We know that enabling EIGRP on an interface has two effects:
- EIGRP Hello packets will start being sent out of the interface to multicast address 126.96.36.199. This means that neighbour relationships (adjacencies) can be formed with other routers directly connected to the same subnet and using the same EIGRP AS number
- the network that the interface is part of will be advertised by the EIGRP routing process
If we have a router with interfaces that are not connected to other routers, then there is no point in it sending Hello packets out of those interfaces. It is also good security practice to prevent neighbour relationships being formed via interfaces that we know (as the network designer) that no router should ever connect to.
With EIGRP we have the option to make an interface passive, which has two effects on the interface:
- EIGRP packets are never sent out
- EIGRP packets received are ignored
Here’s our network for this lab:
If we turn on some debugging on router WEST, we can see the default behaviour with Hello packets being sent out of all interfaces that are matched by the EIGRP network statements:
WEST#debug eigrp packets hello EIGRP Packets debugging is on (HELLO) WEST# *Mar 1 02:58:47.207: EIGRP: Sending HELLO on FastEthernet2/0 *Mar 1 02:58:47.207: AS 1000, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0 *Mar 1 02:58:47.535: EIGRP: Sending HELLO on FastEthernet1/0 *Mar 1 02:58:47.535: AS 1000, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0 *Mar 1 02:58:48.671: EIGRP: Sending HELLO on FastEthernet0/0 *Mar 1 02:58:48.671: AS 1000, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0
On router WEST, advertise all connected networks into EIGRP AS 1000, but prevent neighbour relationships being formed over interfaces f1/0 and f2/0.
We have three options up our sleeve to achieve this. The first two use passive interfaces, and the third uses route redistribution.
Configure interfaces f1/0 and f2/0 to be passive:
WEST(config)#router eigrp 1000 WEST(config-router)#passive-interface fastEthernet 1/0 WEST(config-router)#passive-interface fastEthernet 2/0
Configure all interfaces to be passive by default, and then explicitly make interface f0/0 active:
Note that at this point WEST’s neighbour relationship with HQ goes down as EIGRP packets are no longer being sent out of any interfaces:
*Mar 1 00:23:52.867: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1000: Neighbor 192.168.1.2 (FastEthernet0/0) is down: interface passive
Then we make f0/0 active and the neighbour relationship comes back:
WEST(config-router)#no passive-interface fastEthernet 0/0 *Mar 1 00:29:12.587: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1000: Neighbor 192.168.1.2 (FastEthernet0/0) is up: new adjacency
To verify options 1 and 2, we could turn on debugging again and observe Hello packets only being sent out of interface f0/0. A nicer way is by using a couple of show commands:
To show all passive interfaces:
WEST#show ip protocols Routing Protocol is "eigrp 1000" Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Default networks flagged in outgoing updates Default networks accepted from incoming updates EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0 EIGRP maximum hopcount 100 EIGRP maximum metric variance 1 Redistributing: eigrp 1000 EIGRP NSF-aware route hold timer is 240s Automatic network summarization is not in effect Maximum path: 4 Routing for Networks: 10.1.1.0/24 10.1.2.0/24 192.168.1.0/30 Passive Interface(s): FastEthernet1/0 FastEthernet2/0 VoIP-Null0 Routing Information Sources: Gateway Distance Last Update Distance: internal 90 external 170
To show only active interfaces:
WEST#show ip eigrp interfaces IP-EIGRP interfaces for process 1000 Xmit Queue Mean Pacing Time Multicast Pending Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes Fa0/0 0 0/0 0 0/1 0 0
Instead of using a network statement to advertise the networks connected to f1/0 and f2/0, redistribute these connected networks into EIGRP:
WEST#sh run | s router router eigrp 1000 redistribute connected network 192.168.1.0 0.0.0.3 no auto-summary
Although our objective is achieved with all three options, there is a subtle difference with option 3 that we should be aware of. When directly connected routes are redistributed into EIGRP they are advertised as external routes (admin distance 170) instead of internal routes (admin distance 90), even though they are within the same AS:
EAST#show ip route eigrp 10.0.0.0/24 is subnetted, 2 subnets D EX 10.1.2.0 [170/33280] via 192.168.1.5, 00:03:18, FastEthernet0/0 D EX 10.1.1.0 [170/33280] via 192.168.1.5, 00:03:18, FastEthernet0/0 192.168.1.0/30 is subnetted, 2 subnets D 192.168.1.0 [90/30720] via 192.168.1.5, 00:37:24, FastEthernet0/0
I hope this has been a useful explanation. Thanks for reading, and good luck with your CCNP studies!
Follow Rich on Twitter