Re: lesson from failure

From: Thomwin Chen (thomwin_chen@yahoo.com)
Date: Mon Jul 25 2005 - 03:26:03 GMT-3

• Next message: Shanky: "Re: switchport voice vlan dot1p"
• Previous message: toonsh dosh: "switchport voice vlan dot1p"
• Maybe in reply to: Dillon Yang: "lesson from failure"
• Next in thread: Matt Mullen: "Re: lesson from failure"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

sorry, i missed understand your mail. :)
 
but for your number 2, it will be very rare to use passive-interface to prevent update to specific interface.
once you use passive-interface, eigrp and ospf (which rely on hello) will not make adjacency to any neighbor on that interface. (the router won't also get any route from that interface).
but for RIP, updates heard from that interface still continue to be received and processed.
I prefer to use distribute-list for your number 2.

Dillon Yang <dillony@gmail.com> wrote:
1. If ACL, use numerical ACL as possible.
2. If you want to prevent advertising update, use passive-interface as possible.
3. Do map FR interface to ping itself even if you are instructed with "you do not need".
4. DO NOT use "isdn test" command that has no assurance the L3 connectivity and waste my half hour.
5. DO config ISDN part at the last step or the 4-point section will reduce your 10 points or more.

Hi, Thomwin:

Yes, the class B address will cause RIP advertise on all the interface, so you need "passive-interface" to restrict the advertising.

HTH
dillon

----- Original Message -----
From: "Thomwin Chen"
To: "Dillon Yang" ; "Group Study"
Sent: Monday, July 25, 2005 10:01 AM
Subject: Re: lesson from failure

> if you are using RIP,
> let's say you have :
> fa0/0 : 172.16.1.1/24
> fa0/1 : 172.16.2.1/24
>
> passive-interface fa0/1 won't make RIP stop advertising 172.16.2.0/24, you should explicitly filter it. (RIP use network 172.16.0.0 statement)
>
> but if you are using eigrp & ospf the network statement is more granular, so you can control more specific what eigrp will advertise and enable. (network 172.16.1.1 0.0.0.0)
>
> Dillon Yang wrote:
> 1. If ACL, use numerical ACL as possible.
> 2. If advertise update, use passive-interface as possible.
>
> HTH
> dillon
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com

• Next message: Shanky: "Re: switchport voice vlan dot1p"
• Previous message: toonsh dosh: "switchport voice vlan dot1p"
• Maybe in reply to: Dillon Yang: "lesson from failure"
• Next in thread: Matt Mullen: "Re: lesson from failure"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:00:31 GMT-3