RE: IEWB3.0 lab 14 4.5 -- EIGRP router not intercept eigrp

From: Gustavo Novais (gustavo.novais@novabase.pt)
Date: Thu Dec 15 2005 - 16:21:33 GMT-3

• Next message: Victor Cappuccio: "Simple Interpretation Question."
• Previous message: Vincent Mashburn: "RE: IEWB3.0 lab 14 4.5 -- EIGRP router not intercept eigrp"
• Maybe in reply to: Vincent Mashburn: "RE: IEWB3.0 lab 14 4.5 -- EIGRP router not intercept eigrp"
• Next in thread: Gustavo Novais: "RE: IEWB3.0 lab 14 4.5 -- EIGRP router not intercept eigrp"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

As you may easily understand why, configuring BB3 is not an option.

Thank you for your input.

Gustavo Novais

-----Original Message-----
From: Vincent Mashburn [mailto:vmashburn@fedex.com]
Sent: quinta-feira, 15 de Dezembro de 2005 19:19
To: Gustavo Novais; Cisco certification
Subject: RE: IEWB3.0 lab 14 4.5 -- EIGRP router not intercept eigrp
updates

Configure an access-list on BB3 to deny EIGRP from the devices on the
Ethernet segement.
Vince Mashburn
Engineer
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Gustavo Novais
Sent: Thursday, December 15, 2005 12:50 PM
To: Cisco certification
Subject: IEWB3.0 lab 14 4.5 -- EIGRP router not intercept eigrp updates

Hello.

We have an Ethernet segment with R1, R3, R6 and BB3 on it.

R1,R3, R6 are speaking eigrp 10.

Task says : Do not allow BB3 to intercept EIGRP updates coming from any
of the eigrp speaking routers.

                   Do not use the neighbour command.

I can think of several ways of fulfilling the requirements, but all fail
in some small way, namely, because of the meaning of the word INTERCEPT.

Intercept can be thought as simply being able to listen to the packets,
at least I'm assuming so. If it is only not being able to establish
adjacency, then the task is trivial.

Authentication on R1,R3, R6 - If updates are authenticated, they are
still multicast - BB3 can still intercept the encrypted packets,
although is not (theoretically) capable to crack the key. This can be a
probable solution.

R1, R3, R6 have different k values from the default ones - It would
simply be a trial and error situation of trying to get the right values,
because the router complains always of mismatch k values. Although
avoiding adjacencies, the multicast packets are always there.

We can try to NAT multicast EIGRP packets into a unicast address, as
posted on a thread some time ago, but for RIP.

This seems to fulfil the requirement, since BB3 does not listen to them.

The problem is that each router has TWO neighbors. If I change EIGRP
multicast to unicast through NAT (I do not know if possible, but... ) I
will have to find a way to duplicate packets. Unless I NAT 224.0.0.10 to
something else also multicast.

Does anybody have any thoughts on task interpretation? Perhaps the
Brians, who wrote it?

I think I may be overcomplicating it...

TIA

Gustavo Novais

• Next message: Victor Cappuccio: "Simple Interpretation Question."
• Previous message: Vincent Mashburn: "RE: IEWB3.0 lab 14 4.5 -- EIGRP router not intercept eigrp"
• Maybe in reply to: Vincent Mashburn: "RE: IEWB3.0 lab 14 4.5 -- EIGRP router not intercept eigrp"
• Next in thread: Gustavo Novais: "RE: IEWB3.0 lab 14 4.5 -- EIGRP router not intercept eigrp"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Jan 09 2006 - 07:07:51 GMT-3