We have two Catalyst 4500-X L3 switches, one at our primary building and one at our secondary building. We have multiple VLANs setup for each department, servers, etc, with EIGRP routing the different subnets together.
When I run wireshark on any computer or server, I see lots of EIGRP Hello packets coming through, so I wanted to stop that from happening. My search led me to EIGRP passive interfaces.
Server > Port 1 > 4500-X, VLAN Y
Log into switch, Router EIGRP 1, passive-interface TenGigabitEthernet Z, now this should stop the Hello packets, but it doesn't.
Every 5 seconds, Hello packets are still coming through. The only thing I can think of is that the packets are being generated at the VLAN level? The EIGRP packets are coming from the default gateway, which is the IP address assigned to that VLAN/Subnet.
Can I set VLANs as passive interfaces? My assumption would be that as long as the two physical interfaces connected between the two 4500-X's aren't passive, that is all that should matter as far as exchanging EIGRP information. I don't want to break anything between our two core switch/routers.
Try making the SVI for each vlan passive. Make sure not to passive the interface between the 2 switches and the uplinks as you need those for your EIGRP peering.
We have VLANs 300-350 for our network, and VLAN 100 for our network management. VLAN 100 exists between the link from Core A to Core B as well.
If I make all of the VLANs passive interfaces except for VLAN 100, EIGRP should function correctly, and this should prevent any rogue EIGRP routers from being connect, as long as they aren't somehow plugged into an interface that is on VLAN 100?
Correct in what you say.
That is a common setup when running mutiple vlans between two L3 switches ie. use a vlan for peering, vlan 100 in your case, and then make the other passive.