How to Configure RIP Passive Interface

August 27, 2019

By default, Routing Information Protocol (RIP) sends its routing table updates on all interfaces on which Routing Information Protocol (RIP) is enabled every 30 seconds. However, RIP updates must only be sent to interfaces connecting to other RIP-enabled routers. This required us to stop sending an update on interfaces where not needed. The passive-interface can stop sending updates where not needed. Sending out un-needed updates on all interfaces affects the network in the following ways:

Security Risk—Advertising routing table updates in the form of broadcasting is a security risk. Anyone can intercept the routing table updates using packet sniffing tools and software. So, the attacker can use routing table updates to corrupt the routing table with false metrics and route the traffic to the wrong path.
Wasted Resources–All network devices received the routing table update, and they processed the update, which wasted the network devices’ resources.
Wasted Bandwidth—An unnecessary update is broadcast to each device on the network, consuming the link’s bandwidth and causing bandwidth waste.

To overcome all the above-mentioned problems, we can use the passive-interface command. The passive interface prevents the transmission of routing updates through a router-specific interface. The command stops broadcasting routing table updates to the specified interface where they are not needed.

Configurations of Passive-interfaces and verify the interface

Referring to the reference topology, there is no need for Router0 to forward RIP updates to the LAN interface. However, Router0 is sending RIP updates to all computers on the LAN. We can verify this by enabling a debug on Router0 using the <debug ip rip> command in privileged exec mode. We can verify the interface passive configuration using the show ip protocol command.

ScreenShot20240607at124347AM NetworkUstad

So, we need to configure the fast Ethernet 0/0 interface connected to the LAN as a passive interface. The process to configure the passive-interface is as follows:

Router0>enable
Router0#config terminal
Router0(config)#router rip
Router0(config-router)#passive-interface FastEthernet 0/1

We can also configure the passive-interface for all dynamic protocols. If we want to cancel the passive-interface configuration from any interface, we can use no passive-interface <interface-Id> command. We can also use the passive-interface default command to configure all interfaces as passive.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

How to Configure RIP Passive Interface

Configurations of Passive-interfaces and verify the interface

Asad Ijaz