Here is the information below.  Routing is working. There is an SVI for the VLAN and the ports are members of that VLAN.

interface Vlan201

ip address 172.16.201.1 255.255.255.0

interface TenGigabitEthernet1/1

switchport access vlan 201

switchport mode access

speed nonegotiate

spanning-tree portfast

interface TenGigabitEthernet1/31

switchport access vlan 201

switchport mode access

spanning-tree portfast

Here is the interface on the ASR router that is connected to Te1/1.  That would be the LAN interface.  EIGRP is working correctly on this router for the WAN interface.  I have also included the EIGRP config for the router.

interface GigabitEthernet0/0/3

ip address 172.16.201.4 255.255.255.0

negotiation auto

cdp enable

router eigrp 100

distribute-list eigrp-redist-in in GigabitEthernet0/0/3

network 172.16.201.4 0.0.0.0

network 192.168.100.4 0.0.0.0

redistribute static route-map redist-static

ip access-list standard eigrp-redist-in

deny   172.16.201.0 0.0.0.255

deny   172.16.212.0 0.0.0.255

permit any

ip access-list standard eigrp-redist-static

permit 172.16.212.0 0.0.0.255

route-map redist-static permit 10

match ip address eigrp-redist-static

also please enable eigrp 100 on switch interfaces

TenGigabitEthernet1/1 and

TenGigabitEthernet1/31

So you have to enable eigrp on each interface as well?  I thought the no passive-interface TenGigabitEthernet1/1 took care of that. 

Wouldn't that enable eigrp on all interfaces that belong to vlan 201?  We were trying to disable it on all interfaces except the onces connected to the two routers so that other access interfaces in 201 do not send out eigrp packets that do not have eigrp enabled devices on them.

Yes, it would enable EIGRP on all interfaces on VLAN 201 because hellos are multicast.  If you want the EIGRP only on the two specific interfaces, you will have to make them layer-3 links ("no switchport") and give them individual IP addresses and subnets.

With your current architecture, you effectively have three routers on the segment: the 4500 SVI and the two "real" routers.  As it is, the two switchports where your routers are connected are layer-2, so they know nothing of EIGRP.  They just repeat whatever is on the VLAN (at least as far as multicasts are concerned)..

I suppose you could configure static EIGRP neighbors instead, and rely on your layer-2 to restrict the EIGRP to those two ports.

Why do you need to restrict the EIGRP to those ports only?

VLAN 201 is the access vlan at that location.  So all ports on the 4500X are members of VLAN 201.  We were just trying to keep uneeded eigrp traffic off the ports that are going to end host devices.

As a way around it could we issue the no switchport command on the uplink ports and give them an ip address within the 172.16.201.0/24 network making the L3?  Would using the no passive-interface TenGigabitEthernet1/1 command work then?  May be over thinking this

In that case, if I were you, I would treat the links to the routers as layer-3 point-to-point links.  Put "no switchport" on each one, and give each link a /30 subnet completely seperate from the address you are using on Vlan201, configuring the router interfaces to use the other address in each /30.

Then you can have "no passive-interface" for the two layer-3 links, and "passive interface" for Vlan201 so that it gets advertised through the EIGRP whilst not sending any hellos on it..