Guidelines and Limitations of EIGRP Routing

Firewall Mode Guidelines

Supported on routed firewall mode only.

Device Guidelines

  • Only one EIGRP process is allowed per device.

  • EIGRP can be configured through management center UI on threat defense 6.6 and higher versions.

Interface Guidelines

  • Only routed interfaces with logical names and with an IP address can be associated with an EIGRP routing process.

  • Only interfaces belonging to the global virtual router can be part of EIGRP. EIGRP can learn, filter, and redistribute routes across routing protocols in global virtual router.

  • Supports physical, EtherChannel, redundant, subinterfaces only. However, the members of EtherChannel interfaces are not supported.

  • BVI and VNI cannot be part of EIGRP.

  • A passive interface cannot be configured as a neighbor interface.

IP Address and Network Objects Support

  • Only IPv4 address is supported.

  • Range, FQDN, and wildcard mask are not supported.

  • Only Standard access list objects are supported.

Redistribution Guidelines

  • BGP, OSPF, and RIP in the global virtual router can redistribute to EIGRP.

  • EIGRP can redistribute to BGP, OSPF, RIP, Static, and Connected in the global virtual router.

  • When EIGRP is configured on a device that is a part of OSPF network or vice versa, ensure that OSPF-router is configured to tag the route (EIGRP does not support route tag).

    When redistributing EIGRP into OSPF and OSPF into EIGRP, a routing loop occurs when there is an outage on one of the links, interfaces, or even when the route originator is down. To prevent the redistribution of routes from one domain back into the same domain, a router can tag a route that belongs to a domain while it is redistributing, and those routes can be filtered on the remote router based on the same tag. Because the routes will not be installed into the routing table, they will not be redistributed back into the same domain.

Deployment Process Guidelines

When you want to change the existing AS number of a deployed EIGRP configuration, you must disable the EIGRP and deploy it. This step will clear the deployed EIGRP configuration on the threat defense. Next, recreate the EIGRP configurations with a new AS number and then deploy it. Thus, this process prevents any deployment failures owing to the same EIGRP configuration being deployed on the threat defense.

Upgrade Guidelines

When you upgrade to version 7.2 and later when the previous version has any FlexConfig EIGRP policies, the management center displays a warning message during deployment. However, it does not stop the deployment process. However, after deployment, to manage the EIGRP policies from the UI ( Device (Edit) > Routing > EIGRP), you must redo the configuration in the Device (Edit) > Routing > EIGRP page and remove the configuration from FlexConfig. To automate creation of the policies in the UI, management center provides an option to migrate the policies from FlexConfig to the UI. For more details, see Migrating FlexConfig Policies.