From: Lupi, Guy (Guy.Lupi@xxxxxxxxxxxxx)
Date: Sat Mar 16 2002 - 15:36:23 GMT-3
I think there is a misunderstanding. The link states in the first
paragraph:
On most protocols, passive interface stops the router from sending updates
to a particular neighbor, but continues to listen and use routing updates
from that neighbor.
(I believe here they are indicating distance vector protocols, see snip
below from another link)
For RIP and IGRP, the passive interface command stops the router from
sending updates to a particular neighbor, but the router continues to listen
and use routing updates from that neighbor; however, on EIGRP, the passive
interface command affects the protocol differently, as explained in How Does
the Passive Interface Feature Work in EIGRP?
(Then at the bottom of your link, they state the following)
To achieve the COMMON EFFECT (the same effect as passive interface in rip or
igrp as stated in the first paragraph) of passive interface with EIGRP, use
the distribute-list command
So I believe what they are trying to say is, if you want EIGRP to behave as
other distance vector protocols, use the distribute list out command
specified, which does make it behave like rip and igrp when using passive
interface, because the router on which the distribute list is specified will
still listen to inbound updates because there is no inbound distribute list,
but it will not send any updates because the outbound distribute list denies
everything. It will still see the neighbor though. HTH.
Guy
~-----Original Message-----
~From: ying chang [mailto:ying_c@hotmail.com]
~Sent: Saturday, March 16, 2002 1:05 PM
~To: ccielab@groupstudy.com
~Subject: distribute-list under router eigrp (long)
~
~
~I'm doing an excercise from
~
~http://www.cisco.com/warp/public/103/16.html
~
~which basically said passive-interface will prevent eigrp
~routers to form neighbors, in order to get the same effect from
~"passive-interface", use the "distribute-list out". Everything
~works as it
~said, but here are a few things I don't understand:
~
~Below is my topology, everything is applied to R2
~
~R2<------eigrp----->R6
~
~I use "access-list 22 deny any" on R2 which would deny everything.
~
~1. R2's distribute-list out will preventing hello to R6, since
~R6 could not
~receive the hello packets, isn't R6 not be able to form
~neighbor with R6?
~What I saw is R6 still form neighbors with R2.
~
~2. I added distribute-list in on R2, which I was hoping to
~achive the same
~result as passive-interface. The result is the distribute-list
~block the
~hello, but R2 and R6 form neighbors.
~
~3. I then have both distribute-list in and distribute-list out
~on R2 to
~block everything. Well, I still got the samething. They formed
~neighbors
~even I could not see any hello packets from "debug eigrp packet hello".
~
~4. I then have distribute-list on both R2 and R6 but got the
~same result as
~above. At this point, I'm compltely lost.
~
~Configs and output are at the end of the message.
~
~Thanks,
~Chang
~----------------------------------------------------
~No passive interface, no distribute-list => neighbors OK
~
~R2:
~interface Serial1
~ip address 10.1.1.2 255.255.255.0
~clockrate 2000000
~
~router eigrp 100
~network 10.0.0.0
~auto-summary
~no eigrp log-neighbor-changes
~!
~
~R6:
~
~interface Serial1
~ip address 10.1.1.6 255.255.255.0
~router eigrp 100
~network 10.0.0.0
~auto-summary
~no eigrp log-neighbor-changes
~!
~
~r6#sh ip eigrp nei
~IP-EIGRP neighbors for process 100
~H Address Interface Hold Uptime SRTT
~RTO Q Seq
~Type
~ (sec) (ms)
~ Cnt Num
~0 10.1.1.2 Se1 13 00:03:06 536 3216 0 1
~
~---------------------------------------------------
~Passive interface => no neighbors as expected
~r2#ct
~Enter configuration commands, one per line. End with CNTL/Z.
~r2(config)#router eigrp 100
~r2(config-router)#passive s1
~r2(config-router)#^Z
~r2#
~01:19:25: %SYS-5-CONFIG_I: Configured from console by console
~r2#sh ip eigrp nei
~IP-EIGRP neighbors for process 100
~r6#sh ip eigrp nei
~IP-EIGRP neighbors for process 100
~r6#
~
~---------------------------------------------------
~No passive interface, access-list out, neighbors OK as
~expected on r2 but I
~don't understand why r6 can form neighbor with r2.
~
~r2(config)#router eigrp 100
~r2(config-router)#no passive s1
~r2(config-router)#distribute-list 22 out s1
~r2(config-router)#exit
~r2(config)#access-list 22 deny any
~r2(config)#^Z
~r2#
~01:24:03: %SYS-5-CONFIG_I: Configured from console by console
~r2#sh ip eigrp nei
~IP-EIGRP neighbors for process 100
~H Address Interface Hold Uptime SRTT
~RTO Q Seq
~Type
~ (sec) (ms)
~ Cnt Num
~0 10.1.1.6 Se1 11 00:00:03 1 3000 1 0
~r2#
~
~r6#sh ip eigrp nei
~IP-EIGRP neighbors for process 100
~H Address Interface Hold Uptime SRTT
~RTO Q Seq
~Type
~ (sec) (ms)
~ Cnt Num
~0 10.1.1.2 Se1 13 00:03:54 1440 5000 0 4
~---------------------------------------------------------
~No passive interface, apply access-list in and access-list
~out. completely
~lost why it did not stop neighboring as there are no hello
~packets coming in
~or going out.
~
~r2(config)#router eigrp 100
~r2(config-router)#distribute-list 22 in s1
~r2(config-router)#^Z
~r2#
~r2#clear ip eigrp nei 10.1.1.6
~r2#sh ip eigrp nei
~IP-EIGRP neighbors for process 100
~H Address Interface Hold Uptime SRTT
~RTO Q Seq
~Type
~ (sec) (ms)
~ Cnt Num
~0 10.1.1.6 Se1 14 00:00:00 1 2000 1 0
~
~r2#debug eigrp packet hello
~EIGRP Packets debugging is on
~ (HELLO)
~r2#clear ip eigrp nei
~r2#sh ip eigrp nei
~IP-EIGRP neighbors for process 100
~H Address Interface Hold Uptime SRTT
~RTO Q Seq
~Type
~ (sec) (ms)
~ Cnt Num
~0 10.1.1.6 Se1 12 00:00:10 1 4500 0 7
~r2#
~
~
~
~
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:57:11 GMT-3