Guidelines and limitations for EIGRP routing

Firewall mode guidelines

Use routed firewall mode only for EIGRP routing.

Device guidelines

Configure only one EIGRP process per device.

  • EIGRP can be configured through management center UI on Firewall Threat Defense version 6.6 and later.

Interface guidelines

Use only routed interfaces with logical names and IP addresses for EIGRP routing processes.

  • EIGRP can only incorporate interfaces from the global virtual router. EIGRP can learn, filter, and redistribute routes across routing protocols in global virtual router.

  • Supports physical, EtherChannel, redundant, and subinterfaces only. However, the members of EtherChannel interfaces are not supported.

  • Passive interfaces cannot be configured as a neighbor interface.

IP address and network objects support

Use only IPv4 addresses and standard access list objects for EIGRP configuration.

  • Range, FQDN, and wildcard mask are not supported.

Redistribution guidelines

Configure route tagging to prevent routing loops when redistributing between EIGRP and OSPF.

  • BGP, OSPF, and RIP in the global virtual router can redistribute routes toward EIGRP.

  • EIGRP can redistribute to BGP, OSPF, RIP, Static, and Connected in the global virtual router.

  • When EIGRP is configured on a device that is a part of OSPF network or vice versa, ensure that OSPF router is configured to tag the route (EIGRP does not support route tag).

    When redistributing EIGRP into OSPF and OSPF into EIGRP, a routing loop occurs when there is an outage on one of the links, interfaces, or even when the route originator is down. To prevent the redistribution of routes from one domain back into the same domain, a router can tag a route that belongs to a domain while it is redistributing, and those routes can be filtered on the remote router based on the same tag. Because the routes will not be installed into the routing table, they will not be redistributed back into the same domain.

Deployment process guidelines

Disable and redeploy EIGRP when changing the AS number to prevent deployment failures.

To effectively change the AS number of an existing EIGRP setup, you should disable and redeploy EIGRP configurations to avoid repeated deployments and ensure error-free deployment processes.

Upgrade guidelines

Migrate FlexConfig EIGRP policies to UI management after upgrading to version 7.2 and later.

When you upgrade to version 7.2 and later, and if the previous version includes any FlexConfig EIGRP policies, the management center displays a warning message during deployment. It does not stop the deployment process; a warning message is displayed. After deployment, to manage the EIGRP policies from the UI (Devices > Device Management, click the Edit (edit icon) icon. Then, click Routing>EIGRP), you must redo the configuration in the EIGRP page and remove the configuration from FlexConfig. To automate policy creation in the UI, Cloud-Delivered Firewall Management Center provides an option to migrate the policies from FlexConfig to the UI. For more information, refer to Migrating FlexConfig policies.