From: ying chang (ying_c@xxxxxxxxxxx)
Date: Sat Mar 16 2002 - 15:30:39 GMT-3
Never mind my question. Neighbors were not formed even it showed up in "show
ip eigrp neighbor" when "distribute-list" is used, which is different than
the output from "passive-interface" - neighbor is not showned unless it's a
real neighbor.
Chang
>From: "ying chang" <ying_c@hotmail.com>
>Reply-To: "ying chang" <ying_c@hotmail.com>
>To: ccielab@groupstudy.com
>Subject: distribute-list under router eigrp (long)
>Date: Sat, 16 Mar 2002 13:04:46 -0500
>
>I'm doing an excercise from
>
>http://www.cisco.com/warp/public/103/16.html
>
>which basically said passive-interface will prevent eigrp
>routers to form neighbors, in order to get the same effect from
>"passive-interface", use the "distribute-list out". Everything works as it
>said, but here are a few things I don't understand:
>
>Below is my topology, everything is applied to R2
>
>R2<------eigrp----->R6
>
>I use "access-list 22 deny any" on R2 which would deny everything.
>
>1. R2's distribute-list out will preventing hello to R6, since R6 could not
>receive the hello packets, isn't R6 not be able to form neighbor with R6?
>What I saw is R6 still form neighbors with R2.
>
>2. I added distribute-list in on R2, which I was hoping to achive the same
>result as passive-interface. The result is the distribute-list block the
>hello, but R2 and R6 form neighbors.
>
>3. I then have both distribute-list in and distribute-list out on R2 to
>block everything. Well, I still got the samething. They formed neighbors
>even I could not see any hello packets from "debug eigrp packet hello".
>
>4. I then have distribute-list on both R2 and R6 but got the same result
>as
>above. At this point, I'm compltely lost.
>
>Configs and output are at the end of the message.
>
>Thanks,
>Chang
>----------------------------------------------------
>No passive interface, no distribute-list => neighbors OK
>
>R2:
>interface Serial1
>ip address 10.1.1.2 255.255.255.0
>clockrate 2000000
>
>router eigrp 100
>network 10.0.0.0
>auto-summary
>no eigrp log-neighbor-changes
>!
>
>R6:
>
>interface Serial1
>ip address 10.1.1.6 255.255.255.0
>router eigrp 100
>network 10.0.0.0
>auto-summary
>no eigrp log-neighbor-changes
>!
>
>r6#sh ip eigrp nei
>IP-EIGRP neighbors for process 100
>H Address Interface Hold Uptime SRTT RTO Q Seq
>Type
> (sec) (ms) Cnt Num
>0 10.1.1.2 Se1 13 00:03:06 536 3216 0 1
>
>---------------------------------------------------
>Passive interface => no neighbors as expected
>r2#ct
>Enter configuration commands, one per line. End with CNTL/Z.
>r2(config)#router eigrp 100
>r2(config-router)#passive s1
>r2(config-router)#^Z
>r2#
>01:19:25: %SYS-5-CONFIG_I: Configured from console by console
>r2#sh ip eigrp nei
>IP-EIGRP neighbors for process 100
>r6#sh ip eigrp nei
>IP-EIGRP neighbors for process 100
>r6#
>
>---------------------------------------------------
>No passive interface, access-list out, neighbors OK as expected on r2 but I
>don't understand why r6 can form neighbor with r2.
>
>r2(config)#router eigrp 100
>r2(config-router)#no passive s1
>r2(config-router)#distribute-list 22 out s1
>r2(config-router)#exit
>r2(config)#access-list 22 deny any
>r2(config)#^Z
>r2#
>01:24:03: %SYS-5-CONFIG_I: Configured from console by console
>r2#sh ip eigrp nei
>IP-EIGRP neighbors for process 100
>H Address Interface Hold Uptime SRTT RTO Q Seq
>Type
> (sec) (ms) Cnt Num
>0 10.1.1.6 Se1 11 00:00:03 1 3000 1 0
>r2#
>
>r6#sh ip eigrp nei
>IP-EIGRP neighbors for process 100
>H Address Interface Hold Uptime SRTT RTO Q Seq
>Type
> (sec) (ms) Cnt Num
>0 10.1.1.2 Se1 13 00:03:54 1440 5000 0 4
>---------------------------------------------------------
>No passive interface, apply access-list in and access-list out. completely
>lost why it did not stop neighboring as there are no hello packets coming
>in
>or going out.
>
>r2(config)#router eigrp 100
>r2(config-router)#distribute-list 22 in s1
>r2(config-router)#^Z
>r2#
>r2#clear ip eigrp nei 10.1.1.6
>r2#sh ip eigrp nei
>IP-EIGRP neighbors for process 100
>H Address Interface Hold Uptime SRTT RTO Q Seq
>Type
> (sec) (ms) Cnt Num
>0 10.1.1.6 Se1 14 00:00:00 1 2000 1 0
>
>r2#debug eigrp packet hello
>EIGRP Packets debugging is on
> (HELLO)
>r2#clear ip eigrp nei
>r2#sh ip eigrp nei
>IP-EIGRP neighbors for process 100
>H Address Interface Hold Uptime SRTT RTO Q Seq
>Type
> (sec) (ms) Cnt Num
>0 10.1.1.6 Se1 12 00:00:10 1 4500 0 7
>r2#
>
>
>
>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:57:11 GMT-3