Passive interface
A passive interface is one that does not send out any routing protocol updates when a routing protocol is configured on a router. The behavior is slightly different for each protocol:
- EIGRP - The interface does not send out any EIGRP packets (hello, updates, acknowledgments) and does not respond to any received EIGRP packets.
- OSPF - The interface does not send out any OSPF packets (hello, updates, acknowledgments) and does not respond to any received OSPF packets.
- RIP - The interface does not send out any RIP updates but does accept and process RIP updates.
- IS-IS - The interface does not send out any IS-IS packets (hello, link-state PDUs) and does not respond to any received IS-IS packets.
Note:
- The network on a passive interface will still be advertised if so configured by the routing protocol.
- BGP does not support the concept of a passive interface, since neighbors are statically configured and are not dynamically learned. If you want to suppress BGP communication, simply don't configure a BGP peering.
The benefits of configuring a passive interface include:
- Save on bandwidth and CPU usage by eliminating the need to send routing protocol packets to a network segment from which you will never get any replies.
- Mitigates against malicious users on that particular subnet that may masquerade as a router, creating an adjacency and manipulating the routing of the network.
Links
https://networklessons.com/ospf/ospf-passive-interface
https://networklessons.com/cisco/ccna-200-301//rip-passive-interface