From: Brian McGahan (bmcgahan@internetworkexpert.com)
Date: Mon Aug 04 2003 - 23:03:28 GMT-3
John,
The passive-interface command under IS-IS specifies to advertise
a network into the IS-IS domain without sending hello packets out the
interface. In order to enable IS-IS on an interface, you must use the
'ip router isis' interface command. All other IGP's, on the other hand,
use the routing process command 'network'. Both the 'Ip router isis'
and the 'network' command instruct the router to send updates/hellos out
an interface.
Suppose that we have a device with 10 interfaces with ip
addresses 10.x.0.0/16, where x is 0-9. To enable OSPF or EIGRP on these
interfaces, we could use the 'network 10.0.0.0 0.255.255.255' command.
This specifies that any interfaces which start with 10 should run the
protocol. In IS-IS, however, we would have to go to each interface and
issue the 'ip router isis' command.
To do this type of aggregate network statement in IS-IS, you can
say 'passive-interface default'. Note that using the
'passive-interface' command will not send IS-IS hello packets out an
interface, therefore two routers cannot be adjacent by saying
'passive-interface' on either side of the link.
Another advantage of using the passive-interface command is that
the network in question is injected as an internal network, while a
network that is advertised via 'redistribute connected' will be
considered external.
HTH,
Brian McGahan, CCIE #8593
bmcgahan@internetworkexpert.com
Cell: 708-362-1418
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
John Matijevic
Sent: Monday, August 04, 2003 7:32 PM
To: MMoniz; Brown, Patrick (NSOC-OCF}; 'Tomasz Szymanski '; 'Brian
Dennis '
Cc: ''Tim Fletcher' '; ccielab@groupstudy.com
Subject: Re: ISIS passive interface
Hello Team,
Could somebody provide an example of when you would want to put an
interface
in passive mode under ISIS? I have not run into this situation yet. I
was
not able to access the link below.
Sincerely,
Matijevic
----- Original Message -----
From: "MMoniz" <ccie2002@tampabay.rr.com>
To: "Brown, Patrick (NSOC-OCF}" <PBrown4@chartercom.com>; "'Tomasz
Szymanski
'" <tomasz.szymanski@trecom.pl>; "'Brian Dennis '" <brian@labforge.com>
Cc: "''Tim Fletcher' '" <tim@fletchmail.net>; <ccielab@groupstudy.com>
Sent: Monday, August 04, 2003 7:48 PM
Subject: RE: ISIS passive interface
> Interesting. I did not know this but it works. I still notice however
these
> nets are not
> redistributed as usual so they must be include in the connected
> redistribution for other
> protocols.
>
> Thanks Patrick
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> Brown, Patrick (NSOC-OCF}
> Sent: Monday, August 04, 2003 6:45 PM
> To: 'Tomasz Szymanski '; 'Brian Dennis '
> Cc: ''Tim Fletcher' '; 'ccielab@groupstudy.com '
> Subject: RE: ISIS passive interface
>
>
> By putting the loopback interface in passive mode(passive interface
> loopback 0), it is automatically made apart of the ISIS routing
process.
> This is not the same for other routing protocols. You can do "ip
router
> isis" on interface to put the loopback into the ISIS process, but this
will
> waste alot of CPU processing. When putting the lo0 interface in
passive
mode
> under ISIS, you DO NOT need the "ip router isis" command on the
loopback 0
> to advertise into ISIS process.
> HTH
>
> Patrick
> -----Original Message-----
> From: Tomasz Szymanski
> To: Brian Dennis
> Cc: 'Tim Fletcher'; ccielab@groupstudy.com
> Sent: 8/4/2003 5:05 PM
> Subject: Re: ISIS passive interface
>
> Are you sure Brian?
> I don't see "ip router isis" on Loopback interface so it's not in
isis
>
> process.
>
>
> TS
>
> Brian Dennis wrote:
>
> >With IS-IS when you make the interface passive the router removes the
> >"ip router is-is" command from under the interface. So in your case
the
> >loopback is still being advertised via IS-IS.
> >
> >Brian Dennis, CCIE #2210 (R&S/ISP Dial/Security)
> >brian@labforge.com
> >http://www.labforge.com
> >
> >-----Original Message-----
> >From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of
> >Tim Fletcher
> >Sent: Wednesday, January 29, 2003 11:53 AM
> >To: ccielab@groupstudy.com
> >Subject: ISIS passive interface
> >
> >Hi all,
> >
>
>http://www.cisco.com/en/US/tech/tk472/tk474/technologies_configuration_
> e
> >xample09186a0080093f38.shtml
> >shows the following config:
> >
> >interface Loopback0
> >ip address 172.16.1.1 255.255.255.255
> >!--- Creates loopback interface and assigns
> >!--- IP address to interface Loopback0.
> >!
> >interface Ethernet0
> >ip address 172.16.12.1 255.255.255.0
> >ip router isis
> >
> >!--- Assigns IP address to interface Ethernet0
> >!--- and enables IS-IS for IP on the interface.
> >!
> >router isis
> >passive-interface Loopback0
> >net 49.0001.1720.1600.1001.00
> >!
> >!--- Enables the IS-IS process on the router,
> >!--- makes loopback interface passive
> >!--- (does not send IS-IS packets on interface),
> >!--- and assigns area and system ID to router.
> >
> >My question is why would you need the passive-interface Lo0 command
> >under
> >the ISIS config, when ISIS is not configured on Lo0? Isn't this
> >redundant?
> >
> >-Tim Fletcher
> >.
> >.
>
>
>
This archive was generated by hypermail 2.1.4 : Tue Sep 02 2003 - 18:53:53 GMT-3