Monday, August 24, 2009

Cisco Passive Interface Address-Family Warning

When you are configuring passive interfaces for the global VRF as well as other configured address-families, there is a difference between how the 12.4/12.4T Router IOS behaves and how a 6500/3750/3560 behaves. If you don't know what a passive interface is, this post isnt for you, but here is a step in the right direction.

On Routers, passive-interface settings are shared amongst ALL ADDRESS-FAMILIES, INCLUDING GLOBAL. While on the 3560/3750/6500 etc L3 Switch IOS, the address-families each have their own unique passive interface settings.

For instance:
router eigrp 1
network 10.0.0.0
no auto-summary
passive-interface default
!
address-family ipv4 vrf VRF-A
network 10.0.0.0
no auto-summary
exit-address-family
!
address-family ipv4 vrf VRF-B
  network 10.0.0.0
  no auto-summary
exit-address-family
end


The above code snippet on a Cisco Router would cause no EIGRP neighbor relationships to form, in either VRF or the global route table. However, on a Cisco L3 switch, the passive-interface command would ONLY apply to the global route table and each VRF will not have any of its member interfaces be acting as passive.

This final code snippet is not valid on a Router IOS, but is perfectly valid(and desired) on a L3 Switch IOS, with Po1 in the global route table, Po2 in VRF-A, and Po3 in VRF-B:
router eigrp 1
network 10.0.0.0
no auto-summary
passive-interface default
no passive-interface Po1
!
address-family ipv4 vrf VRF-A
network 10.0.0.0
no auto-summary
passive-interface default
no passive-itnerface Po2
exit-address-family
!
address-family ipv4 vrf VRF-B
network 10.0.0.0
no auto-summary
passive-interface default
no passive-interface Po3
exit-address-family
end