cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Who Me Too'd this topic

Beginner

No OSPF peering between a Catalyst 9300 and an ASA 5516-X

Hi

I have 5516-X ASA version 9.8(2) on one side and a 9300-NM-4G IOS XE version 16.8.1r [FC4] switch on the other side.

My configuration is as simple as (I just copied the relevant part of it):

On the 9300 switch:

ip routing
vtp mode transparent
!
spanning-tree mode pvst
spanning-tree portfast bpdufilter default
spanning-tree extend system-id
!
vlan 100
!
interface GigabitEthernet1/0/2
 description === Connection to Firewall
 switchport access vlan 100
!
interface Vlan100
 description ===INTERNAL VLAN===
 ip address 10.255.4.1 255.255.255.128
!
router ospf 1
 router-id 10.255.4.1
 redistribute connected subnets
 redistribute static subnets
 network 10.255.4.0 0.0.1.255 area 10.255.4.0
!

On 5516-X ASA

interface GigabitEthernet1/2
 nameif INSIDE_LAN
 security-level 100
 ip address 10.255.4.9 255.255.255.128 
!
router ospf 1
 router-id 10.255.4.9
 network 10.255.4.0 255.255.255.128 area 10.255.4.0
 area 10.255.4.0
 log-adj-changes
!

The problem is the they never peer with one another in OSPF

"show ip ospf interface" on the switch side gives:

Vlan100 is up, line protocol is up
  Internet Address 10.255.4.1/25, Interface ID 77, Area 10.255.4.0
  Attached via Network Statement
  Process ID 1, Router ID 10.255.4.1, Network Type BROADCAST, Cost: 1
  Topology-MTID    Cost    Disabled    Shutdown      Topology Name
        0           1         no          no            Base
  Transmit Delay is 1 sec, State DR, Priority 1
  Designated Router (ID) 10.255.4.1, Interface address 10.255.4.1
  No backup designated router on this network
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    oob-resync timeout 40
    Hello due in 00:00:00
  Supports Link-local Signaling (LLS)
  Cisco NSF helper support enabled
  IETF NSF helper support enabled
  Can be protected by per-prefix Loop-Free FastReroute
  Can be used for per-prefix Loop-Free FastReroute repair paths
  Not Protected by per-prefix TI-LFA
  Index 1/1/1, flood queue length 0
  Next 0x0(0)/0x0(0)/0x0(0)
  Last flood scan length is 1, maximum is 1
  Last flood scan time is 0 msec, maximum is 0 msec
  Neighbor Count is 1, Adjacent neighbor count is 0
  Suppress hello for 0 neighbor(s)

On the ASA side:

show ospf interface

INSIDE_LAN is up, line protocol is up
  Internet Address 10.255.4.9 mask 255.255.255.128, Area 10.255.4.0
  Process ID 1, Router ID 10.255.4.9, Network Type BROADCAST, Cost: 10
  Transmit Delay is 1 sec, State DR, Priority 1
  Designated Router (ID) 10.255.4.9, Interface address 10.255.4.9
  No backup designated router on this network
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    oob-resync timeout 40
    Hello due in 0:00:08
  Supports Link-local Signaling (LLS)
  Cisco NSF helper support enabled
  IETF NSF helper support enabled
  Index 1/1, flood queue length 0
  Next 0x0(0)/0x0(0)
  Last flood scan length is 0, maximum is 0
  Last flood scan time is 0 msec, maximum is 0 msec
  Neighbor Count is 0, Adjacent neighbor count is 0
  Suppress hello for 0 neighbor(s)

Then "show ip ospf neighbor" on the switch side:

Neighbor ID     Pri   State           Dead Time   Address         Interface
10.255.4.9      1   INIT/DROTHER    00:00:39    10.255.104.9    Vlan100

"show ospf neighbor" on the ASA:

(empty answer)

When I run a "debug ip ospf hello" in the 9300 side I get:

OSPF-1 HELLO Vl100: Send hello to 224.0.0.5 area 10.255.4.0 from 10.255.4.1
OSPF-1 HELLO Vl100: Rcv hello from 10.255.4.9 area 10.255.4.0 10.255.4.9
OSPF-1 HELLO Vl100:  No more immediate hello for nbr 10.255.4.9, which has been sent on this intf 2 times

And on the 5516-X I get:

OSPF: Send hello to 224.0.0.5 area 10.255.4.0 on INSIDE_LAN from 10.255.4.9
OSPF: Send hello to 224.0.0.5 area 10.255.4.0 on INSIDE_LAN from 10.255.4.9

 

Now for the funniest thing (or not....) :
If I try the same between the 9300 and an old 5510 ASA, or between the the 5516-X and a Catalyst 3560 EVERYTHING works fine !!!!

My question is:
Has anyone had this problem with this machines ?
Did someone found a workaround for this ?

Is it a question of the firmware versions ?

Would really appreciate some help !!

 

Thank you all

Everyone's tags (3)
Who Me Too'd this topic