miércoles, 30 de octubre de 2013

Mejores practicas configuraciones Cisco - Default EIGRP Passive Interface not configured

Default EIGRP Passive Interface not configured




ExcepciónDefault EIGRP Passive Interface not configured.
CategotiaEIGRP
Tipo OSIOS
RiesgoMedio
DescripciónIn large service provider and Enterprise networks, some distribution-layer routers often have a large number of interfaces, for example, at the WAN edge. A common practice to facilitate the configuration of a routing protocol on such routers is to enable the routing processes on a network range matching several of the interfaces. While this technique facilitates the configuration of the routing protocol, enabling routing indiscriminately on several or all interfaces may increase the chances for the insertion of unauthorized routing peers. Also, unnecessary routing protocol exchanges increase CPU overhead on the router. To prevent these problems, one can set all interfaces as passive by default with the 'passive-interface default' command. This command changes the configuration logic to a default passive; therefore, interfaces where router adjacencies are expected need to be configured with the 'no passive-interface' command. Setting an interface as passive disables the sending of routing updates on that interface; hence, adjacencies will not be formed in Open Shortest Path First (OSPF) or Enhanced Interior Gateway Routing Protocol (EIGRP). However, the particular subnet will continue to be advertised to other interfaces.
Acciones correctivas"Under the 'router eigrp' block of configuration, configure the following. The parameters in front of the 'no passive-interface' command are those interfaces that need to participate in EIGRP and form router adjacencies.

   passive-interface default
   no passive-interface
   no passive-interface
   no passive-interface 

AdvertenciaIn routers that have a small number of interfaces, you can choose to manually set the 'passive-interface' command on the interfaces where adjacency is not desired, instead of using the 'passive-interface default' command. Also, the rule does not apply if all layer 3 interfaces are designed to participate in the EIGRP domain.