Re: distribute-list under router eigrp (long)

From: Sandro Ciffali (sandyccie@xxxxxxxxx)
Date: Sat Mar 16 2002 - 21:52:16 GMT-3

• Next message: RSiddappa@xxxxxxxxxx: "RE: DLSW ports"
• Previous message: Narvaez, Pablo: "RE: DLSW ports"
• Maybe in reply to: ying chang: "distribute-list under router eigrp (long)"
• Next in thread: Ahmed Mamoor Amimi: "Re: distribute-list under router eigrp (long)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Distribute-list deny any does not mean do not form
neighbors, On the site cisco says use distribute list
to obtain the same result as passive interface. the
"Same result" is not Not forming the neighbors, But
the same result is in both sases no routes will sent.
If you configure distribute list in and out both with
deny any, no routes will be recd. and sent, but
neighbor relationship will be formed. Remember
access-list can be written to prevent neighbor not
distribute list.

Sandro
--- ying chang <ying_c@hotmail.com> wrote:
> I'm doing an excercise from
>
> http://www.cisco.com/warp/public/103/16.html
>
> which basically said passive-interface will prevent
> eigrp
> routers to form neighbors, in order to get the same
> effect from
> "passive-interface", use the "distribute-list out".
> Everything works as it
> said, but here are a few things I don't understand:
>
> Below is my topology, everything is applied to R2
>
> R2<------eigrp----->R6
>
> I use "access-list 22 deny any" on R2 which would
> deny everything.
>
> 1. R2's distribute-list out will preventing hello to
> R6, since R6 could not
> receive the hello packets, isn't R6 not be able to
> form neighbor with R6?
> What I saw is R6 still form neighbors with R2.
>
> 2. I added distribute-list in on R2, which I was
> hoping to achive the same
> result as passive-interface. The result is the
> distribute-list block the
> hello, but R2 and R6 form neighbors.
>
> 3. I then have both distribute-list in and
> distribute-list out on R2 to
> block everything. Well, I still got the samething.
> They formed neighbors
> even I could not see any hello packets from "debug
> eigrp packet hello".
>
> 4. I then have distribute-list on both R2 and R6 but
> got the same result as
> above. At this point, I'm compltely lost.
>
> Configs and output are at the end of the message.
>
> Thanks,
> Chang
> ----------------------------------------------------
> No passive interface, no distribute-list =>
> neighbors OK
>
> R2:
> interface Serial1
> ip address 10.1.1.2 255.255.255.0
> clockrate 2000000
>
> router eigrp 100
> network 10.0.0.0
> auto-summary
> no eigrp log-neighbor-changes
> !
>
> R6:
>
> interface Serial1
> ip address 10.1.1.6 255.255.255.0
> router eigrp 100
> network 10.0.0.0
> auto-summary
> no eigrp log-neighbor-changes
> !
>
> r6#sh ip eigrp nei
> IP-EIGRP neighbors for process 100
> H Address Interface Hold Uptime
> SRTT RTO Q Seq
> Type
> (sec)
> (ms) Cnt Num
> 0 10.1.1.2 Se1 13
> 00:03:06 536 3216 0 1
>
> ---------------------------------------------------
> Passive interface => no neighbors as expected
> r2#ct
> Enter configuration commands, one per line. End
> with CNTL/Z.
> r2(config)#router eigrp 100
> r2(config-router)#passive s1
> r2(config-router)#^Z
> r2#
> 01:19:25: %SYS-5-CONFIG_I: Configured from console
> by console
> r2#sh ip eigrp nei
> IP-EIGRP neighbors for process 100
> r6#sh ip eigrp nei
> IP-EIGRP neighbors for process 100
> r6#
>
> ---------------------------------------------------
> No passive interface, access-list out, neighbors OK
> as expected on r2 but I
> don't understand why r6 can form neighbor with r2.
>
> r2(config)#router eigrp 100
> r2(config-router)#no passive s1
> r2(config-router)#distribute-list 22 out s1
> r2(config-router)#exit
> r2(config)#access-list 22 deny any
> r2(config)#^Z
> r2#
> 01:24:03: %SYS-5-CONFIG_I: Configured from console
> by console
> r2#sh ip eigrp nei
> IP-EIGRP neighbors for process 100
> H Address Interface Hold Uptime
> SRTT RTO Q Seq
> Type
> (sec)
> (ms) Cnt Num
> 0 10.1.1.6 Se1 11
> 00:00:03 1 3000 1 0
> r2#
>
> r6#sh ip eigrp nei
> IP-EIGRP neighbors for process 100
> H Address Interface Hold Uptime
> SRTT RTO Q Seq
> Type
> (sec)
> (ms) Cnt Num
> 0 10.1.1.2 Se1 13
> 00:03:54 1440 5000 0 4
>
---------------------------------------------------------
> No passive interface, apply access-list in and
> access-list out. completely
> lost why it did not stop neighboring as there are no
> hello packets coming in
> or going out.
>
> r2(config)#router eigrp 100
> r2(config-router)#distribute-list 22 in s1
> r2(config-router)#^Z
> r2#
> r2#clear ip eigrp nei 10.1.1.6
> r2#sh ip eigrp nei
> IP-EIGRP neighbors for process 100
> H Address Interface Hold Uptime
> SRTT RTO Q Seq
> Type
> (sec)
> (ms) Cnt Num
> 0 10.1.1.6 Se1 14
> 00:00:00 1 2000 1 0
>
> r2#debug eigrp packet hello
> EIGRP Packets debugging is on
> (HELLO)
> r2#clear ip eigrp nei
> r2#sh ip eigrp nei
> IP-EIGRP neighbors for process 100
> H Address Interface Hold Uptime
> SRTT RTO Q Seq
> Type
> (sec)
> (ms) Cnt Num
> 0 10.1.1.6 Se1 12
> 00:00:10 1 4500 0 7
> r2#
>
>
>
>
>

• Next message: RSiddappa@xxxxxxxxxx: "RE: DLSW ports"
• Previous message: Narvaez, Pablo: "RE: DLSW ports"
• Maybe in reply to: ying chang: "distribute-list under router eigrp (long)"
• Next in thread: Ahmed Mamoor Amimi: "Re: distribute-list under router eigrp (long)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:57:11 GMT-3