarang ! ! ! ip name-server 0.0.0.0 ! ! ! interface FastEthernet0/0 description to Client Semarang ip address 192.168.1.1 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 no ip address duplex auto speed auto shutdown ! interface Serial0/0 ip address 10.10.20.1 255.255.255.0 clock rate 64000 ! interface Serial0/1 no ip address shutdown ! router rip version 2 network 10.0.0.0 network 192.168.1.0 ! ip classless ! ! ! line con 0 line vty 0 4 login ! ! end

—————————————————————————————————————————————————————————————————————-

Jika anda ingin melihat proses broadcast routing tabel pada setiap router, karena routing yang saya gunakan adalah RIP maka anda dapat mengaktifkan fungsi “debug ip rip events”  pada router Jakarta dan Surabaya.

Surabaya

Surabaya#debug ip rip events
RIP event debugging is on
Surabaya#

Jakarta

Jakarta#debug ip rip events
RIP event debugging is onJakarta#

maka yang akan terjadi seperti ini :

Jika kita lihat 2 gambar diatas, maka terdapat perbedaan yang sangat mencolok yaitu aktifitas di router. Setelah passive interface di router Jakarta diaktifkan, maka interface Jakarta tidak akan mengirimkan update kepada ip 10.10.30.1 (interface Surabaya). Hal ini karena interface Jakarta menuju Surabaya diperintahkan untuk menjadi silence host.
Padahal jika Surabaya memberikan paket ping ke Jakarta, maka akan tetap terkoneksi.

—————————————————————————————————————————————————————————————————————-

Perbedaan passive interface dan normal interface adalah seperti dibawah ini, karena Semarang tidak dikonfigurasikan passive interface maka akan tetap menerima dan mengirimkan update routing tabel kepada Jakarta.

SemarangSemarang#debug ip rip events RIP event debugging is onSemarang#

----> sumber barliesucks.wordpress.com