EIGRP, Want to prevent any EIGRP traffic to a interface

Discussion in 'Cisco' started by BG, Jan 23, 2006.

  1. BG

    BG Guest

    I have several DSL access routers (7206VXR's) that customers dsl
    connections terminate on. These routers all have connections back to
    our core router (also 7206VXR).
    I'm running EIGRP between the DSL routers and the core router.
    (thus when a customer comes online with an ip, EIGRP on the dsl router
    talks to our core, and core knows where to route for that ip)

    My issue is, I do not want any EIGRP info flowing out to our DSL
    customers. I have tried using the passive-interface on the DSL
    routers, but customers are telling me they are still seeing EIGRP info
    on their end.

    Do I need to be using an access list on the customer interface side of
    the DSL access routers? or should the passive-interface be doing the
    job.

    EIGRP config from 1 of the dsl routers:

    router eigrp 10
    redistribute static
    passive-interface FastEthernet1/0 (this int goes to dsl customers)
    network a.b.c.d
    network a.b.c.e
    no auto-summary
    neighbour x.x.x.x FastEthernet0/0 (this int goes to core router)
     
    BG, Jan 23, 2006
    #1
    1. Advertising

  2. BG

    Leigh Guest

    Hey there,

    The passive interface should do the job.

    Try something along the lines of:-

    access-list 101 deny eigrp any any
    access-list 101 permit ip any any

    Put that outbound on the interface as well as the passive interface and
    do a sh access-list to see if there are any hits on the access-list.

    Passive interface should do the trick though...

    LH
    CCIE#15331

    BG wrote:
    > I have several DSL access routers (7206VXR's) that customers dsl
    > connections terminate on. These routers all have connections back to
    > our core router (also 7206VXR).
    > I'm running EIGRP between the DSL routers and the core router.
    > (thus when a customer comes online with an ip, EIGRP on the dsl router
    > talks to our core, and core knows where to route for that ip)
    >
    > My issue is, I do not want any EIGRP info flowing out to our DSL
    > customers. I have tried using the passive-interface on the DSL
    > routers, but customers are telling me they are still seeing EIGRP info
    > on their end.
    >
    > Do I need to be using an access list on the customer interface side of
    > the DSL access routers? or should the passive-interface be doing the
    > job.
    >
    > EIGRP config from 1 of the dsl routers:
    >
    > router eigrp 10
    > redistribute static
    > passive-interface FastEthernet1/0 (this int goes to dsl customers)
    > network a.b.c.d
    > network a.b.c.e
    > no auto-summary
    > neighbour x.x.x.x FastEthernet0/0 (this int goes to core router)
    >
     
    Leigh, Jan 23, 2006
    #2
    1. Advertising

  3. BG

    Horst Wagner Guest

    Antw: EIGRP, Want to prevent any EIGRP traffic to a interface

    Hi ,
    use a distribute-list under router eigrp on your central with an access-list denying everything.
    Example:
    router eigrp 10
    distribute list 1 out fastethernet 1/0
    !
    access-list 1 deny any
    !
    good luck
    Horst

    Horst Wagner
    (CCIE# 7975, CCSI# 20806}

    Konkret Netzprojekte GmbH Friedrich Mohr Str. 14
    56070 Koblenz
    Germany
    Tel: +49 261 80091 0
    Fax: +49 261 80091 49
    Email:
    Web: www.netzprojekte.de
     
    Horst Wagner, Feb 9, 2006
    #3
  4. BG

    Merv Guest

    Re: Antw: EIGRP, Want to prevent any EIGRP traffic to a interface

    For ISP access routers you may wish to configure "passive-interface
    default" under the EIGRP routing process and then configure no
    passive-interfacefor the links back to the core.

    While you did not mention it, you would also want to disable CDP on
    customer facing interfces
     
    Merv, Feb 9, 2006
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. jimbo
    Replies:
    8
    Views:
    9,903
    Erik Tamminga
    Jun 28, 2005
  2. *** HAWK

    Firewall - want to prevent all port

    *** HAWK, Jul 11, 2003, in forum: Computer Support
    Replies:
    2
    Views:
    621
    longshotjohn7
    Jul 12, 2003
  3. fatah
    Replies:
    0
    Views:
    824
    fatah
    Aug 17, 2006
  4. Networking Student
    Replies:
    4
    Views:
    1,484
    vreyesii
    Nov 16, 2006
  5. Talal
    Replies:
    0
    Views:
    417
    Talal
    Jun 6, 2007
Loading...

Share This Page