The optional allow-list keyword, available in the remote-neighbors command, enables you to use an
access list (access control list) to specify the remote IP addresses from which EIGRP neighbor connections
may be accepted. If you do not use the allow-list keyword, then all IP addresses (permit any) will be
accepted. The access control list (ACL) defines a range of IPv4 or IPv6 IP addresses with the following
conditions:
•
Any neighbor that has a source IP address that matches an IP address in the access list will be
allowed (or denied) based on the user configuration.
•
If the allow-list keyword is not specified, any IP address will be permitted (permit any).
•
The allow-list keyword is supported only for remote multicast-group and unicast-listen neighbors.
It is not available for static, remote static, or local neighbors.
•
Incoming EIGRP packets that do not match the specified access list will be rejected.
•
Maximum Remote Neighbors
The optional max-neighbors keyword, available in the remote-neighbors command, enables you to
specify a maximum number of remote neighbors that EIGRP can create using the remote neighbor
configurations. When the maximum number of remote neighbors has been created for a configuration,
EIGRP rejects all subsequent connection attempts for that configuration. This option helps to protect
against denial-of-service attacks that attempt to create many remote neighbors in an attempt to overwhelm
device resources. The max-neighbors configuration option has the following conditions:
•
This option is supported only for remote multicast-group or unicast-listen neighbors. It is not
available for local, static, or remote static neighbors.
•
There is no default maximum. If you do not specify a maximum number of remote neighbors, the
number of remote neighbors is limited only by available memory and bandwidth.
•
Reducing the maximum number of remote neighbors to less than the current number of sessions
will result in the neighbors (in no specific order) being dropped until the count reaches the new
limit.
•
Configuration Changes for the Neighbor Filter List and Maximum Number of Remote Neighbors
When the allow-list or max-neighbors configurations are changed, any existing remote EIGRP sessions
that are no longer allowed by the new configuration will be removed automatically and immediately.
Pre-existing neighbors that are still allowed by the new configuration will not be affected.
Understanding Neighbor Terms
The following terms are used when describing neighbor types:
•
local neighbor: A neighbor that is adjacent on a shared subnet (or common subnet) and uses a link-local
multicast address for packet exchange. This is the default type of neighbor in EIGRP.
•
static Neighbor: Any neighbor that uses unicast to communicate, is one hop away, is on a common
subnet, and whose IP address has been specified using the neighbor ip-address command.
•
remote neighbor: Any neighbor that is multiple hops away, including Remote Static Neighbors.
•
remote group: Any neighbor that is multiple hops away, does not have its address manually configured
with the neighbor command and uses the multicast group address for packet exchange.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 5.3.x
333
Implementing EIGRP
Configuring unicast neighbors
To Next Page
Loading...
Need help?
General
