RE: Problem in restrcting a Device to Intercept EIGRP updates

From: Antonio Soares (amsoares@netcabo.pt)
Date: Fri Feb 08 2008 - 13:47:55 ARST

Think about NAT as one possible solution to solve this type of problems:

+++++++++++++++++++++++++
R9#
00:36:32: IP: s=9.9.9.9 (local), d=224.0.0.10 (FastEthernet0/0), len 60,
sending broad/multicast, proto=88
00:36:32: NAT: s=9.9.9.9, d=224.0.0.10->9.9.9.10 [0]
R9#
00:36:37: IP: s=9.9.9.9 (local), d=224.0.0.10 (FastEthernet0/0), len 60,
sending broad/multicast, proto=88
00:36:37: NAT: s=9.9.9.9, d=224.0.0.10->9.9.9.10 [0]
R9#
00:36:41: IP: s=9.9.9.9 (local), d=224.0.0.10 (FastEthernet0/0), len 60,
sending broad/multicast, proto=88
00:36:41: NAT: s=9.9.9.9, d=224.0.0.10->9.9.9.10 [0]
R9#
+++++++++++++++++++++++++

I'm not posting the NAT config because it's a very interesting challenge :)

Regards,

Antonio Soares
CCIE #18473 (R&S),CCNP,CCIP,JNCIA-ER,JNCIS-ER
http://pwp.netcabo.pt/amsoares/

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
steveaggie@gmail.com
Sent: quinta-feira, 7 de Fevereiro de 2008 21:15
To: 'Anshuk Kesarwani'; ccielab@groupstudy.com
Subject: RE: Problem in restrcting a Device to Intercept EIGRP updates

I am in the process of doing this lab now. I haven't looked at the solution
guide, but my solution was to use EIGRP authentication. I can't make the
packets unicast without the neighbor command. I think in another lab they
asked for the same thing, and by "receive" they meant "interpret." So I'm
going to hope that's the answer.

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Anshuk Kesarwani
Sent: Tuesday, February 05, 2008 3:56 AM
To: ccielab@groupstudy.com
Subject: Problem in restrcting a Device to Intercept EIGRP updates

Hi ,

I come across a scenario in which i was needed to restict Interceepting of
EIGRP updates by backbone router without using neighbor command.

Scenario is Backbone is connected on Ethernet with many routers in EIGRP
domain. and we want to restrict only Backbone from interceting the EIGRP
packets

I mean I have few solutions in mind please comment whthere they are corect
or not

1) I can use authentication on all the routers this will stop Backbone frm
getting the EIGRP updates. But Backbone is getting the EIGRP updates in this
case. The only fact is that is in Encrypted format. Which i think may b a
wrong solution as Backbone is recieving the Updates though it is not able to
install routes.

2) I thought of putting vlan access-map and dropping EIGRP packets to IP of
backbone in the vlan in which all the routers are. Then there is problem
that the EIGRP updates are sent to Multicast address not as Unicast. Again I
am confused as nw this will also nt solve the purpose.

3) I can think of just putting an extended *access list deny eigrp any
any*and putting to the port where the Backbone is connected.

I may sound a bit confused to a few of you.

Please pour in your valuable comments .

Regards

Anshuk Kesarwani

This archive was generated by hypermail 2.1.4 : Sat Mar 01 2008 - 16:54:48 ARST