From: ying chang (ying_c@xxxxxxxxxxx)
Date: Sun Mar 17 2002 - 01:16:13 GMT-3
Thanks all who replied. As many of you pointed out like Sandro's, my problem
is fixed by applying the access-list to the list, which has the same effect
as applying passive-interface inside router eigrp. i.e. no neighbor between
two routers.
Thanks,
Chang
>From: Sandro Ciffali <sandyccie@yahoo.com>
>Reply-To: Sandro Ciffali <sandyccie@yahoo.com>
>To: ying chang <ying_c@hotmail.com>, ccielab@groupstudy.com
>Subject: Re: distribute-list under router eigrp (long)
>Date: Sat, 16 Mar 2002 16:52:16 -0800 (PST)
>
>Distribute-list deny any does not mean do not form
>neighbors, On the site cisco says use distribute list
>to obtain the same result as passive interface. the
>"Same result" is not Not forming the neighbors, But
>the same result is in both sases no routes will sent.
>If you configure distribute list in and out both with
>deny any, no routes will be recd. and sent, but
>neighbor relationship will be formed. Remember
>access-list can be written to prevent neighbor not
>distribute list.
>
>Sandro
>--- ying chang <ying_c@hotmail.com> wrote:
> > I'm doing an excercise from
> >
> > http://www.cisco.com/warp/public/103/16.html
> >
> > which basically said passive-interface will prevent
> > eigrp
> > routers to form neighbors, in order to get the same
> > effect from
> > "passive-interface", use the "distribute-list out".
> > Everything works as it
> > said, but here are a few things I don't understand:
> >
> > Below is my topology, everything is applied to R2
> >
> > R2<------eigrp----->R6
> >
> > I use "access-list 22 deny any" on R2 which would
> > deny everything.
> >
> > 1. R2's distribute-list out will preventing hello to
> > R6, since R6 could not
> > receive the hello packets, isn't R6 not be able to
> > form neighbor with R6?
> > What I saw is R6 still form neighbors with R2.
> >
> > 2. I added distribute-list in on R2, which I was
> > hoping to achive the same
> > result as passive-interface. The result is the
> > distribute-list block the
> > hello, but R2 and R6 form neighbors.
> >
> > 3. I then have both distribute-list in and
> > distribute-list out on R2 to
> > block everything. Well, I still got the samething.
> > They formed neighbors
> > even I could not see any hello packets from "debug
> > eigrp packet hello".
> >
> > 4. I then have distribute-list on both R2 and R6 but
> > got the same result as
> > above. At this point, I'm compltely lost.
> >
> > Configs and output are at the end of the message.
> >
> > Thanks,
> > Chang
> > ----------------------------------------------------
> > No passive interface, no distribute-list =>
> > neighbors OK
> >
> > R2:
> > interface Serial1
> > ip address 10.1.1.2 255.255.255.0
> > clockrate 2000000
> >
> > router eigrp 100
> > network 10.0.0.0
> > auto-summary
> > no eigrp log-neighbor-changes
> > !
> >
> > R6:
> >
> > interface Serial1
> > ip address 10.1.1.6 255.255.255.0
> > router eigrp 100
> > network 10.0.0.0
> > auto-summary
> > no eigrp log-neighbor-changes
> > !
> >
> > r6#sh ip eigrp nei
> > IP-EIGRP neighbors for process 100
> > H Address Interface Hold Uptime
> > SRTT RTO Q Seq
> > Type
> > (sec)
> > (ms) Cnt Num
> > 0 10.1.1.2 Se1 13
> > 00:03:06 536 3216 0 1
> >
> > ---------------------------------------------------
> > Passive interface => no neighbors as expected
> > r2#ct
> > Enter configuration commands, one per line. End
> > with CNTL/Z.
> > r2(config)#router eigrp 100
> > r2(config-router)#passive s1
> > r2(config-router)#^Z
> > r2#
> > 01:19:25: %SYS-5-CONFIG_I: Configured from console
> > by console
> > r2#sh ip eigrp nei
> > IP-EIGRP neighbors for process 100
> > r6#sh ip eigrp nei
> > IP-EIGRP neighbors for process 100
> > r6#
> >
> > ---------------------------------------------------
> > No passive interface, access-list out, neighbors OK
> > as expected on r2 but I
> > don't understand why r6 can form neighbor with r2.
> >
> > r2(config)#router eigrp 100
> > r2(config-router)#no passive s1
> > r2(config-router)#distribute-list 22 out s1
> > r2(config-router)#exit
> > r2(config)#access-list 22 deny any
> > r2(config)#^Z
> > r2#
> > 01:24:03: %SYS-5-CONFIG_I: Configured from console
> > by console
> > r2#sh ip eigrp nei
> > IP-EIGRP neighbors for process 100
> > H Address Interface Hold Uptime
> > SRTT RTO Q Seq
> > Type
> > (sec)
> > (ms) Cnt Num
> > 0 10.1.1.6 Se1 11
> > 00:00:03 1 3000 1 0
> > r2#
> >
> > r6#sh ip eigrp nei
> > IP-EIGRP neighbors for process 100
> > H Address Interface Hold Uptime
> > SRTT RTO Q Seq
> > Type
> > (sec)
> > (ms) Cnt Num
> > 0 10.1.1.2 Se1 13
> > 00:03:54 1440 5000 0 4
> >
>---------------------------------------------------------
> > No passive interface, apply access-list in and
> > access-list out. completely
> > lost why it did not stop neighboring as there are no
> > hello packets coming in
> > or going out.
> >
> > r2(config)#router eigrp 100
> > r2(config-router)#distribute-list 22 in s1
> > r2(config-router)#^Z
> > r2#
> > r2#clear ip eigrp nei 10.1.1.6
> > r2#sh ip eigrp nei
> > IP-EIGRP neighbors for process 100
> > H Address Interface Hold Uptime
> > SRTT RTO Q Seq
> > Type
> > (sec)
> > (ms) Cnt Num
> > 0 10.1.1.6 Se1 14
> > 00:00:00 1 2000 1 0
> >
> > r2#debug eigrp packet hello
> > EIGRP Packets debugging is on
> > (HELLO)
> > r2#clear ip eigrp nei
> > r2#sh ip eigrp nei
> > IP-EIGRP neighbors for process 100
> > H Address Interface Hold Uptime
> > SRTT RTO Q Seq
> > Type
> > (sec)
> > (ms) Cnt Num
> > 0 10.1.1.6 Se1 12
> > 00:00:10 1 4500 0 7
> > r2#
> >
> >
> >
> >
> >
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:57:11 GMT-3