Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1162
Views
0
Helpful
6
Replies

EIGRP. Tear down EIGRP to specific neighbor

hy3rid
Level 1
Level 1

‎08-05-2019 12:40 PM

Have a full mesh layer 2 VPLS thorugh a carrier. All remote sites have a connection back to each of our datacenter. For troubleshooting purposes, i need to tear down neighbor relationship to our primary datacenter from 1 of our sites. Each remote site has a single uplink to the carrier. So passive interface is not an option. Static neighbors is not an option. I dont want to make any delay or bandwidth changes to the datacenter side because of the impact on other remote sites I know i could always use static routes but I wanted to see if i could avoid that Attached is a very basic lab version of what i'm trying to do. Basically want to block R1 and R3 from becoming neighbors
Labels:
Preview file
22 KB
0 Helpful
6 Replies 6

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎08-05-2019 12:51 PM

Hello hy3rid,

 

if R1 in your network diagram represents a spoke site and R2,R3 the datacenter site.

I suppose R3 IP address on VPLS is 10.10.10.3

on R1 you can use an inbound extended ACL.

access-list 110 remark deny EIGRP neighbor R3 10.10.10.3

access-list 110 deny eigrp host 10.10.10.3 any

access-list 110 permit ip any any

 

int e1/0

ip access-group 110 in

 

After hold time expires R3 disappears from the list of EIGRP neighbors on R1.

R1 and R3 are not EIGRP neighbors anymore. R3 can listen to R1 EIGRP hellos but they are not going to build a neighborship.

 

Hope to help

Giuseppe

 

0 Helpful

hy3rid
Level 1
Level 1
In response to Giuseppe Larosa

‎08-05-2019 01:17 PM

Giuseppe, Yes. R1 is the spoke. R2 and R3 is the datacenters. I've tried that but was concerned because of the neighbor flapping on the Datacenter side ************************************ R3# *Aug 5 15:59:29.643: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 10.10.1.1 (Ethernet1/0) is down: Interface PEER-TERMINATION received R3# *Aug 5 15:59:33.947: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 10.10.1.1 (Ethernet1/0) is up: new adjacency R3# *Aug 5 16:00:50.995: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 10.10.1.1 (Ethernet1/0) is down: Peer Termination received R3# *Aug 5 16:00:55.967: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 10.10.1.1 (Ethernet1/0) is up: new adjacency R3# *Aug 5 16:02:15.487: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 10.10.1.1 (Ethernet1/0) is down: retry limit exceeded R3# R3# *Aug 5 16:02:20.131: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 10.10.1.1 (Ethernet1/0) is up: new adjacency ************************************************* Is there a way to use a distribute-list outbound of R1 to deny all routes to R3?
0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to hy3rid

‎08-05-2019 01:42 PM

I believe that this is the expected behavior. At the spoke you have denied EIGRP from the datacenter. But the spoke is still sending EIGRP hello packets to the data center. So the data center receives an EIGRP hello from the spoke and brings up a neighbor, but it receives no responses to its hello packets and then tears down the neighbor relationship. Then the datacenter receives another hello message and the cycle starts over again.

 

I do not believe that you should be concerned about these messages. Theses messages are admittedly unusual. But they are the response to something unusual that you have configured. 

 

HTH

 

Rick

HTH

Rick
0 Helpful

hy3rid
Level 1
Level 1
In response to Richard Burts

‎08-05-2019 01:46 PM

Sorry about the formatting. Not sure whats going on. 

 

Unfortunately we already have eigrp authentication turned on. Also i dont want to impact the other spoke sites by changing that.

 

Trying to figure out a way to use a distribute-list on R1 to filter the routes outbound. As it would have the same effect.

0 Helpful

Georg Pauwen
VIP
VIP

‎08-05-2019 01:38 PM

Hello,

 

I guess you could also work with EIGRP authentication: if you configure the below on all interface except E1/0 on R3, R1 and R3 will not become neighbors:

 

R1(config)#key chain key-chain-name
R1(config)#key number
R1(config)#key-string key-string
R1(config)# int E1/0
R1(config-if)# ip authentication mode eigrp 1 md5
R1(config-if)# ip authentication key-chain eigrp 1 key_chain_name

0 Helpful

paul driver
VIP
VIP

‎08-05-2019 02:51 PM - edited ‎08-05-2019 02:53 PM

Hello

You also could use a distribute -list it wont negate forming a peering but it should negate all advertising routes from the eigrp rtr.


example:
access-list 110 deny ip host (advertising eigrp rtr) host 0.0.0.0 
access-list 110 permit ip any any

 

router eigrp xxx
distribute-list 100 in e1/0


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents