RE: distribute-list under router eigrp (long)

From: ying chang (ying_c@xxxxxxxxxxx)
Date: Sat Mar 16 2002 - 19:19:59 GMT-3

• Next message: MADMAN: "Re: Cut and past in Hyper terminal?"
• Previous message: Chuck Church: "RE: NMC1 CLass"
• Maybe in reply to: ying chang: "distribute-list under router eigrp (long)"
• Next in thread: Sandro Ciffali: "Re: distribute-list under router eigrp (long)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Hi,

Thanks. That makes sense. When applied the following access-list r2's serial
1 inbound, I got the result I was looking for (not to let r2 and r6 to form
neighbors):

access-list 102 deny eigrp host 10.1.16 host 224.0.0.10
access-list 102 permit ip any any

What I should do earlier is to apply the filter at the interface instead
applied it to router eigrp, which like you said, it prevented the routes get
into the routing table, but it did not stop r2 and r6 to form neighbors even
"debug ip eigrp hello" did not show any hellos - the hellos can be seen from
"debug ip packet detail 102" though.

Thanks,
Chang

>From: RSiddappa@NECBNS.com
>Reply-To: RSiddappa@NECBNS.com
>To: ying_c@hotmail.com, ccielab@groupstudy.com
>Subject: RE: distribute-list under router eigrp (long)
>Date: Sat, 16 Mar 2002 16:50:15 -0200
>
>Distribute-list will deny routing updates not the eigrp packets.
>
>Passive interface will dney your EIGRP packes.
>
>hope this helps.
>
>R.
>
>
>
>-----Original Message-----
>From: ying chang [mailto:ying_c@hotmail.com]
>Sent: Saturday, March 16, 2002 12:05 PM
>To: ccielab@groupstudy.com
>Subject: distribute-list under router eigrp (long)
>
>
>I'm doing an excercise from
>
>http://www.cisco.com/warp/public/103/16.html
>
>which basically said passive-interface will prevent eigrp
>routers to form neighbors, in order to get the same effect from
>"passive-interface", use the "distribute-list out". Everything works as it
>said, but here are a few things I don't understand:
>
>Below is my topology, everything is applied to R2
>
>R2<------eigrp----->R6
>
>I use "access-list 22 deny any" on R2 which would deny everything.
>
>1. R2's distribute-list out will preventing hello to R6, since R6 could not
>receive the hello packets, isn't R6 not be able to form neighbor with R6?
>What I saw is R6 still form neighbors with R2.
>
>2. I added distribute-list in on R2, which I was hoping to achive the same
>result as passive-interface. The result is the distribute-list block the
>hello, but R2 and R6 form neighbors.
>
>3. I then have both distribute-list in and distribute-list out on R2 to
>block everything. Well, I still got the samething. They formed neighbors
>even I could not see any hello packets from "debug eigrp packet hello".
>
>4. I then have distribute-list on both R2 and R6 but got the same result
>as
>
>above. At this point, I'm compltely lost.
>
>Configs and output are at the end of the message.
>
>Thanks,
>Chang
>----------------------------------------------------
>No passive interface, no distribute-list => neighbors OK
>
>R2:
>interface Serial1
>ip address 10.1.1.2 255.255.255.0
>clockrate 2000000
>
>router eigrp 100
>network 10.0.0.0
>auto-summary
>no eigrp log-neighbor-changes
>!
>
>R6:
>
>interface Serial1
>ip address 10.1.1.6 255.255.255.0
>router eigrp 100
>network 10.0.0.0
>auto-summary
>no eigrp log-neighbor-changes
>!
>
>r6#sh ip eigrp nei
>IP-EIGRP neighbors for process 100
>H Address Interface Hold Uptime SRTT RTO Q Seq
>Type
> (sec) (ms) Cnt Num
>0 10.1.1.2 Se1 13 00:03:06 536 3216 0 1
>
>---------------------------------------------------
>Passive interface => no neighbors as expected
>r2#ct
>Enter configuration commands, one per line. End with CNTL/Z.
>r2(config)#router eigrp 100
>r2(config-router)#passive s1
>r2(config-router)#^Z
>r2#
>01:19:25: %SYS-5-CONFIG_I: Configured from console by console
>r2#sh ip eigrp nei
>IP-EIGRP neighbors for process 100
>r6#sh ip eigrp nei
>IP-EIGRP neighbors for process 100
>r6#
>
>---------------------------------------------------
>No passive interface, access-list out, neighbors OK as expected on r2 but I
>don't understand why r6 can form neighbor with r2.
>
>r2(config)#router eigrp 100
>r2(config-router)#no passive s1
>r2(config-router)#distribute-list 22 out s1
>r2(config-router)#exit
>r2(config)#access-list 22 deny any
>r2(config)#^Z
>r2#
>01:24:03: %SYS-5-CONFIG_I: Configured from console by console
>r2#sh ip eigrp nei
>IP-EIGRP neighbors for process 100
>H Address Interface Hold Uptime SRTT RTO Q Seq
>Type
> (sec) (ms) Cnt Num
>0 10.1.1.6 Se1 11 00:00:03 1 3000 1 0
>r2#
>
>r6#sh ip eigrp nei
>IP-EIGRP neighbors for process 100
>H Address Interface Hold Uptime SRTT RTO Q Seq
>Type
> (sec) (ms) Cnt Num
>0 10.1.1.2 Se1 13 00:03:54 1440 5000 0 4
>---------------------------------------------------------
>No passive interface, apply access-list in and access-list out. completely
>lost why it did not stop neighboring as there are no hello packets coming
>in
>
>or going out.
>
>r2(config)#router eigrp 100
>r2(config-router)#distribute-list 22 in s1
>r2(config-router)#^Z
>r2#
>r2#clear ip eigrp nei 10.1.1.6
>r2#sh ip eigrp nei
>IP-EIGRP neighbors for process 100
>H Address Interface Hold Uptime SRTT RTO Q Seq
>Type
> (sec) (ms) Cnt Num
>0 10.1.1.6 Se1 14 00:00:00 1 2000 1 0
>
>r2#debug eigrp packet hello
>EIGRP Packets debugging is on
> (HELLO)
>r2#clear ip eigrp nei
>r2#sh ip eigrp nei
>IP-EIGRP neighbors for process 100
>H Address Interface Hold Uptime SRTT RTO Q Seq
>Type
> (sec) (ms) Cnt Num
>0 10.1.1.6 Se1 12 00:00:10 1 4500 0 7
>r2#
>
>
>
>

• Next message: MADMAN: "Re: Cut and past in Hyper terminal?"
• Previous message: Chuck Church: "RE: NMC1 CLass"
• Maybe in reply to: ying chang: "distribute-list under router eigrp (long)"
• Next in thread: Sandro Ciffali: "Re: distribute-list under router eigrp (long)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:57:11 GMT-3