Enabling And Configuring Eigrp Routing - Cisco PIX 500 Series Configuration Manual

Configuring EIGRP
The hello packets are sent out as multicast messages. No response is expected to a hello message. The
exception to this is for statically defined neighbors. If you use the neighbor command to configure a
neighbor, the hello messages sent to that neighbor are sent as unicast messages. Routing updates and
acknowledgements are sent out as unicast messages.
Once this neighbor relationship is established, routing updates are not exchanged unless there is a change
in the network topology. The neighbor relationship is maintained through the hello packets. Each hello
packet received from a neighbor contains a hold time. This is the time in which the security appliance
can expect to receive a hello packet from that neighbor. If the security appliance does not receive a hello
packet from that neighbor within the hold time advertised by that neighbor, the security appliance
considers that neighbor to be unavailable.
The EIGRP uses an algorithm called DUAL for route computations. DUAL saves all routes to a
destination in the topology table, not just the least-cost route. The least-cost route is inserted into the
routing table. The other routes remain in the topology table. If the main route fails, another route is
chosen from the feasible successors. A successor is a neighboring router used for packet forwarding that
has a least-cost path to a destination. The feasibility calculation guarantees that the path is not part of a
routing loop.
If a feasible successor is not found in the topology table, a route recomputation must occur. During route
recomputation, DUAL queries the EIGRP neighbors for a route, who in turn query their neighbors.
Routers that do no have a feasible successor for the route return an unreachable message.
During route recomputation, DUAL marks the route as active. By default, the security appliance waits
for three minutes to receive a response from its neighbors. If the security appliance does not receive a
response from a neighbor, the route is marked as stuck-in-active. All routes in the topology table that
point to the unresponsive neighbor as a feasibility successor are removed.

Enabling and Configuring EIGRP Routing

You can only enable one EIGRP routing process on the security appliance.
To enable and configure EIGRP routing, perform the following tasks:
Step 1 Create the EIGRP routing process and enter router configuration mode for that process by entering the
following command:
hostname(config)# router eigrp as-num
The as-num argument is the autonomous system number of the EIGRP routing process.
To configure the interfaces and networks that participate in EIGRP routing, configure one or more
Step 2
network statements by entering the following command:
hostname(config-router)# network ip-addr [ mask ]
Directly-connected and static networks that fall within the defined network are advertised by the security
appliance. Additionally, only interfaces with an IP address that fall within the defined network
participate in the EIGRP routing process.
If you have an interface that you do not want to participate in EIGRP routing, but that is attached to a
network that you want advertised, configure a network command that covers the network the interface
is attached to, and use the passive-interface command to prevent that interface from sending or
receiving EIGRP updates.
(Optional) To prevent an interface from sending or receiving EIGRP routing message, enter the
Step 3
following command:
Cisco Security Appliance Command Line Configuration Guide
9-24
Chapter 9 Configuring IP Routing
OL-12172-03