From: John Matijevic (matijevi@bellsouth.net)
Date: Wed Aug 06 2003 - 12:25:12 GMT-3
Hello Kenneth,
The access-list you mentioned will block all eigrp traffic.
As far as using the passive-interface command, you really dont need to use
it since EIGRP is a classless protocol, you can define the network you want
to, using the appropriate wild card bits. Is there a specific scenrio that
requires you to use passive-interface under EIGRP?
Sincerley,
Matijevic
----- Original Message -----
From: "Kenneth Wygand" <KWygand@customonline.com>
To: <ccielab@groupstudy.com>
Sent: Wednesday, August 06, 2003 11:12 AM
Subject: Access-list for EIGRP traffic...
> When denying EIGRP traffic as interesting on an ISDN line, if you simply
> put:
>
>
>
> Access-list 100 deny eigrp any any
>
>
>
> Does this block eigrp at the protocol field level, as opposed to a
> packet destination IP address of 224.0.0.10?
>
>
>
> If so, then this access list should also block unicast updates as per
> neighbor statements in the EIGRP process configuration as well.
>
>
>
> Furthermore, declaring an interface passive appears to only block
> multi/broadcast network advertisements from leaving that interface, but
> specific neighbors can still be specified with neighbor statements and
> protocol updates will then flow via unicast instead, independent of the
> "passive-interface" command.
>
>
>
> Can anyone confirm these thoughts?
>
>
>
> Kenneth E. Wygand
> Systems Engineer, Project Services
>
> CISSP #37102, CCNP, CCDP, MCP 2000, CNA 5.1, Network+, A+
> Custom Computer Specialists, Inc.
>
> "It's not just about ending up where you want to be, it's about making
> the most of the trip there."
> -Anonymous
>
>
> _______________________________________________________________________
> You are subscribed to the GroupStudy.com CCIE R&S Discussion Group.
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Tue Sep 02 2003 - 18:53:54 GMT-3