08-27-2008 04:54 AM - edited 03-06-2019 01:01 AM
Is this a command that is normally used? I see it on my two core switches but not on the core switches at my other two sites. I understand that it is used for an interface that does not participate in eigrp but its network is advertised. Is this command necessary only behind a ACL/firewall? If no firewall exists can this command be removed? Does this command cut down on the amount traffic on the switches?
Solved! Go to Solution.
08-27-2008 05:06 AM
The command can be used for a number of reasons but on core switches it is usually because you have a lot of vlan interfaces and if you do not make any of them passive then they all form eigrp neighborships between the core switches. So when you do a "sh ip eigrp neigh" you get a huge list with all the vlan interfaces. It also means each vlan interface will be exchanging keepalives etc.
So in order to cut down the neighborships and make it eaiser to troubleshoot often 2 vlans are used to peer and then all other vlan interfaces are made passive.
In this case it has nothing to do with firewalls. You can remove it and nothing disastrous will happen but unless it is causing you problems i would leave as is. Just make sure you are using at least 2 vlans for neighborships in case one of them accidentally gets shutdown.
Jon
08-27-2008 05:05 AM
This command could be used in your network for 2 reasons:-
1) Not advertise a specific network - as it's no required to form a neighbour on that interface.
2) Prevent asymmetric routing loops.
HTH>
08-27-2008 05:06 AM
The command can be used for a number of reasons but on core switches it is usually because you have a lot of vlan interfaces and if you do not make any of them passive then they all form eigrp neighborships between the core switches. So when you do a "sh ip eigrp neigh" you get a huge list with all the vlan interfaces. It also means each vlan interface will be exchanging keepalives etc.
So in order to cut down the neighborships and make it eaiser to troubleshoot often 2 vlans are used to peer and then all other vlan interfaces are made passive.
In this case it has nothing to do with firewalls. You can remove it and nothing disastrous will happen but unless it is causing you problems i would leave as is. Just make sure you are using at least 2 vlans for neighborships in case one of them accidentally gets shutdown.
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide