In this Cisco CCNA training tutorial, you’ll learn about Cisco adjacencies and passive interfaces, which help control which routing information is shared between routers. Scroll down for the video and also text tutorial.
Cisco Adjacencies and Passive Interfaces Video Tutorial
Puskar Raj Pandey
I took the CCNA exam two days ago and passed on my first attempt. It wouldn’t have been possible without your course, exam preparation tips, and suggestions. I am really thankful and appreciative for all these.
Adjacencies
Our interior gateway routing protocols, RIP, EIGRP, and OSPF, are configured under global configuration mode. They are either enabled or not on the router's individual interfaces.
When the routing protocol is enabled on an interface, the router will look for other devices that are directly connected to it. These must be running the same routing protocol in order to peer with them.
The router does this by sending out and listening for hello packets for that particular routing protocol. When a matching peer is found, the routers form an adjacency with each other and they exchange routing updates with one another.
Modern routing protocols use multicast for the hello packets. This is more efficient than the broadcast that was used by earlier protocols like RIP version 1.
Multicast is specific to the particular routing protocol. A device is only going to process that packet if it's interested in forming an adjacency with that routing protocol. Unlike in broadcast traffic that has to be pushed by all hosts, multicast is more efficient.
Adjacency Example
As an example, we've got router R1 in the middle of RA, RB, and RC. On R1, we have a loopback configured with an IP address of 192.168.1.1/32. The IP subnets configured on the interfaces that are enabled for routing protocol will be included in its routing protocol updates.
For example, R1 has a routing protocol enabled on the Loopback0 interface and on the interfaces FastEthernet0/0 and FastEthernet1/0, but it is not enabled on FastEthernet2/0.
The reason we've done that is, RC belongs to a partner organization. We do need connectivity to them but we don't want to be sending internal network information to them, which would be a security issue.
R1 will send out and listen for hello packets on the Loopback0 interface and on the FastEthernet0/0 and FastEthernet1/0 interfaces. These interfaces are the ones that have enabled routing protocols. R1 will then form adjacencies with any routers which are running the same routing protocol that is found on those links.
We have also enabled the routing protocol on RA and RB, specifically on the interfaces that are facing R1. The routers will be able to discover each other through the hello packets. Then, they will form an adjacency and share routing updates with one another.
R1 will not send out or listen for hello packets on FastEthernet2/0 because we didn't enable the routing protocol on that interface. R1 will not form an adjacency with RC and it will not be giving out any network information to RC.
In our example, RC is a partner. We need to have connectivity with them but we're not going to give them our internal information. In that case, we could use static routes between us and them, just to give very limited connectivity.
R1 will advertise its IP subnets to routers RA and RB because it formed adjacencies with them. It will advertise the 10.0.0.0/24 subnet, 10.0.1.0/24, and 192.168.1.1/32 loopback, but it will not advertise 10.0.0/24 because that interface was not included in the routing protocol.
When you enable a routing protocol globally and you enable it on an interface, the router will try to form an adjacency on that interface by sending out hello packets. It will also advertise the subnet on that interface as well.
But, if an interface is not included in the routing protocol, then the router won't send hello packets out there. It won't advertise the subnet configured on that link to other routers either.
In our scenario, we're not going to be sending information to RC. RA and RB will not learn routes to 10.0.0/24 as well because we didn't include them in the routing protocol.
Passive Interfaces
Now, what if we do actually need our RA and RB to learn a route to get to 10.0.2.0/24? That's where passive interfaces come in.
Passive interfaces allow you to include an IP subnet in the routing protocol without sending updates out of the interface. If FastEthernet2/0 is configured as a passive interface, RA and RB will learn routes to 10.0.2.0/24. Still, the internal network information will not be sent out to RC.
It's best to practice to configure your loopback interfaces as passive interfaces always. This has nothing to do with giving out network information, however, it is because it's impossible to form an adjacency on a loopback interface.
It's impossible for another router to be directly connected to the loopback interface because it's not a physical interface, it's logical. There is no way that we're going to ever form an adjacency on a loopback.
Making the loopback passive means that it will be advertised by the routing protocol. We want other routers to learn how to get to the loopback, but we don't want to waste resources by sending out and listening for hello packets. We already know that there's never going to be another router connected to that link.
To makes things more efficient, always make your loopbacks in the passive interface.
Passive Interface Use Cases
To summarize the use cases for the passive interfaces, these are used on our loopback interfaces and also on our physical interfaces. We don't want to send routing information to another organization or out to the device on the other side but we do want our other internal devices to know about the link.
That was the theory for our passive interfaces. Let’s configure them in the lab.
Cisco Adjacencies and Passive Interfaces Configuration Example
This configuration example is taken from my free ‘Cisco CCNA Lab Guide’ which includes over 350 pages of lab exercises and full instructions to set up the lab for free on your laptop.
Click here to download your free Cisco CCNA Lab Guide.
- Enter the command below to verify that R1 has established EIGRP adjacencies with R2 and R5.
R1#show ip eigrp neighbors
EIGRP-IPv4 Neighbors for process 100
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
1 10.0.3.2 Fa1/1 14 00:17:21 33 198 0 16
0 10.0.0.2 Fa0/0 11 00:19:21 36 216 0 32
2. Verify that traffic from R5 to the directly connected interfaces on R1 goes via the FastEthernet 0/1 interface.
R5#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 12 subnets, 3 masks
S 10.0.0.0/16 [95/0] via 10.0.3.1
D 10.0.0.0/24 [90/261120] via 10.0.3.1, 00:07:30, FastEthernet0/1
D 10.0.1.0/24 [90/261120] via 10.0.3.1, 00:07:30, FastEthernet0/1
D 10.0.2.0/24 [90/261120] via 10.0.3.1, 00:07:30, FastEthernet0/1
C 10.0.3.0/24 is directly connected, FastEthernet0/1
L 10.0.3.2/32 is directly connected, FastEthernet0/1
S 10.1.0.0/16 [95/0] via 10.1.3.1
D 10.1.0.0/24 [90/263680] via 10.0.3.1, 00:07:30, FastEthernet0/1
[90/263680] via 10.1.3.1, 00:07:30, FastEthernet0/0
D 10.1.1.0/24 [90/261120] via 10.1.3.1, 00:07:30, FastEthernet0/0
D 10.1.2.0/24 [90/261120] via 10.1.3.1, 00:07:30, FastEthernet0/0
C 10.1.3.0/24 is directly connected, FastEthernet0/0
L 10.1.3.2/32 is directly connected, FastEthernet0/0
192.168.0.0/32 is subnetted, 5 subnets
D 192.168.0.1/32 [90/386560] via 10.0.3.1, 00:03:37, FastEthernet0/1
D 192.168.0.2/32 [90/389120] via 10.0.3.1, 00:03:32, FastEthernet0/1
D 192.168.0.3/32 [90/389120] via 10.1.3.1, 00:03:29, FastEthernet0/0
D 192.168.0.4/32 [90/386560] via 10.1.3.1, 00:03:26, FastEthernet0/0
C 192.168.0.5/32 is directly connected, Loopback0
3. Enter the commands below to configure the loopback interface and the link to R5 as passive interfaces on R1.
R1(config-if)#router eigrp 100
R1(config-router)#passive-interface loopback0
R1(config-router)#passive-interface fastethernet1/1
4. What changes do you expect to see in the routing table on R5 and why?
The EIGRP adjacency between R1 and R5 will go down. All EIGRP routes via R1 will be removed from the routing table and replaced with routes via R4.
Configuring the loopback interface as a passive interface on R1 does not affect any routing tables but is a best practice.
R1(config-router)#
%DUAL-5-NBRCHANGE: IP-EIGRP 100: Neighbor 10.0.3.2 (FastEthernet1/1) is down: holding time expired
5. Verify the expected changes to the routing table on R5.
R5#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 12 subnets, 3 masks
S 10.0.0.0/16 [95/0] via 10.0.3.1
D 10.0.0.0/24 [90/266240] via 10.1.3.1, 00:13:54, FastEthernet0/0
D 10.0.1.0/24 [90/268800] via 10.1.3.1, 00:13:54, FastEthernet0/0
D 10.0.2.0/24 [90/268800] via 10.1.3.1, 00:13:54, FastEthernet0/0
C 10.0.3.0/24 is directly connected, FastEthernet0/1
L 10.0.3.2/32 is directly connected, FastEthernet0/1
S 10.1.0.0/16 [95/0] via 10.1.3.1
D 10.1.0.0/24 [90/263680] via 10.1.3.1, 00:13:54, FastEthernet0/0
D 10.1.1.0/24 [90/261120] via 10.1.3.1, 00:13:54, FastEthernet0/0
D 10.1.2.0/24 [90/261120] via 10.1.3.1, 00:13:54, FastEthernet0/0
C 10.1.3.0/24 is directly connected, FastEthernet0/0
L 10.1.3.2/32 is directly connected, FastEthernet0/0
192.168.0.0/32 is subnetted, 5 subnets
D 192.168.0.1/32 [90/394240] via 10.1.3.1, 00:10:01, FastEthernet0/0
D 192.168.0.2/32 [90/391680] via 10.1.3.1, 00:09:56, FastEthernet0/0
D 192.168.0.3/32 [90/389120] via 10.1.3.1, 00:09:53, FastEthernet0/0
D 192.168.0.4/32 [90/386560] via 10.1.3.1, 00:09:50, FastEthernet0/0
C 192.168.0.5/32 is directly connected, Loopback0
Additional Resources
Routing protocol adjacencies: https://community.cisco.com/t5/switching/neigbourship-and-adjacency/td-p/3065475
Passive interfaces: https://networklessons.com/cisco/ccna-routing-switching-icnd1-100-105/rip-passive-interface