Hi
I have 5516-X ASA version 9.8(2) on one side and a 9300-NM-4G IOS XE version 16.8.1r [FC4] switch on the other side.
My configuration is as simple as (I just copied the relevant part of it):
On the 9300 switch:
ip routing
vtp mode transparent
!
spanning-tree mode pvst
spanning-tree portfast bpdufilter default
spanning-tree extend system-id
!
vlan 100
!
interface GigabitEthernet1/0/2
description === Connection to Firewall
switchport access vlan 100
!
interface Vlan100
description ===INTERNAL VLAN===
ip address 10.255.4.1 255.255.255.128
!
router ospf 1
router-id 10.255.4.1
redistribute connected subnets
redistribute static subnets
network 10.255.4.0 0.0.1.255 area 10.255.4.0
!
On 5516-X ASA
interface GigabitEthernet1/2
nameif INSIDE_LAN
security-level 100
ip address 10.255.4.9 255.255.255.128
!
router ospf 1
router-id 10.255.4.9
network 10.255.4.0 255.255.255.128 area 10.255.4.0
area 10.255.4.0
log-adj-changes
!
The problem is the they never peer with one another in OSPF
"show ip ospf interface" on the switch side gives:
Vlan100 is up, line protocol is up
Internet Address 10.255.4.1/25, Interface ID 77, Area 10.255.4.0
Attached via Network Statement
Process ID 1, Router ID 10.255.4.1, Network Type BROADCAST, Cost: 1
Topology-MTID Cost Disabled Shutdown Topology Name
0 1 no no Base
Transmit Delay is 1 sec, State DR, Priority 1
Designated Router (ID) 10.255.4.1, Interface address 10.255.4.1
No backup designated router on this network
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Hello due in 00:00:00
Supports Link-local Signaling (LLS)
Cisco NSF helper support enabled
IETF NSF helper support enabled
Can be protected by per-prefix Loop-Free FastReroute
Can be used for per-prefix Loop-Free FastReroute repair paths
Not Protected by per-prefix TI-LFA
Index 1/1/1, flood queue length 0
Next 0x0(0)/0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 1, Adjacent neighbor count is 0
Suppress hello for 0 neighbor(s)On the ASA side:
show ospf interface
INSIDE_LAN is up, line protocol is up
Internet Address 10.255.4.9 mask 255.255.255.128, Area 10.255.4.0
Process ID 1, Router ID 10.255.4.9, Network Type BROADCAST, Cost: 10
Transmit Delay is 1 sec, State DR, Priority 1
Designated Router (ID) 10.255.4.9, Interface address 10.255.4.9
No backup designated router on this network
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Hello due in 0:00:08
Supports Link-local Signaling (LLS)
Cisco NSF helper support enabled
IETF NSF helper support enabled
Index 1/1, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 0, maximum is 0
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 0, Adjacent neighbor count is 0
Suppress hello for 0 neighbor(s)Then "show ip ospf neighbor" on the switch side:
Neighbor ID Pri State Dead Time Address Interface
10.255.4.9 1 INIT/DROTHER 00:00:39 10.255.104.9 Vlan100
"show ospf neighbor" on the ASA:
(empty answer)
When I run a "debug ip ospf hello" in the 9300 side I get:
OSPF-1 HELLO Vl100: Send hello to 224.0.0.5 area 10.255.4.0 from 10.255.4.1
OSPF-1 HELLO Vl100: Rcv hello from 10.255.4.9 area 10.255.4.0 10.255.4.9
OSPF-1 HELLO Vl100: No more immediate hello for nbr 10.255.4.9, which has been sent on this intf 2 times
And on the 5516-X I get:
OSPF: Send hello to 224.0.0.5 area 10.255.4.0 on INSIDE_LAN from 10.255.4.9
OSPF: Send hello to 224.0.0.5 area 10.255.4.0 on INSIDE_LAN from 10.255.4.9
Now for the funniest thing (or not....) :
If I try the same between the 9300 and an old 5510 ASA, or between the the 5516-X and a Catalyst 3560 EVERYTHING works fine !!!!
My question is:
Has anyone had this problem with this machines ?
Did someone found a workaround for this ?
Is it a question of the firmware versions ?
Would really appreciate some help !!
Thank you all
