another stupid EIGRP question (multicast hellos)
ok, so working through the ccnp bsci lab book... Challenge lab states that I need to prevent multicast hello's between two devices....
Well I know the passive-interface command will do this. But won't that break the EIGRP neighbor relationship?
Is there any way to prevent the multicast and still maintain neighbor relation ships?
Well I know the passive-interface command will do this. But won't that break the EIGRP neighbor relationship?
Is there any way to prevent the multicast and still maintain neighbor relation ships?
encrypt the encryption, never mind my brain hurts.
Comments
It's similar to configuring neighbors in BGP.
router 1 connects to router 2 both using serial 0/0
they can ping each others serial int just fine....
so
r1
conf t
router eigrp 1
neighbor 1.1.1.1 serial 0/0
r2
conf t
router eigrp 1
neighbor 1.1.1.2 serial 0/0
That should work right?
thanks fellas...
r1
conf t
router eigrp 1
passive-interface default
network 1.0.0.0
neighbor 1.1.1.1 serial 0/0
r2
conf t
router eigrp 1
passive-interface default
network 1.0.0.0
neighbor 1.1.1.2 serial 0/0
I thought that passive-interface causes EIGRP to stop sending anything out, will neighbor relationships still form if you statically configure the neighbor?
I think you're right, the passive-interface works differently for Rip.In that case only the network statement was missing above.I'm trying to get back up to speed on this stuff, havent really done too much routing study for two years.But relearning takes a fraction of the time.
I've finished RIP,RIPng, now i'm setting up a dynamips lab to play with eigrpv4&v6
Happy days are here again.
Only turn on the EIGRP on the interfaces that need it..... I'm skeptical about leaving passive interface-default off.....
Work alot with OSPF and BGP now... haven't touched EIGRP for almost three months now.... must lab this up...
I thought you could configure the neighbor statement and use passive-interface default as you are telling the router to send unicast hellos out a specific interface to a specific neighbor... so no need for multicast hellos.
CCNA | CCNA:Security | CCNP | CCIP
JNCIA:JUNOS | JNCIA:EX | JNCIS:ENT | JNCIS:SEC
JNCIS:SP | JNCIP:SP
If you are wondering the difference with the neighbor command and without just run some debugs.
With neighbor statement:
Without:
Notice the destination address in the debug ip packet statements.
Can you post the config for the eigrp?
I tried with and without passive interface and I can't get it to work.
Router 1
!
router eigrp 1
network 10.0.0.0
neighbor 10.0.0.2 Serial1/0
no auto-summary
!
Router 2
!
router eigrp 1
network 10.0.0.0
neighbor 10.0.0.1 Serial1/0
no auto-summary
!
Of course add the passive interface statement if you want that in there.
Ok, so I did the same thing and still never got a neighbor relationship.
I am assuming that you can see a neighbor form with debug and show ip eigrp neighbors ?
Networker's config should work, assuming you have reach ability in the first place correctly (they can ping each other). Does the neighbor come up without the neighbor statement, and just the network statement? Then you throw on the neighbor statement, and you will get some kind of reset msg, and it should be fine.
Router R1
Router 2
Can you get the neighbors to form without the neighbor command on either router?
It' s the little things that count.
Liven you have got IP connectivity between the two hosts right? So they can successfully setup the relationship?
Can you please post your full config from both routers...
CCNA | CCNA:Security | CCNP | CCIP
JNCIA:JUNOS | JNCIA:EX | JNCIS:ENT | JNCIS:SEC
JNCIS:SP | JNCIP:SP
Yes I have full connectivity between the two hosts. I will posts the configs later, I blew them away (after messing with them for a few hours, got frustrated and had to move on for a bit).
I will lab it back up later and post my configs. Hopefully we will see what I am doing wrong.
I use that passive-interface default as a way to help secure the routing topology. I don't need a jackass admin accidentally forming an eigrp neighborship with a device that is advertising a default route or something and black-holing all my traffic. There is obviously the MD5 authentication but you can never be too careful...
I don't think passive-interface distinguishes between hello types. Whether it is talking multicast or talking unicast, the interface shouldn't be talking EIGRP if it is a passive-interface.
As soon as you do that hello packets are not sent to 224.0.0.10, they are are sent directly to the neighbour via that unicast address...
EIGRP STOPS Multicast hello packets being sent over the statically configured link.
Packet capture confirmed this...
I am assuming you ment the "neighbor command" not "network command" in your post.