02-25-2012 07:41 PM - edited 03-04-2019 03:26 PM
Hi community,
Does OSPF work between a VSS L3 MEC & an ASA Redundant Interface ?
Physical Connections -
6509(Active) Port Gi 1/1/10 ------RJ-45------ Port Gi0/2 ASA 5520 v8.3.1
6509(Standby) Port Gi 2/1/10 ------RJ-45------ Port Gi0/3 ASA 5520 v8.3.1
Both 6509 are in VSS and a L3 MEC is formed to the ASA
Both ASA ports are a part of a L3 Redundant Interface. Please note there is only a single ASA in this topology.
Config -
On VSS
interface Port-channel 20
description **** MEC to ASA ****
no switchport
ip address 192.168.10.1 255.255.255.0
no ip redirects
no ip unreachables
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 cisco
<Both ports Gi1/1/10 & Gi2/1/10 are a member of this MEC>
router ospf 10
router-id 192.168.10.1
log-adjacency-changes
redistribute connected subnets
redistribute static subnets
passive-interface default
no passive-interface Port-channel 10
network 192.168.10.0 0.0.0.255 area 0
On ASA
interface Redundant 2
description **** To VSS ****
member-interface GigabitEthernet0/2
member-interface GigabitEthernet0/3
nameif routing
security-level 100
ip address 192.168.10.2 255.255.255.0
ospf message-digest-key 1 md5 cisco
ospf authentication message-digest
router ospf 10
router-id 192.168.10.2
network 192.168.10.0 255.255.255.0 area 0
log-adj-changes
redistribute connected subnets
redistribute static subnets
default-information originate always
Problem -
Now, the OSPF neighboring does occur and go into the FULL state on this device, however soon enough, the state enters INIT/DROTHER state.
But as soon as I disconnect the physical connection 6509(Standby) Port Gi 2/1/10 ------DISCONNECTED------ Port Gi0/3 ASA
The OSPF adjacency goes into FULL mode.
Any suggestions on where am I going wrong ?
(there are no duplex or speed or cable issues)
Thanks
Vivek
02-26-2012 09:30 AM
Hi,
Are you using LACP on both sides of the Etherchannel?
It is definatly supported.
see figure-6-1 in this link:
HTH
02-26-2012 02:02 PM
Thanks for replying Reza.
I used the ON mode to create the etherchannel on the VSS and since the ASA that I'm working on has the 8.3.1 software on it, etherchannel is not an available feature.
Etherchannel on ASAs was introduced in 8.4+ versions hence using Redundant interface.
Hence my original question ?
02-26-2012 02:28 PM
Hi Vivek,
Now, I am wondering if an upgrade to 8.4+ using LACP would resolve the issue. Not entirely sure, but I believe the 6500s only understand Etherchannel, and since you are using redundant interfaces, they may not recognize it.
Thanks,
Reza
02-26-2012 03:48 PM
Unfortunately, the ASA is not on a contract so upgrade is not possible.
Are you able to provide any documentation to back up your theory ?
And I don't think there is any issue between VSS MEC and ASA Redundant interfaces, however OSPF protocol seems to have one.
I'm just not able to pin-point to the cause of this issue.
02-27-2012 05:43 PM
Anyone ???
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide