07-21-2022 01:25 PM - last edited on 08-02-2022 10:41 PM by Translator
Hello all,
I am having a bit of an issue with trying to get an ASA 5525 to form a neighborship with a Nexus 9504. They can see and communicate with each other via layer2 VLAN connection.
Trying to figure out what I am doing wrong. Here is stippets of the interfaces from the Nexus and the ASA.
Nexus
show interface vlan 3
interface Vlan3
description FIREWALL-INSIDE-Default-Gateway
no shutdown
mtu 9000
no ip redirects
ip address 10.50.2.8/24
no ipv6 redirects
ip router ospf 1 area 0.0.0.100
hsrp version 2
hsrp 3
name FIREWALL-INSIDE
preempt
priority 90
ip 10.50.2.2
ASA
ASA-03# sh run router
router ospf 1
router-id 10.50.2.5
network 10.50.2.0 255.255.255.0 area 100
network 10.60.0.128 255.255.255.128 area 100
area 100
log-adj-changes
!
I guess the question I have is that when I try to put in area 0.0.0.100 on the ASA it transfers it to what you see here with only 100. Is that a big deal on that matter or is it still the same "area"?
I am not sure if it is a problem but the ASA is connected to a 2960 switch, which is then connected to a pair of 93180 layer 2 nexus switches. Those are then connected to the 9504s . Pings and traceroutes go both ways at this point, so I am not sure where the breakdown is happening. Can someone assist me with this?
Thanks!
Solved! Go to Solution.
07-25-2022 11:52 AM - last edited on 08-02-2022 11:18 PM by Translator
That got us somewhere!
9504-01# ping multicast 224.0.0.5 int vlan 3
PING 224.0.0.5 (224.0.0.5): 56 data bytes
Request 0 timed out
Request 1 timed out
Request 2 timed out
Request 3 timed out
Request 4 timed out
--- 224.0.0.5 ping multicast statistics ---
5 packets transmitted,
0 packets received, 100% packet loss
9504-01# ping multicast 224.0.0.6 int vlan 3
PING 224.0.0.6 (224.0.0.6): 56 data bytes
Request 0 timed out
Request 1 timed out
Request 2 timed out
Request 3 timed out
Request 4 timed out
--- 224.0.0.6 ping multicast statistics ---
5 packets transmitted,
0 packets received, 100% packet loss
9504-01#
07-25-2022 12:14 PM
show ip ospf traffic vlan3
show ip ospf interface vlan3
please share this of NSK
07-25-2022 01:42 PM - last edited on 08-02-2022 11:19 PM by Translator
Well crap.. Once you put that in and I went to get the
show
command on that, I wonder if I just found the problem.
9504-01# sh ip ospf int vlan 3
Vlan3 is up, line protocol is up
IP address 10.50.2.8/24
Process ID 1 VRF default, area 0.0.0.100
Enabled by interface configuration
State DR, Network type BROADCAST, cost 40
Index 12, Passive interface
9504-01#
If that truly is passive, that would stop the transmission of the OSPF I would think. Am I correct?
Thanks!
07-25-2022 01:52 PM
I inform you in my previous post that check this point,
anyway
I am so glad you get the issue,
Yes Passive making NSK not send Hello and never establish the OSPF.
no passive this interface and check the OSPF.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide