Introduction
You can use the passive-interface command in order to control the advertisement of routing information. The command enables the suppression of routing updates over some interfaces while it allows updates to be exchanged normally over other interfaces.
With most routing protocols, the passive-interface command restricts outgoing advertisements only. But, when used with Enhanced Interior Gateway Routing Protocol, the effect is slightly different. This document demonstrates that use of the passive-interfacecommand in EIGRP suppresses the exchange of hello packets between two routers, which results in the loss of their neighbor relationship. This stops not only routing updates from being advertised, but it also suppresses incoming routing updates. This document also discusses the configuration required in order to allow the suppression of outgoing routing updates, while it also allows incoming routing updates to be learned normally from the neighbor.
EIGRP MD5 Authentication
By default, no authentication is used for EIGRP packets. You can configure it to use MD5 authentication.
When EIGRP neighbor authentication has been configured on a router, the router authenticates the source of each routing update packet that it receives. The MD5 keyed digest in each of its packet prevents the introduction of unauthorized or false routing messages from unapproved sources.
EIGRP Theory of Operation
Some of the many advantages of EIGRP are:
- very low usage of network resources during normal operation; only hello packets are transmitted on a stable network
- when a change occurs, only routing table changes are propagated, not the entire routing table; this reduces the load the routing protocol itself places on the network
- rapid convergence times for changes in the network topology (in some situations convergence can be almost instantaneous)
EIGRP is an enhanced distance vector protocol, relying on the Diffused Update Algorithm (DUAL) to calculate the shortest path to a destination within a network