DONATE


EIGRP Passive interface

EIGRP Passive interface

EIGRP do not send any hello messages on passive interface. EIGRP router ignores any EIGRP messages received on the interface its means no neighbors relation but EIGRP still advertises about the connected subnet only if matched with an EIGRP network command.



lets understand it more clearly


In our diagram we have 4 Routers and a switch, Router_1 and Router_2. Down side there’s the network 10.1.1.1/8 with a switch connected to Router_1 and come computers. We need Router_1 have to advertise the network 10.1.1.1/8 to our Autonomous system and of course router_2 but we have one problem there is no router on 10.1.1.1/8 network. There is no reason to send EIGRP hello packets on the interface fastethernet 0/0

There is also one big problem  it’s a security risk what if someone connect his computer to our switch with an application and advertise fake routes and he become EIGRP neighbors with our router1 this is a nightmare.

We do not allow this going to be happening in our autonomous system. To prevent this going to happen we need passive interface command and this feature ensure that the network is advertised in EIGRP but this feature disable  hello packets on the interface ( in our case fatethernet 0/0 )


There is option redistribution with the help of this command we can prevent our nightmare. 


let see the configuration:

Topology:-



TASK:

  • configure the topology as per the diagram 
  • assign IP addresses to their interfaces 
  • configure EIGRP 61234 and advertise all the interfaces 
  • configure serial 3/1 and 3/3 passive interfaces 


R1(config)#Interface fastethernet 0/0
R1(config-if)#Ip address 10.1.1.1   255.0.0.0
R1(config-if)#No shutdown
R1(config-if)#No keepalive
R1(config-if)#Exit

R1(config)#Interface serial 3/0
R1(config-if)#Ip address  1.1.1.1 255.0.0.0
R1(config-if)#No shutdown
R1(config-if)#Exit

R2(config)#Interface fastethernet 0/0
R2(config-if)#Ip address 20.1.1.1   255.0.0.0
R2(config-if)#No shutdown
R2(config-if)#No keepalive
R2(config-if)#Exit

R2(config)#Interface serial 3/1
R2(config-if)#Ip address  2.2.2.1  255.0.0.0
R2(config-if)#No shutdown
R2(config-if)#Exit


R3(config)#Interface fastethernet 0/0
R3(config-if)#Ip address 30.1.1.1   255.0.0.0
R3(config-if)#No shutdown
R3(config-if)#No keepalive
R3(config-if)#Exit

R3(config)#Interface serial 3/1
R3(config-if)#Ip address  3.3.3.1  255.0.0.0
R3(config-if)#No shutdown
R3(config-if)#Exit


R4(config)#Interface fastethernet 0/0
R4(config-if)#Ip address 40.1.1.1   255.0.0.0
R4(config-if)#No shutdown
R4(config-if)#No keepalive
R4(config-if)#Exit

R4(config)#Interface serial 3/1
R4(config-if)#Ip address  4.4.4.1  255.0.0.0
R4(config-if)#No shutdown
R4(config-if)#Exit


R5(config)#Interface fastethernet 0/0
R5(config-if)#Ip address 50.1.1.1   255.0.0.0
R5(config-if)#No shutdown
R5(config-if)#No keepalive
R5(config-if)#Exit

R5(config)#Interface serial 3/0
R5(config-if)#Ip address  1.1.1.2  255.0.0.0
R5(config-if)#No shutdown
R5(config-if)#Exit

R5(config)#Interface serial 3/1
R5(config-if)#Ip address  2.2.2.2 255.0.0.0
R5(config-if)#No shutdown
R5(config-if)#Exit

R5(config)#Interface serial 3/2
R5(config-if)#Ip address  3.3.3.2 255.0.0.0
R5(config-if)#No shutdown
R5(config-if)#Exit

R5(config)#Interface serial 3/3
R5(config-if)#Ip address  4.4.4.2 255.0.0.0
R5(config-if)#No shutdown
R5(config-if)#Exit


R1#show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol
FastEthernet0/0        10.1.1.1        YES manual up                    up
Serial3/0                    1.1.1.1         YES manual up                    up



R2#show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol
FastEthernet0/0        20.1.1.1        YES manual up                    up
Serial3/1                    2.2.2.1         YES manual up                    up


R3#show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol
FastEthernet0/0        30.1.1.1        YES manual up                    up
Serial3/2                    3.3.3.1         YES manual up                    up


R4#show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol
FastEthernet0/0        40.1.1.1        YES manual up                    up
Serial3/3                    4.4.4.1         YES manual up                    up

R5#show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol
FastEthernet0/0        50.1.1.1        YES manual up                    up
Serial3/0                    1.1.1.2         YES manual up                    up
Serial3/1                    2.2.2.2         YES manual up                    up
Serial3/2                    3.3.3.2         YES manual up                    up
Serial3/3                   4.4.4.2         YES manual up                    up



R1(config)#router eigrp 61234
R1(config-router)#network 1.0.0.0
R1(config-router)#network 10.0.0.0
R1(config-router)#no auto-summary
R1(config-router)#end


R2(config)#router eigrp 61234
R2(config-router)#network 2.0.0.0
R2(config-router)#network 20.0.0.0
R2(config-router)#no auto-summary
R2(config-router)#end


R3(config)#router eigrp 61234
R3(config-router)#network 3.0.0.0
R3(config-router)#network 30.0.0.0
R3(config-router)#no auto-summary
R3(config-router)#end


R4(config)#router eigrp 61234
R4(config-router)#network 4.0.0.0
R4(config-router)#network 40.0.0.0
R4(config-router)#no auto-summary
R4(config-router)#end


R5(config)#router eigrp 61234
R5(config-router)#network 50.0.0.0
R5(config-router)#network 4.0.0.0
R5(config-router)#network 3.0.0.0
R5(config-router)#network 3.0.0.0
R5(config-router)#network 2.0.0.0
R5(config-router)#network 1.0.0.0
R5(config-router)#no auto-summary
R5(config-router)#end

*Dec  4 23:22:09.967: %DUAL-5-NBRCHANGE: EIGRP-IPv4 61234: Neighbor 4.4.4.1 (Serial3/3) is up: new adjacency

*Dec  4 23:22:14.343: %DUAL-5-NBRCHANGE: EIGRP-IPv4 61234: Neighbor 3.3.3.1 (Serial3/2) is up: new adjacency

 *Dec  4 23:22:19.375: %DUAL-5-NBRCHANGE: EIGRP-IPv4 61234: Neighbor 2.2.2.1 (Serial3/1) is up: new adjacency

 *Dec  4 23:22:25.239: %DUAL-5-NBRCHANGE: EIGRP-IPv4 61234: Neighbor 1.1.1.1 (Serial3/0) is up: new adjacency

 R5#show ip eigrp neighbors
EIGRP-IPv4 Neighbors for AS(61234)
H   Address                 Interface              Hold Uptime   SRTT   RTO  Q  Seq
                                                   (sec)         (ms)       Cnt Num
3   1.1.1.1                 Se3/0                    12 00:04:14   78   468  0  3
2   2.2.2.1                 Se3/1                    12 00:04:20   79   474  0  5
1   3.3.3.1                 Se3/2                    14 00:04:25   57   342  0  7
0   4.4.4.1                 Se3/3                    14 00:04:30   67   402  0  9

R5#show ip route eigrp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

 Gateway of last resort is not set

 D     10.0.0.0/8 [90/2172416] via 1.1.1.1, 00:04:21, Serial3/0
D     20.0.0.0/8 [90/2172416] via 2.2.2.1, 00:04:27, Serial3/1
D     30.0.0.0/8 [90/2172416] via 3.3.3.1, 00:04:32, Serial3/2

D     40.0.0.0/8 [90/2172416] via 4.4.4.1, 00:04:37, Serial3/3

R5(config)#router eigrp 61234
R5(config-router)#passive-interface serial 3/1
R5(config-router)#passive-interface serial 3/3
R5(config-router)#end

 *Dec  4 23:29:34.627: %DUAL-5-NBRCHANGE: EIGRP-IPv4 61234: Neighbor 2.2.2.1 (Serial3/1) is down: interface passive

 *Dec  4 23:29:40.855: %DUAL-5-NBRCHANGE: EIGRP-IPv4 61234: Neighbor 4.4.4.1 (Serial3/3) is down: interface passive



R5#show ip eigrp interfaces
EIGRP-IPv4 Interfaces for AS(61234)
                              Xmit Queue   PeerQ        Mean   Pacing Time   Multicast    Pending
Interface              Peers  Un/Reliable  Un/Reliable  SRTT   Un/Reliable   Flow Timer   Routes
Fa0/0                    0        0/0       0/0           0       0/0            0           0
Se3/2                    1        0/0       0/0          60       0/16         236           0
Se3/0                    1        0/0       0/0          66       0/16         272           0

R5#show ip eigrp neighbors
EIGRP-IPv4 Neighbors for AS(61234)
H   Address                 Interface              Hold Uptime   SRTT   RTO  Q  Seq
                                                   (sec)         (ms)       Cnt Num
3   1.1.1.1                 Se3/0                    10 00:08:32   66   396  0  7
1   3.3.3.1                 Se3/2                    11 00:08:43   60   360  0  11

R5#show ip route eigrp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set

D     10.0.0.0/8 [90/2172416] via 1.1.1.1, 00:08:39, Serial3/0
D     30.0.0.0/8 [90/2172416] via 3.3.3.1, 00:08:50, Serial3/2


By at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Cisco’s IOS

Cisco’s IOS The Cisco inter network operating system (IOS) is the kernel of Cisco routers as well as all current catalyst switches. A ke...

INSTAGRAM FEED

@Edger C Francis