Where did you get that? To be sure I took Doyle Vol.1, but I can't find any reference that the IOS version would be in the packet. The only version that's in there is the protocol version, which is always 1. The only usable value you can find in a hello-packet is the AS number that is used.
Aren't you mistaken with CDP about carrying the IOS version? -- Regards, Rick Mur CCIE2 #21946 (R&S / Service Provider) Juniper JNCIA-ER & JNCIA-EX MCSA:Messaging, MCSE Sr. Support Engineer – IPexpert, Inc. URL: http://www.IPexpert.com On 20 aug 2009, at 18:42, Louis S wrote: > I guess the risk here is it contains the IOS code the switch is > running > > --- On Thu, 8/20/09, Rick Mur <[email protected]> wrote: > >> From: Rick Mur <[email protected]> >> Subject: Re: [OSL | CCIE_RS] How to disable EIGRP hellos? >> To: "Louis S" <[email protected]> >> Cc: "osl" <[email protected]> >> Date: Thursday, August 20, 2009, 12:19 PM >> Then it's not possible by any regular >> feature to disable hello's. It's not really a risk since >> when making it passive it will never form a neighbor on that >> segment and there is not really much information in the >> hello's that could be a security risk. >> >> If you really want to disable it a redistribute connected >> with a route-map to specify the interfaces would work or an >> access-list outgoing on the interface with a 'deny eigrp any >> any'. >> >> >> --Regards, >> >> Rick Mur >> CCIE2 #21946 (R&S / Service Provider) >> Juniper JNCIA-ER & JNCIA-EX >> MCSA:Messaging, MCSE >> Sr. Support Engineer – IPexpert, Inc. >> URL: http://www.IPexpert.com >> >> On 20 aug 2009, at 18:09, Louis S wrote: >> >>> That's what I thought, but after putting on >> passive-interface on user facing port and then sniffing on >> that port, I can still see EIGRP HELLO's >>> >>> --- On Thu, 8/20/09, Rick Mur <[email protected]> >> wrote: >>> >>>> From: Rick Mur <[email protected]> >>>> Subject: Re: [OSL | CCIE_RS] How to disable EIGRP >> hellos? >>>> To: "Louis S" <[email protected]> >>>> Cc: "osl" <[email protected]> >>>> Date: Thursday, August 20, 2009, 11:59 AM >>>> Passive-interface should be enough >>>> for disabling sending hello's as the hello's are >> part of the >>>> neighbor relationship process. If there is no need >> for >>>> redistribution I wouldn't do it. Try debug ip >> packet to see >>>> on which interfaces EIGRP packets are sent out >> (packets with >>>> protocol number 88). >>>> >>>> >>>> --Regards, >>>> >>>> Rick Mur >>>> CCIE2 #21946 (R&S / Service Provider) >>>> Juniper JNCIA-ER & JNCIA-EX >>>> MCSA:Messaging, MCSE >>>> Sr. Support Engineer – IPexpert, Inc. >>>> URL: http://www.IPexpert.com >>>> >>>> On 20 aug 2009, at 17:25, Louis S wrote: >>>> >>>>> Hi all, >>>>> >>>>> I can't remember there being an option for >> this but >>>> wanted to double-check here. >>>>> >>>>> If you run Layer3 to the access-layer, is >> there a way >>>> to disable EIGRP hello's being sent to user >> ports? I >>>> tried passive-interface which will prevent >> neighbor's from >>>> forming but can't remember how to disable hello's >> being >>>> sent. >>>>> >>>>> The only thing I could think would be only >> enabling >>>> EIGRP on the uplink ports to the distribution and >> instead of >>>> putting user subnet in EIGRP via the network >> command, >>>> redistribute connected networks and maybe that >> will stop >>>> users from hearing hellos. >>>>> >>>>> >>>>> >>>>> >> _______________________________________________ >>>>> For more information regarding industry >> leading CCIE >>>> Lab training, please visit www.ipexpert.com >>>> >>>> >>> >>> >>> >> >> > > > _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
