another stupid EIGRP question (multicast hellos)

livenliven Member Posts: 918
in CCNP
ok, so working through the ccnp bsci lab book... Challenge lab states that I need to prevent multicast hello's between two devices....



Well I know the passive-interface command will do this. But won't that break the EIGRP neighbor relationship?


Is there any way to prevent the multicast and still maintain neighbor relation ships?
encrypt the encryption, never mind my brain hurts.
· Share on FacebookShare on Twitter

Comments

  • EdTheLadEdTheLad Member Posts: 2,111 ■■■■□□□□□□
    Checkout the neighbor command under the eigrp process,its used to send unicast hello's.
    Networking, sometimes i love it, mostly i hate it.Its all about the $$$$
    · Share on FacebookShare on Twitter
  • kalebkspkalebksp Member Posts: 1,033 ■■■■■□□□□□
    Look into configuring static neighbors. Here's the command: Cisco IOS IP Command Reference, Volume 2 of 3: Routing Protocols, Release 12.2 - EIGRP Commands [Cisco IOS Software Releases 12.2 Mainline] - Cisco Systems

    It's similar to configuring neighbors in BGP.
    · Share on FacebookShare on Twitter
  • livenliven Member Posts: 918
    ok that seems simple enough...

    router 1 connects to router 2 both using serial 0/0
    they can ping each others serial int just fine....

    so

    r1

    conf t
    router eigrp 1
    neighbor 1.1.1.1 serial 0/0


    r2
    conf t
    router eigrp 1
    neighbor 1.1.1.2 serial 0/0


    That should work right?


    thanks fellas...
    encrypt the encryption, never mind my brain hurts.
    · Share on FacebookShare on Twitter
  • EdTheLadEdTheLad Member Posts: 2,111 ■■■■□□□□□□
    Nope,more like:

    r1

    conf t
    router eigrp 1
    passive-interface default
    network 1.0.0.0
    neighbor 1.1.1.1 serial 0/0


    r2
    conf t
    router eigrp 1
    passive-interface default
    network 1.0.0.0
    neighbor 1.1.1.2 serial 0/0
    Networking, sometimes i love it, mostly i hate it.Its all about the $$$$
    · Share on FacebookShare on Twitter
  • kalebkspkalebksp Member Posts: 1,033 ■■■■■□□□□□
    EdTheLad wrote: »
    Nope,more like:

    r1

    conf t
    router eigrp 1
    passive-interface default
    network 1.0.0.0
    neighbor 1.1.1.1 serial 0/0


    r2
    conf t
    router eigrp 1
    passive-interface default
    network 1.0.0.0
    neighbor 1.1.1.2 serial 0/0

    I thought that passive-interface causes EIGRP to stop sending anything out, will neighbor relationships still form if you statically configure the neighbor?
    · Share on FacebookShare on Twitter
  • EdTheLadEdTheLad Member Posts: 2,111 ■■■■□□□□□□
    kalebksp wrote: »
    I thought that passive-interface causes EIGRP to stop sending anything out, will neighbor relationships still form if you statically configure the neighbor?

    I think you're right, the passive-interface works differently for Rip.In that case only the network statement was missing above.I'm trying to get back up to speed on this stuff, havent really done too much routing study for two years.But relearning takes a fraction of the time.
    I've finished RIP,RIPng, now i'm setting up a dynamips lab to play with eigrpv4&v6 icon_smile.gif.
    Happy days are here again.
    Networking, sometimes i love it, mostly i hate it.Its all about the $$$$
    · Share on FacebookShare on Twitter
  • APAAPA Member Posts: 959
    always configure passive interface-default

    Only turn on the EIGRP on the interfaces that need it..... I'm skeptical about leaving passive interface-default off.....

    Work alot with OSPF and BGP now... haven't touched EIGRP for almost three months now.... must lab this up...

    I thought you could configure the neighbor statement and use passive-interface default as you are telling the router to send unicast hellos out a specific interface to a specific neighbor... so no need for multicast hellos.
    CCNA | CCNA:Security | CCNP | CCIP
    JNCIA:JUNOS | JNCIA:EX | JNCIS:ENT | JNCIS:SEC
    JNCIS:SP | JNCIP:SP
    · Share on FacebookShare on Twitter
  • networker050184networker050184 Mod Posts: 11,962 Mod
    I labbed it up and you can not use passive interface with a neighbor command. You have to take the interface out of passive for the relationship to form.

    If you are wondering the difference with the neighbor command and without just run some debugs.

    With neighbor statement:
    *Jan 23 10:44:19.059: IP: s=10.0.0.1 (local), d=10.0.0.2 (Serial1/0), len 60, sending
*Jan 23 10:44:19.063: EIGRP: Sending HELLO on Serial1/0 nbr 10.0.0.2
*Jan 23 10:44:19.063:   AS 1, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0

    Without:
    *Jan 23 10:45:55.559: IP: s=10.0.0.1 (local), d=224.0.0.10 (Serial1/0), len 60, sending broad/multicast
*Jan 23 10:45:55.563: EIGRP: Sending HELLO on Serial1/0
*Jan 23 10:45:55.563:   AS 1, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0


    Notice the destination address in the debug ip packet statements.
    An expert is a man who has made all the mistakes which can be made.
    · Share on FacebookShare on Twitter
  • livenliven Member Posts: 918
    networker050184 wrote: »
    I labbed it up and you can not use passive interface with a neighbor command. You have to take the interface out of passive for the relationship to form.

    If you are wondering the difference with the neighbor command and without just run some debugs.

    With neighbor statement:
    *Jan 23 10:44:19.059: IP: s=10.0.0.1 (local), d=10.0.0.2 (Serial1/0), len 60, sending
*Jan 23 10:44:19.063: EIGRP: Sending HELLO on Serial1/0 nbr 10.0.0.2
*Jan 23 10:44:19.063:   AS 1, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0

    Without:
    *Jan 23 10:45:55.559: IP: s=10.0.0.1 (local), d=224.0.0.10 (Serial1/0), len 60, sending broad/multicast
*Jan 23 10:45:55.563: EIGRP: Sending HELLO on Serial1/0
*Jan 23 10:45:55.563:   AS 1, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0


    Notice the destination address in the debug ip packet statements.





    Can you post the config for the eigrp?


    I tried with and without passive interface and I can't get it to work.
    encrypt the encryption, never mind my brain hurts.
    · Share on FacebookShare on Twitter
  • networker050184networker050184 Mod Posts: 11,962 Mod
    Here is the config its just basic.

    Router 1
    !
    router eigrp 1
    network 10.0.0.0
    neighbor 10.0.0.2 Serial1/0
    no auto-summary
    !

    Router 2
    !
    router eigrp 1
    network 10.0.0.0
    neighbor 10.0.0.1 Serial1/0
    no auto-summary
    !

    Of course add the passive interface statement if you want that in there.
    An expert is a man who has made all the mistakes which can be made.
    · Share on FacebookShare on Twitter
  • livenliven Member Posts: 918
    networker050184 wrote: »
    Here is the config its just basic.

    Router 1
    !
    router eigrp 1
    network 10.0.0.0
    neighbor 10.0.0.2 Serial1/0
    no auto-summary
    !

    Router 2
    !
    router eigrp 1
    network 10.0.0.0
    neighbor 10.0.0.1 Serial1/0
    no auto-summary
    !

    Of course add the passive interface statement if you want that in there.



    Ok, so I did the same thing and still never got a neighbor relationship.

    I am assuming that you can see a neighbor form with debug and show ip eigrp neighbors ?
    encrypt the encryption, never mind my brain hurts.
    · Share on FacebookShare on Twitter
  • GT-RobGT-Rob Member Posts: 1,090
    On the subject of passive-interface default, its not really needed like is in RIP. Since you can turn auto-sum off, as well as specify the wildcard bits for the network statements, you can control exactly which networks/interfaces are in EIGRP (just like OSPF). RIP is where it becomes a problem still.


    Networker's config should work, assuming you have reach ability in the first place correctly (they can ping each other). Does the neighbor come up without the neighbor statement, and just the network statement? Then you throw on the neighbor statement, and you will get some kind of reset msg, and it should be fine.
    http://frozenrouter.blogspot.com
    · Share on FacebookShare on Twitter
  • networker050184networker050184 Mod Posts: 11,962 Mod
    Yep my neighbor relationship forms fine.


    Router R1
    R1#sho run | in router eigrp 1
router eigrp 1
R1#sho run | b router eigrp
router eigrp 1
 network 10.0.0.0
 neighbor 10.0.0.2 Serial1/0
 no auto-summary
!
ip classless
no ip http server
!
!
!
!
!
!
!
!
!
gatekeeper
 shutdown
!
!
line con 0
 exec-timeout 0 0
 logging synchronous
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
!
!
end

R1#sho ip ei n
IP-EIGRP neighbors for process 1
H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq
                                            (sec)         (ms)       Cnt Num
0   10.0.0.2                Se1/0             14 00:01:24    1  3000  0  2

    Router 2
    R2#sho run | b router eigrp 1
router eigrp 1
 network 10.0.0.0
 neighbor 10.0.0.1 Serial1/0
 no auto-summary
!
ip classless
no ip http server
!
!
!
!
!
!
!
!
!
gatekeeper
 shutdown
!
!
line con 0
 exec-timeout 0 0
 logging synchronous
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
!
!
end

R2#sho ip ei n
IP-EIGRP neighbors for process 1
H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq
                                            (sec)         (ms)       Cnt Num
0   10.0.0.1                Se1/0             14 00:02:34  928  5000  0  2



    Can you get the neighbors to form without the neighbor command on either router?
    An expert is a man who has made all the mistakes which can be made.
    · Share on FacebookShare on Twitter
  • APAAPA Member Posts: 959
    Thanks for labbing that up networker, something lil to remember again.

    It' s the little things that count.

    Liven you have got IP connectivity between the two hosts right? So they can successfully setup the relationship?

    Can you please post your full config from both routers... :)
    CCNA | CCNA:Security | CCNP | CCIP
    JNCIA:JUNOS | JNCIA:EX | JNCIS:ENT | JNCIS:SEC
    JNCIS:SP | JNCIP:SP
    · Share on FacebookShare on Twitter
  • livenliven Member Posts: 918
    A.P.A wrote: »
    Thanks for labbing that up networker, something lil to remember again.

    It' s the little things that count.

    Liven you have got IP connectivity between the two hosts right? So they can successfully setup the relationship?

    Can you please post your full config from both routers... :)


    Yes I have full connectivity between the two hosts. I will posts the configs later, I blew them away (after messing with them for a few hours, got frustrated and had to move on for a bit).


    I will lab it back up later and post my configs. Hopefully we will see what I am doing wrong.
    encrypt the encryption, never mind my brain hurts.
    · Share on FacebookShare on Twitter
  • cisco_troopercisco_trooper Member Posts: 1,441 ■■■■□□□□□□
    GT-Rob wrote: »
    On the subject of passive-interface default, its not really needed like is in RIP. Since you can turn auto-sum off, as well as specify the wildcard bits for the network statements, you can control exactly which networks/interfaces are in EIGRP (just like OSPF). RIP is where it becomes a problem still.

    I use that passive-interface default as a way to help secure the routing topology. I don't need a jackass admin accidentally forming an eigrp neighborship with a device that is advertising a default route or something and black-holing all my traffic. There is obviously the MD5 authentication but you can never be too careful...
    · Share on FacebookShare on Twitter
  • cisco_troopercisco_trooper Member Posts: 1,441 ■■■■□□□□□□
    A.P.A wrote: »
    I thought you could configure the neighbor statement and use passive-interface default as you are telling the router to send unicast hellos out a specific interface to a specific neighbor... so no need for multicast hellos.

    I don't think passive-interface distinguishes between hello types. Whether it is talking multicast or talking unicast, the interface shouldn't be talking EIGRP if it is a passive-interface.
    · Share on FacebookShare on Twitter
  • vinnyjonesvinnyjones Member Posts: 6 ■□□□□□□□□□
    I am doing the same lab, except i am using GNS3 and i can confirm that the only thing you need to do for this is statically configure neighbours using the neighbor command...

    As soon as you do that hello packets are not sent to 224.0.0.10, they are are sent directly to the neighbour via that unicast address...

    EIGRP STOPS Multicast hello packets being sent over the statically configured link.

    Packet capture confirmed this...

    icon_smile.gif
    · Share on FacebookShare on Twitter
  • dtlokeedtlokee Member Posts: 2,378 ■■■■□□□□□□
    vinnyjones wrote: »
    I am doing the same lab, except i am using GNS3 and i can confirm that the only thing you need to do for this is statically configure neighbours using the network command...

    As soon as you do that hello packets are not sent to 224.0.0.10, they are are sent directly to the neighbour via that unicast address...

    EIGRP STOPS Multicast hello packets being sent over the statically configured link.

    Packet capture confirmed this...

    icon_smile.gif

    I am assuming you ment the "neighbor command" not "network command" in your post.
    The only easy day was yesterday!
    · Share on FacebookShare on Twitter
  • vinnyjonesvinnyjones Member Posts: 6 ■□□□□□□□□□
    ooops, yes sorry about that i meant the neighbor command...
    · Share on FacebookShare on Twitter
Sign In or Register to comment.