the 10.3.1.0 network. Other similar access-list statements permit the other internal native RIP networks. Notice that both of the redistributing routers are configured to assign an administrative distance of 125 to OSPF routes that are advertised for the networks that are listed in ACL 64. ACL 64 has permit statements for the internal native RIP networks of 10.3.1.0, 10.3.2.0, and 10.3.3.0, as well as the loopback networks of 10.200.200.31, 10.200.200.32, 10.200.200.33, and 10.200.200.34. When either one of the redistributing routers learns about these networks from RIP, it selects the routes learned from RIP (with a lower administrative distance of 120) over the same routes learned from OSPF (with an administrative distance of 125), and puts only the RIP routes in the routing table. The distance command is part of the OSPF routing process configuration because the administrative distance should be changed for these routes when they are advertised by OSPF, not by RIP. You need to configure the distance command on both redistributing routers because either one can have suboptimal routes, depending on which redistributing router sends the OSPF updates about the RIP networks to the other redistributing router first. The output in Figure displays that router P3R2 now retains the more direct paths to the internal networks by learning them from RIP. However, some routing information is lost with this configuration. For example, depending on the actual bandwidth, the OSPF path may have been better for the 10.3.1.0 network. It may have made sense not to include 10.3.1.0 in the ACL. This example illustrates the importance of knowing your network before you implement redistribution and of closely examining which routes the routers are selecting after redistribution is enabled. Pay particular attention to routers that can select from a number of possible redundant paths to a network, because they are more likely to select suboptimal paths. The most important feature of using administrative distance to control route preference is that no path information will be lost. The OSPF information still exists in the OSPF database. If the primary path is lost, the OSPF path can reassert itself, and the router maintains connectivity with those networks.
Content 5.3 Controlling Routing Update Traffic 5.3.1 Controlling Routing Updates Cisco IOS offers various techniques to control routing updates. Some of these methods include configuring the following: There is no one type of route filter that is appropriate for every situation. Therefore, the more techniques that you have at your disposal, the better your chance is of having your network run smoothly. Web Links Filtering Routes
http://www.cisco.com/en/US/tech/tk365/
technologies_tech_note09186a0080208748.shtml
Content 5.3 Controlling Routing Update Traffic 5.3.2 Passive Interfaces In Figure , the router configuration mode command network 10.0.0.0 enables RIP on all interfaces. Therefore interfaces E0, E1, S0, and S1 are all participating in the exchange of routing information. However, sending updates out E0 is a waste of resources, since no other routers on the 10.4.4.0 subnetwork can receive the updates. Meanwhile, sending updates creates a slight overhead and may cause a potential security risk. A malicious user could use a packet sniffer to capture routing updates and glean key network information. A passive interface essentially makes a router a silent host on a network. Identifying an interface as passive prevents routing updates for a routing protocol from being sent through a router interface. You can use the passive-interface command with most IP interior gateway protocols, including RIP, EIGRP, OSPF, and IS-IS. To configure a passive interface, use the following procedure: Step 1 Select the router and routing protocol that requires the passive interface. Step 2 Determine the interfaces through which you do not want routing update traffic (or hellos for link-state routing protocols and EIGRP) to be sent. Step 3 Configure the router using the passive-interface command. Figure displays the command parameters. Figure displays the RIP configuration required to configure interface E0 as passive. E0 now receives updates, but does not send them. The behavior of the passive-interface command varies between routing protocols. When it is configured in RIP, routing updates are not forwarded out the specified interface, but the router still receives routing updates from that interface. When configured in EIGRP, hello messages are not sent out the specified interface. Neighboring router relationships are not formed with other routers that are reachable through that interface. If another EIGRP router is not found on an interface, no other EIGRP traffic is sent. Using the passive-interface command on a router running a link-state routing protocol also prevents the router from establishing neighboring router adjacencies with other routers that are connected to the link that is specified in the command. The router does not send hellos to the specified interface. Therefore, you cannot establish neighbor adjacencies, because the hello protocol verifies bidirectional communication between routers. Specifically, in OSPF, the interface address you specify as passive appears as a stub network in the OSPF domain. OSPF routing information is neither sent nor received through the specified router interface. In IS-IS, the specified IP addresses are advertised without actually running IS-IS on those interfaces. Figure summarizes the behavior of the passive interface feature with common IGPs. Web Links Default Passive Interface
http://www.cisco.com/en/US/products/sw/iosswrel/
ps1830/products_feature_guide09186a008008784e.html
Content 5.3 Controlling Routing Update Traffic 5.3.3 Passive Interface Considerations With Internet service providers (ISPs) and large enterprise networks, many of the distribution routers have more than 200 interfaces. Prior to the introduction of the passive interface default feature in Cisco IOS Software Release 12.0, the solution to the numerous interface problems was to configure the routing protocol on all interfaces and manually set the passive-interface command on the interfaces where you did not require adjacency. In some cases, this meant entering 200 or more passive-interface statements. To solve this configuration scalability, the passive-interface default command can be used to set all interfaces to passive. You can then enable routing on individual interfaces where you require adjacencies using the no passive-interface command. In Figure , routers A and B are running RIP, and have a network statement that encompasses all their interfaces; however, you want to run RIP on the link between router A and router B only. Router A has several interfaces. The passive-interface default command was used to set all interfaces to passive, and then the no passive-interface command was used to enable the one interface from which RIP updates are desired. Router B has only two interfaces, so the passive-interface command was used for the one interface that is not to participate in RIP routing. It is important to understand how this configuration