[c-nsp] EIGRP HSRP Successors
Gert Doering
gert at greenie.muc.de
Mon Jul 25 04:02:58 EDT 2011
Hi,
On Sun, Jul 24, 2011 at 04:06:03PM -0500, Dan Letkeman wrote:
> I'm working on a test configuration for hsrp between two switches
> where i'm running eigrp, and I'm wondering if its best practice to
> leave the added successors in the route list?
We usually run HSRP/VRRP on "customer-facing" interfaces, and consequently,
running EIGRP there is a complete no-go for us. No benefit, and interesting
attack vectors...
So we run all interfaces with "passive-interface default", and selectively
enable EIGRP on backbone interfaces (which do not have HSRP/VRRP anyway).
For different topologies, of course YMMV.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 305 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20110725/546ce70b/attachment.pgp>
More information about the cisco-nsp
mailing list