cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2032
Views
0
Helpful
5
Replies

OSPF between a VSS L3 MEC & an ASA Redundant Interface

Vivek Bannore
Level 1
Level 1

Hi community,

Does OSPF work between a VSS L3 MEC & an ASA Redundant Interface ?

Physical Connections -

6509(Active)    Port Gi 1/1/10 ------RJ-45------ Port Gi0/2 ASA 5520 v8.3.1

6509(Standby) Port Gi 2/1/10 ------RJ-45------ Port Gi0/3 ASA 5520 v8.3.1

Both 6509 are in VSS and a L3 MEC is formed to the ASA

Both ASA ports are a part of a L3 Redundant Interface. Please note there is only a single ASA in this topology.

Config -

On VSS


interface Port-channel 20

description **** MEC to ASA ****

no switchport

ip address 192.168.10.1 255.255.255.0

no ip redirects

no ip unreachables

ip ospf authentication message-digest

ip ospf message-digest-key 1 md5 cisco

<Both ports Gi1/1/10 & Gi2/1/10 are a member of this MEC>

router ospf 10

router-id 192.168.10.1

log-adjacency-changes

redistribute connected subnets

redistribute static subnets

passive-interface default

no passive-interface Port-channel 10

network 192.168.10.0 0.0.0.255 area 0

On ASA

interface Redundant 2

description **** To VSS ****

member-interface GigabitEthernet0/2

member-interface GigabitEthernet0/3

nameif routing

security-level 100

ip address 192.168.10.2 255.255.255.0

ospf message-digest-key 1 md5 cisco

ospf authentication message-digest

router ospf 10

router-id 192.168.10.2

network 192.168.10.0 255.255.255.0 area 0

log-adj-changes

redistribute connected subnets

redistribute static subnets

default-information originate always

Problem -

Now, the OSPF neighboring does occur and go into the FULL state on this device, however soon enough, the state enters INIT/DROTHER state.

But as soon as I disconnect the physical connection 6509(Standby) Port Gi 2/1/10 ------DISCONNECTED------ Port Gi0/3 ASA

The OSPF adjacency goes into FULL mode.

Any suggestions on where am I going wrong ?

(there are no duplex or speed or cable issues)

Thanks

Vivek

5 Replies 5

Reza Sharifi
Hall of Fame
Hall of Fame

Hi,

Are you using LACP on both sides of the Etherchannel?

It is definatly supported.

see figure-6-1 in this link:

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/interface_start.html#wp1329030

HTH

Thanks for replying Reza.

I used the ON mode to create the etherchannel on the VSS and since the ASA that I'm working on has the 8.3.1 software on it, etherchannel is not an available feature.

Etherchannel on ASAs was introduced in 8.4+ versions hence using Redundant interface.

Hence my original question ?

Hi Vivek,

Now, I am wondering if an upgrade to 8.4+ using LACP would resolve the issue.  Not entirely sure, but I believe the 6500s only understand Etherchannel, and since you are using redundant interfaces, they may not recognize it.

Thanks,

Reza

Unfortunately, the ASA is not on a contract so upgrade is not possible.

Are you able to provide any documentation to back up your theory ?

And I don't think there is any issue between VSS MEC and ASA Redundant interfaces, however OSPF protocol seems to have one.

I'm just not able to pin-point to the cause of this issue.

Anyone ???

Review Cisco Networking for a $25 gift card