RE: distribute-list under router eigrp (long)

From: Erick B. (erickbe@xxxxxxxxx)
Date: Sat Mar 16 2002 - 18:38:19 GMT-3

• Next message: Chuck Church: "RE: NMC1 CLass"
• Previous message: Lupi, Guy: "DLSW and Token Ring"
• Maybe in reply to: ying chang: "distribute-list under router eigrp (long)"
• Next in thread: ying chang: "RE: distribute-list under router eigrp (long)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
You could also use the EIGRP stub receive-only option,
depending on the network layout/design. This would
cause the stub router to receive routes only and not
send any.

--- "Lupi, Guy" <Guy.Lupi@eurekaggn.com> wrote:
> I think there is a misunderstanding. The link
> states in the first
> paragraph:
>
> On most protocols, passive interface stops the
> router from sending updates
> to a particular neighbor, but continues to listen
> and use routing updates
> from that neighbor.
> (I believe here they are indicating distance vector
> protocols, see snip
> below from another link)
>
> For RIP and IGRP, the passive interface command
> stops the router from
> sending updates to a particular neighbor, but the
> router continues to listen
> and use routing updates from that neighbor; however,
> on EIGRP, the passive
> interface command affects the protocol differently,
> as explained in How Does
> the Passive Interface Feature Work in EIGRP?
>
> (Then at the bottom of your link, they state the
> following)
>
> To achieve the COMMON EFFECT (the same effect as
> passive interface in rip or
> igrp as stated in the first paragraph) of passive
> interface with EIGRP, use
> the distribute-list command
>
> So I believe what they are trying to say is, if you
> want EIGRP to behave as
> other distance vector protocols, use the distribute
> list out command
> specified, which does make it behave like rip and
> igrp when using passive
> interface, because the router on which the
> distribute list is specified will
> still listen to inbound updates because there is no
> inbound distribute list,
> but it will not send any updates because the
> outbound distribute list denies
> everything. It will still see the neighbor though.
> HTH.
>
> Guy
>
>
> ~-----Original Message-----
> ~From: ying chang [mailto:ying_c@hotmail.com]
> ~Sent: Saturday, March 16, 2002 1:05 PM
> ~To: ccielab@groupstudy.com
> ~Subject: distribute-list under router eigrp (long)
> ~
> ~
> ~I'm doing an excercise from
> ~
> ~http://www.cisco.com/warp/public/103/16.html
> ~
> ~which basically said passive-interface will prevent
> eigrp
> ~routers to form neighbors, in order to get the same
> effect from
> ~"passive-interface", use the "distribute-list out".
> Everything
> ~works as it
> ~said, but here are a few things I don't understand:
> ~
> ~Below is my topology, everything is applied to R2
> ~
> ~R2<------eigrp----->R6
> ~
> ~I use "access-list 22 deny any" on R2 which would
> deny everything.
> ~
> ~1. R2's distribute-list out will preventing hello
> to R6, since
> ~R6 could not
> ~receive the hello packets, isn't R6 not be able to
> form
> ~neighbor with R6?
> ~What I saw is R6 still form neighbors with R2.
> ~
> ~2. I added distribute-list in on R2, which I was
> hoping to
> ~achive the same
> ~result as passive-interface. The result is the
> distribute-list
> ~block the
> ~hello, but R2 and R6 form neighbors.
> ~
> ~3. I then have both distribute-list in and
> distribute-list out
> ~on R2 to
> ~block everything. Well, I still got the samething.
> They formed
> ~neighbors
> ~even I could not see any hello packets from "debug
> eigrp packet hello".
> ~
> ~4. I then have distribute-list on both R2 and R6
> but got the
> ~same result as
> ~above. At this point, I'm compltely lost.
> ~
> ~Configs and output are at the end of the message.
> ~
> ~Thanks,
> ~Chang
>
~----------------------------------------------------
> ~No passive interface, no distribute-list =>
> neighbors OK
> ~
> ~R2:
> ~interface Serial1
> ~ip address 10.1.1.2 255.255.255.0
> ~clockrate 2000000
> ~
> ~router eigrp 100
> ~network 10.0.0.0
> ~auto-summary
> ~no eigrp log-neighbor-changes
> ~!
> ~
> ~R6:
> ~
> ~interface Serial1
> ~ip address 10.1.1.6 255.255.255.0
> ~router eigrp 100
> ~network 10.0.0.0
> ~auto-summary
> ~no eigrp log-neighbor-changes
> ~!
> ~
> ~r6#sh ip eigrp nei
> ~IP-EIGRP neighbors for process 100
> ~H Address Interface Hold Uptime
> SRTT
> ~RTO Q Seq
> ~Type
> ~ (sec)
> (ms)
> ~ Cnt Num
> ~0 10.1.1.2 Se1 13
> 00:03:06 536 3216 0 1
> ~
> ~---------------------------------------------------
> ~Passive interface => no neighbors as expected
> ~r2#ct
> ~Enter configuration commands, one per line. End
> with CNTL/Z.
> ~r2(config)#router eigrp 100
> ~r2(config-router)#passive s1
> ~r2(config-router)#^Z
> ~r2#
> ~01:19:25: %SYS-5-CONFIG_I: Configured from console
> by console
> ~r2#sh ip eigrp nei
> ~IP-EIGRP neighbors for process 100
> ~r6#sh ip eigrp nei
> ~IP-EIGRP neighbors for process 100
> ~r6#
> ~
> ~---------------------------------------------------
> ~No passive interface, access-list out, neighbors OK
> as
> ~expected on r2 but I
> ~don't understand why r6 can form neighbor with r2.
> ~
> ~r2(config)#router eigrp 100
> ~r2(config-router)#no passive s1
> ~r2(config-router)#distribute-list 22 out s1
> ~r2(config-router)#exit
> ~r2(config)#access-list 22 deny any
> ~r2(config)#^Z
> ~r2#
> ~01:24:03: %SYS-5-CONFIG_I: Configured from console
> by console
> ~r2#sh ip eigrp nei
> ~IP-EIGRP neighbors for process 100
> ~H Address Interface Hold Uptime
> SRTT
> ~RTO Q Seq
> ~Type
> ~ (sec)
> (ms)
> ~ Cnt Num
> ~0 10.1.1.6 Se1 11
> 00:00:03 1 3000 1 0
> ~r2#
> ~
> ~r6#sh ip eigrp nei
> ~IP-EIGRP neighbors for process 100
> ~H Address Interface Hold Uptime
> SRTT
> ~RTO Q Seq
> ~Type
> ~ (sec)
> (ms)
> ~ Cnt Num
> ~0 10.1.1.2 Se1 13
> 00:03:54 1440 5000 0 4
>
~---------------------------------------------------------
> ~No passive interface, apply access-list in and
> access-list
> ~out. completely
> ~lost why it did not stop neighboring as there are
> no hello
> ~packets coming in
> ~or going out.
> ~
> ~r2(config)#router eigrp 100
> ~r2(config-router)#distribute-list 22 in s1
> ~r2(config-router)#^Z
> ~r2#
> ~r2#clear ip eigrp nei 10.1.1.6
> ~r2#sh ip eigrp nei
> ~IP-EIGRP neighbors for process 100
> ~H Address Interface Hold Uptime
> SRTT
> ~RTO Q Seq
> ~Type
> ~ (sec)
> (ms)
> ~ Cnt Num
> ~0 10.1.1.6 Se1 14
> 00:00:00 1 2000 1 0
> ~
> ~r2#debug eigrp packet hello
> ~EIGRP Packets debugging is on
> ~ (HELLO)
> ~r2#clear ip eigrp nei
> ~r2#sh ip eigrp nei
> ~IP-EIGRP neighbors for process 100
> ~H Address Interface Hold Uptime
> SRTT
> ~RTO Q Seq
> ~Type
> ~ (sec)
> (ms)
> ~ Cnt Num
> ~0 10.1.1.6 Se1 12
> 00:00:10 1 4500 0 7
> ~r2#

• Next message: Chuck Church: "RE: NMC1 CLass"
• Previous message: Lupi, Guy: "DLSW and Token Ring"
• Maybe in reply to: ying chang: "distribute-list under router eigrp (long)"
• Next in thread: ying chang: "RE: distribute-list under router eigrp (long)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:57:11 GMT-3