Re: [c-nsp] EIGRP HSRP Successors
Hi, On Sun, Jul 24, 2011 at 04:06:03PM -0500, Dan Letkeman wrote: I'm working on a test configuration for hsrp between two switches where i'm running eigrp, and I'm wondering if its best practice to leave the added successors in the route list? We usually run HSRP/VRRP on customer-facing interfaces, and consequently, running EIGRP there is a complete no-go for us. No benefit, and interesting attack vectors... So we run all interfaces with passive-interface default, and selectively enable EIGRP on backbone interfaces (which do not have HSRP/VRRP anyway). For different topologies, of course YMMV. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgpLmIK8j8dfx.pgp Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] EIGRP HSRP Successors
Hello, I'm working on a test configuration for hsrp between two switches where i'm running eigrp, and I'm wondering if its best practice to leave the added successors in the route list? For example, after I made vlan 501 into an hsrp enabled vlan between the two switches it added itself as an equal path route to the original one on vlan 4001. P 10.11.56.0/24, 2 successors, FD is 3840 via 10.5.8.2 (3840/3584), Vlan501 via 10.100.4.1 (3840/3584), Vlan4001 P 172.16.8.0/23, 2 successors, FD is 3584 via 10.5.8.2 (3584/3328), Vlan501 via 10.100.200.1 (67840/3328), Vlan2200 P 192.168.72.0/24, 2 successors, FD is 3840 via 10.5.8.2 (3840/3584), Vlan501 via 10.100.4.1 (3840/3584), Vlan4001 P 172.16.42.0/24, 2 successors, FD is 4096 via 10.5.8.2 (4096/3840), Vlan501 via 10.100.4.1 (4096/3840), Vlan4001 If I want to hsrp enable all of the vlan's on the switch so that its completly redundant, I might have up to 10-20 equal paths between the switchesis this ok practice to leave it like this? Or should I be removing the routes somehow? Thanks, Dan. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] EIGRP HSRP Successors
there is no value in forming 20+ eigrp neighbor relationships across the same-L2-trunk. Form one eigrp-neighbor-relationship on an SVI of choice and announce the remaining SVI prefixes from both switches by setting the passive-int vlan x within router eigrp x ./Randy --- On Sun, 7/24/11, Dan Letkeman danletke...@gmail.com wrote: From: Dan Letkeman danletke...@gmail.com Subject: [c-nsp] EIGRP HSRP Successors To: cisco-nsp cisco-nsp@puck.nether.net Date: Sunday, July 24, 2011, 2:06 PM Hello, I'm working on a test configuration for hsrp between two switches where i'm running eigrp, and I'm wondering if its best practice to leave the added successors in the route list? For example, after I made vlan 501 into an hsrp enabled vlan between the two switches it added itself as an equal path route to the original one on vlan 4001. P 10.11.56.0/24, 2 successors, FD is 3840 via 10.5.8.2 (3840/3584), Vlan501 via 10.100.4.1 (3840/3584), Vlan4001 P 172.16.8.0/23, 2 successors, FD is 3584 via 10.5.8.2 (3584/3328), Vlan501 via 10.100.200.1 (67840/3328), Vlan2200 P 192.168.72.0/24, 2 successors, FD is 3840 via 10.5.8.2 (3840/3584), Vlan501 via 10.100.4.1 (3840/3584), Vlan4001 P 172.16.42.0/24, 2 successors, FD is 4096 via 10.5.8.2 (4096/3840), Vlan501 via 10.100.4.1 (4096/3840), Vlan4001 If I want to hsrp enable all of the vlan's on the switch so that its completly redundant, I might have up to 10-20 equal paths between the switchesis this ok practice to leave it like this? Or should I be removing the routes somehow? Thanks, Dan. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
