Troubleshoot Passive Interfaces

Passive interfaces are used to disable neighbor adjacencies on an interface. When a command is issued on an interface you are instructing the interface to not participate in the routing protocol. You would want this to happen if there are no downstream routers that need to learn about the upstream networks. It is a way of putting the router into a listen-only mode. The router still listens to and takes action on network changes but it will not actively tell the rest of the routers on the network about what is happening to downstream routers (if there are any). It still advertises the network(s) that it has.

This is also used as security from anyone attaching a rogue router downstream and connecting to the OSPF process and causing damage to the network.

If an interface is programmed to be passive then it will never form an adjacency with a neighbor, even if the neighbor command is used to statically define a neighbor as working from the interface that had been previously configured as passive.

RIP behaves differently to EIGRP and OSPF when it comes to passive interfaces:

RIP does not send updates out of the passive-interface, but it still receives on the passive-interface*.

*The problem this could cause is that a rogue router could send strange routes to the router. The router would not then send those out to anyone else but it is enough that it could affect one router

EIGRP and OSPF will not send or receive from/to the passive-interface.

OSPF will flag the network as a stub.

To show all the passive interfaces on a router you should use the  command:   show ip protocols

A common mistake regarding passive-interfaces is when a routing protocol is configured with passive-interfaces as a default, where that is the case you need to change the interface to not be passive with the command   passive-interface    to enliven it and allow it to participate in the routing protocol

