EIGRP, Want to prevent any EIGRP traffic to a interface

EIGRP, Want to prevent any EIGRP traffic to a interface

NewsGroups | Search | Tools
 comp.dcom.sys.cisco  Post an article  get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content  add this group's latest topics to your Google content  YahooMyWeb Yahoo!  Google Google  Windows Live Favorites Windows Live  del.icio.us del.icio.us  digg digg  Add to Netscape Netscape
Subject Author Date
EIGRP, Want to prevent any EIGRP traffic to a interface BG 01-23-2006
Posted by BG on January 23, 2006, 11:58 am
If you were  Registered and logged in, you could reply and use other advanced thread options
I have several DSL access routers (7206VXR's) that customers dsl
connections terminate on. These routers all have connections back to
our core router (also 7206VXR).
I'm running EIGRP between the DSL routers and the core router.
(thus when a customer comes online with an ip, EIGRP on the dsl router
talks to our core, and core knows where to route for that ip)

My issue is, I do not want any EIGRP info flowing out to our DSL
customers. I have tried using the passive-interface on the DSL
routers, but customers are telling me they are still seeing EIGRP info
on their end.

Do I need to be using an access list on the customer interface side of
the DSL access routers? or should the passive-interface be doing the
job.

EIGRP config from 1 of the dsl routers:

router eigrp 10
redistribute static
passive-interface FastEthernet1/0 (this int goes to dsl customers)
network a.b.c.d
network a.b.c.e
no auto-summary
neighbour x.x.x.x FastEthernet0/0 (this int goes to core router)


NMFall 20%
Posted by Leigh on January 23, 2006, 3:27 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Hey there,

The passive interface should do the job.

Try something along the lines of:-

access-list 101 deny eigrp any any
access-list 101 permit ip any any

Put that outbound on the interface as well as the passive interface and
do a sh access-list to see if there are any hits on the access-list.

Passive interface should do the trick though...

LH
CCIE#15331

BG wrote:
> I have several DSL access routers (7206VXR's) that customers dsl
> connections terminate on. These routers all have connections back to
> our core router (also 7206VXR).
> I'm running EIGRP between the DSL routers and the core router.
> (thus when a customer comes online with an ip, EIGRP on the dsl router
> talks to our core, and core knows where to route for that ip)
>
> My issue is, I do not want any EIGRP info flowing out to our DSL
> customers. I have tried using the passive-interface on the DSL
> routers, but customers are telling me they are still seeing EIGRP info
> on their end.
>
> Do I need to be using an access list on the customer interface side of
> the DSL access routers? or should the passive-interface be doing the
> job.
>
> EIGRP config from 1 of the dsl routers:
>
> router eigrp 10
> redistribute static
> passive-interface FastEthernet1/0 (this int goes to dsl customers)
> network a.b.c.d
> network a.b.c.e
> no auto-summary
> neighbour x.x.x.x FastEthernet0/0 (this int goes to core router)
>

Posted by Horst Wagner on February 9, 2006, 6:49 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Hi ,
use a distribute-list under router eigrp on your central with an access-list
denying everything.
Example:
router eigrp 10
distribute list 1 out fastethernet 1/0
!
access-list 1 deny any
!
good luck
Horst

Horst Wagner
(CCIE# 7975, CCSI# 20806}

Konkret Netzprojekte GmbH Friedrich Mohr Str. 14
56070 Koblenz
Germany
Tel: +49 261 80091 0
Fax: +49 261 80091 49
Email: horst.wagner@netzprojekte.de
Web: www.netzprojekte.de

Posted by Merv on February 9, 2006, 3:05 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

For ISP access routers you may wish to configure "passive-interface
default" under the EIGRP routing process and then configure no
passive-interfacefor the links back to the core.

While you did not mention it, you would also want to disable CDP on
customer facing interfces


Similar ThreadsPosted
How to prevent propagation of a static default route in EIGRP June 24, 2005, 10:54 am
EIGRP, GRE and MTU December 17, 2004, 10:41 pm
CEF and EIGRP April 4, 2005, 7:03 am
EIGRP and VRF March 29, 2006, 3:30 pm
EIGRP Help April 7, 2006, 10:36 am
BGP and EIGRP April 21, 2008, 5:13 am
bgp redistribution into Eigrp November 22, 2004, 8:29 pm
OSPF vs. EIGRP April 1, 2005, 12:57 pm
DSL, T1, GRE, EIGRP Failover July 5, 2005, 8:39 am
EIGRP and OSPF July 24, 2005, 11:42 pm

other useful resources:
The Federal Communications Commission (FCC)
Telecommunications Industry Association
Electronic and Software Security Products and Services
International Telecommunication Union

Custom CGI Perl and PHP programming by 1-Script.com

Contact Us | Privacy Policy
The site map in XML format XML site map