Then it's not possible by any regular feature to disable hello's. It's not really a risk since when making it passive it will never form a neighbor on that segment and there is not really much information in the hello's that could be a security risk.
If you really want to disable it a redistribute connected with a route- map to specify the interfaces would work or an access-list outgoing on the interface with a 'deny eigrp any any'. -- Regards, Rick Mur CCIE2 #21946 (R&S / Service Provider) Juniper JNCIA-ER & JNCIA-EX MCSA:Messaging, MCSE Sr. Support Engineer – IPexpert, Inc. URL: http://www.IPexpert.com On 20 aug 2009, at 18:09, Louis S wrote: > That's what I thought, but after putting on passive-interface on > user facing port and then sniffing on that port, I can still see > EIGRP HELLO's > > --- On Thu, 8/20/09, Rick Mur <[email protected]> wrote: > >> From: Rick Mur <[email protected]> >> Subject: Re: [OSL | CCIE_RS] How to disable EIGRP hellos? >> To: "Louis S" <[email protected]> >> Cc: "osl" <[email protected]> >> Date: Thursday, August 20, 2009, 11:59 AM >> Passive-interface should be enough >> for disabling sending hello's as the hello's are part of the >> neighbor relationship process. If there is no need for >> redistribution I wouldn't do it. Try debug ip packet to see >> on which interfaces EIGRP packets are sent out (packets with >> protocol number 88). >> >> >> --Regards, >> >> Rick Mur >> CCIE2 #21946 (R&S / Service Provider) >> Juniper JNCIA-ER & JNCIA-EX >> MCSA:Messaging, MCSE >> Sr. Support Engineer – IPexpert, Inc. >> URL: http://www.IPexpert.com >> >> On 20 aug 2009, at 17:25, Louis S wrote: >> >>> Hi all, >>> >>> I can't remember there being an option for this but >> wanted to double-check here. >>> >>> If you run Layer3 to the access-layer, is there a way >> to disable EIGRP hello's being sent to user ports? I >> tried passive-interface which will prevent neighbor's from >> forming but can't remember how to disable hello's being >> sent. >>> >>> The only thing I could think would be only enabling >> EIGRP on the uplink ports to the distribution and instead of >> putting user subnet in EIGRP via the network command, >> redistribute connected networks and maybe that will stop >> users from hearing hellos. >>> >>> >>> >>> _______________________________________________ >>> For more information regarding industry leading CCIE >> Lab training, please visit www.ipexpert.com >> >> > > > _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
