EIGRP, Want to prevent any EIGRP traffic to a interface

Discussion in 'Cisco' started by BG, Jan 23, 2006.

  1. BG

    BG Guest

    I have several DSL access routers (7206VXR's) that customers dsl
    connections terminate on. These routers all have connections back to
    our core router (also 7206VXR).
    I'm running EIGRP between the DSL routers and the core router.
    (thus when a customer comes online with an ip, EIGRP on the dsl router
    talks to our core, and core knows where to route for that ip)

    My issue is, I do not want any EIGRP info flowing out to our DSL
    customers. I have tried using the passive-interface on the DSL
    routers, but customers are telling me they are still seeing EIGRP info
    on their end.

    Do I need to be using an access list on the customer interface side of
    the DSL access routers? or should the passive-interface be doing the
    job.

    EIGRP config from 1 of the dsl routers:

    router eigrp 10
    redistribute static
    passive-interface FastEthernet1/0 (this int goes to dsl customers)
    network a.b.c.d
    network a.b.c.e
    no auto-summary
    neighbour x.x.x.x FastEthernet0/0 (this int goes to core router)
     
    BG, Jan 23, 2006
    #1
    1. Advertisements

  2. BG

    Leigh Guest

    Hey there,

    The passive interface should do the job.

    Try something along the lines of:-

    access-list 101 deny eigrp any any
    access-list 101 permit ip any any

    Put that outbound on the interface as well as the passive interface and
    do a sh access-list to see if there are any hits on the access-list.

    Passive interface should do the trick though...

    LH
    CCIE#15331
     
    Leigh, Jan 23, 2006
    #2
    1. Advertisements

  3. BG

    Horst Wagner Guest

    Hi ,
    use a distribute-list under router eigrp on your central with an access-list denying everything.
    Example:
    router eigrp 10
    distribute list 1 out fastethernet 1/0
    !
    access-list 1 deny any
    !
    good luck
    Horst

    Horst Wagner
    (CCIE# 7975, CCSI# 20806}

    Konkret Netzprojekte GmbH Friedrich Mohr Str. 14
    56070 Koblenz
    Germany
    Tel: +49 261 80091 0
    Fax: +49 261 80091 49
    Email:
    Web: www.netzprojekte.de
     
    Horst Wagner, Feb 9, 2006
    #3
  4. BG

    Merv Guest

    For ISP access routers you may wish to configure "passive-interface
    default" under the EIGRP routing process and then configure no
    passive-interfacefor the links back to the core.

    While you did not mention it, you would also want to disable CDP on
    customer facing interfces
     
    Merv, Feb 9, 2006
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.