Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1910
Views
2
Helpful
19
Replies

S2S OSPF Hub and Spoke Topology

Go to solution
rtarson
Level 1
Level 1

‎01-23-2025 09:37 AM - edited ‎01-23-2025 10:02 AM

I am working on a hub and spoke topology. I have my Areas configured and interfaces as well on the hub and spokes but I believe I must be missing some or doing something wrong. As right right now the spokes see only the hub as a neighbor however the link says not established. The FTD/Hub side sees all three neighbors but when I show it says EXCHANGE/ for the neighbors. 

Here is what I'm seeing when I do a show ospf neighbor:

Neighbor ID Pri State Dead Time Address Interface
10.100.0.4 0 EXCHANGE/ - 0:00:36 10.255.255.4 S2S-HubSpoke_va33
10.100.0.5 0 EXCHANGE/ - 0:00:35 10.255.255.5 S2S-HubSpoke_va32
10.100.0.6 0 EXCHANGE/ - 0:00:39 10.255.255.6 S2S-HubSpoke_va31

 

Here is a show ospf

Routing Process "ospf 1" with ID 10.100.0.1
Start time: 1w5d, Time elapsed: 1d16h
Supports only single TOS(TOS0) routes
Does not support opaque LSA
Does not support Link-local Signaling (LLS)
Supports area transit capability
Event-log enabled, Maximum number of events: 1000, Mode: cyclic
It is an autonomous system boundary router
Redistributing External Routes from,
static
Router is not originating router-LSAs with maximum metric
Initial SPF schedule delay 5000 msecs
Minimum hold time between two consecutive SPFs 10000 msecs
Maximum wait time between two consecutive SPFs 10000 msecs
Incremental-SPF disabled
Minimum LSA interval 5 secs
Minimum LSA arrival 1000 msecs
LSA group pacing timer 240 secs
Interface flood pacing timer 33 msecs
Retransmission pacing timer 66 msecs
Number of external LSA 0. Checksum Sum 0x0
Number of opaque AS LSA 0. Checksum Sum 0x0
Number of DCbitless external and opaque AS LSA 0
Number of DoNotAge external and opaque AS LSA 0
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Number of areas transit capable is 0
External flood list length 0
IETF NSF helper support disabled
Cisco NSF helper support disabled
Reference bandwidth unit is 100 mbps
Area 1.1.1.1
Number of interfaces in this area is 6 (1 loopback)
Area has no authentication
SPF algorithm last executed 00:21:07.000 ago
SPF algorithm executed 11 times
Area ranges are
Number of LSA 1. Checksum Sum 0xd9b1
Number of opaque link LSA 0. Checksum Sum 0x0
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 0
Flood list length 0

Below is a diagram of the Topology and some extra information of 

s2s2.jpeg

To state I have the S2S VTI interface OSPF set to point-to-point. I have the internal networks set as broadcast. 

Here is what I setup for the interface:

No Authentication at the moment(troubleshooting purpose)

Hello interval (10s)

Delay (1s)

Retransmit (5s)

Dead Interval (40s)

Cost 1

 

 

 

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
rtarson
Level 1
Level 1
In response to Richard Burts

‎01-25-2025 10:58 AM

No problem I appreciate the help. So from looking at the CLI on the spoke side I spotted the issue my VTI66 (handling the connection to the FTD) had a wrong MTU and the MTU matching was set to on. I adjusted to match the MTU of the FTD and wahlah!!!! It making handshake!

 

10.100.0.6 0 FULL/ - 0:00:39 10.255.255.6 S2S-HubSpoke_va20

View solution in original post

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to rtarson

‎01-25-2025 11:35 AM

To summary 

1-Now you use broadcast and use hub ad DR

2- LO IP you mentioned in link (which I think it same what I share with you before) is use only for barrow IP that all.

3-mtu mismatch, İ retrun to your original post it true you mentioned that spokes is other vendor  not FTD, but

FTD VTI by defualt support PMTU unless remote peer stop it.

Anyway glad issue is solve and for spoke to spoke  ospf, you can not establish that the only allow ospf is between spoke to hub. 

For mtu let me check this point update you if I get something 

MHM

View solution in original post

0 Helpful
19 Replies 19

Go to solution
MHM Cisco World
VIP
VIP

‎01-23-2025 10:03 AM

To make it work' make network type 

Point to multipoint

MHM

0 Helpful

Go to solution
rtarson
Level 1
Level 1
In response to MHM Cisco World

‎01-23-2025 10:44 AM

Thank you for reply as far as the FMC showing under Routing>OSPF>interface (inteface of s2s-dvti) side it only shows broadcast and point-to-point. 

Go to solution
MHM Cisco World
VIP
VIP
In response to rtarson

‎01-23-2025 10:48 AM

Then try make it broadcast and make sure the ftd hub is elect as DR for broadcast ospf network.

MHM

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to rtarson

‎01-23-2025 11:59 AM - edited ‎01-23-2025 12:15 PM

@rtarson referring to the documentation.

"Specifying an interface as point-to-point, nonbroadcast lets you transmit OSPF routes over VPN tunnels." - you would need to manually specify the neighbour. https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/device-config/760/management-center-device-config-76/routing-ospf.html#concept_9BABEF545EF342A0BD0199FAE268B59D

FYI, Cisco does recommend using BGP on for Hub and Spoke VPN designs.

RobIngram_0-1737662335721.png

 

0 Helpful

Go to solution
paul driver
VIP
VIP

‎01-23-2025 03:18 PM

Helllo
is this a dmvpn topology or just and hun-spoke topology using ospf?


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Go to solution
rtarson
Level 1
Level 1
In response to paul driver

‎01-23-2025 05:59 PM

The route i am doing is S2S Route-Based VPN Hub and Spoke. I have my tunnel linked all from the FTD to WAN of the Remote spokes. So far this is the configuration I have 

Screenshot 2025-01-23 194638.pngLoopback interfaceLoopback interfacesh only have one subnet in for testingonly have one subnet in for testingOSPF interfacesOSPF interfacesTunnel linksTunnel links

 

 

 

From the TCP Dump I see the database communicating on the Remote side:

 

20:57:57.296174 IP 10.255.255.1 > ospf-all.mcast.net: OSPFv2, Hello, length 48
20:57:57.660632 IP 10.255.255.6 > ospf-all.mcast.net: OSPFv2, Hello, length 48
20:57:57.718934 IP 10.255.255.6 > ospf-all.mcast.net: OSPFv2, Database Description, length 32
20:57:57.889978 IP 10.255.255.1 > ospf-all.mcast.net: OSPFv2, Database Description, length 52
20:58:02.718901 IP 10.255.255.6 > ospf-all.mcast.net: OSPFv2, Database Description, length 32
20:58:02.774518 IP 10.255.255.1 > ospf-all.mcast.net: OSPFv2, Database Description, length 52
20:58:07.269389 IP 10.255.255.1 > ospf-all.mcast.net: OSPFv2, Hello, length 48
20:58:07.660755 IP 10.255.255.6 > ospf-all.mcast.net: OSPFv2, Hello, length 48
20:58:07.718968 IP 10.255.255.6 > ospf-all.mcast.net: OSPFv2, Database Description, length 32
20:58:07.774548 IP 10.255.255.1 > ospf-all.mcast.net: OSPFv2, Database Description, length 52

 

Here is the FTD OSPF interface:

S2S-Loopback is up, line protocol is up
Internet Address 10.255.255.1 mask 255.255.255.255, Area 1.1.1.1
Process ID 1, Router ID 10.100.0.1, Network Type LOOPBACK, Cost: 1
Loopback interface is treated as a stub Host
S2S-HubSpoke_va54 is up, line protocol is up
Interface is unnumbered. Using address of S2S-Loopback (10.255.255.1), Area 1.1.1.1
Process ID 1, Router ID 10.100.0.1, Network Type POINT_TO_POINT, Cost: 1
Transmit Delay is 1 sec, State POINT_TO_POINT
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Hello due in 0:00:09
Does not support Link-local Signaling (LLS)
Cisco NSF helper support disabled
IETF NSF helper support disabled
Index 4/4, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 0, maximum is 0
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 1, Adjacent neighbor count is 0
Suppress hello for 0 neighbor(s)
S2S-HubSpoke_va53 is up, line protocol is up
Interface is unnumbered. Using address of S2S-Loopback (10.255.255.1), Area 1.1.1.1
Process ID 1, Router ID 10.100.0.1, Network Type POINT_TO_POINT, Cost: 1
Transmit Delay is 1 sec, State POINT_TO_POINT
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Hello due in 0:00:07
Does not support Link-local Signaling (LLS)
Cisco NSF helper support disabled
IETF NSF helper support disabled
Index 3/3, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 0, maximum is 0
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 1, Adjacent neighbor count is 0
Suppress hello for 0 neighbor(s)
S2S-HubSpoke_va52 is up, line protocol is up
Interface is unnumbered. Using address of S2S-Loopback (10.255.255.1), Area 1.1.1.1
Process ID 1, Router ID 10.100.0.1, Network Type POINT_TO_POINT, Cost: 1
Transmit Delay is 1 sec, State POINT_TO_POINT
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Hello due in 0:00:05
Does not support Link-local Signaling (LLS)
Cisco NSF helper support disabled
IETF NSF helper support disabled
Index 2/2, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 0, maximum is 0
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 1, Adjacent neighbor count is 0
Suppress hello for 0 neighbor(s)
Supply-Wired-Clients is up, line protocol is up
Internet Address 10.2.2.1 mask 255.255.255.0, Area 1.1.1.1
Process ID 1, Router ID 10.100.0.1, Network Type BROADCAST, Cost: 10
Transmit Delay is 1 sec, State DR, Priority 1
Designated Router (ID) 10.100.0.1, Interface address 10.2.2.1
No backup designated router on this network
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Hello due in 0:00:05
Does not support Link-local Signaling (LLS)
Cisco NSF helper support disabled
IETF NSF helper support disabled
Index 6/6, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 0, maximum is 0
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 0, Adjacent neighbor count is 0
Suppress hello for 0 neighbor(s)
S2S-HubSpoke is up, line protocol is up
Interface is unnumbered. Using address of S2S-Loopback (10.255.255.1), Area 1.1.1.1
Process ID 1, Router ID 10.100.0.1, Network Type POINT_TO_POINT, Cost: 1
Transmit Delay is 1 sec, State POINT_TO_POINT
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Hello due in 0:00:05
Does not support Link-local Signaling (LLS)
Cisco NSF helper support disabled
IETF NSF helper support disabled
Index 5/5, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 0, maximum is 0
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 0, Adjacent neighbor count is 0
Suppress hello for 0 neighbor(s)

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to rtarson

‎01-24-2025 04:04 AM

Priority under interface must be only in Hub 255 and other spoke interface must be less than it.

And as I mention use broadcast network type.

Remember to shut/no shut the interface after you do change to make it take new value.

MHM

0 Helpful

Go to solution
rtarson
Level 1
Level 1
In response to MHM Cisco World

‎01-24-2025 12:18 PM

Yup did that on the ospf interface (S2S-HubSpoke) set it to broadcast and set the priority to 255. I did shut no shut on the port and even rebooted the router. Yet still saying PTP. But I think the Virtual Tunnel interface/Loop back (First photo in my reply above) is handling OSPF rules? I removed all my interfaces configuration on the OSPF routing. Yet if I do a Show OSPF interface i still get this:

S2S-Loopback is up, line protocol is up  
  Internet Address 10.255.255.1 mask 255.255.255.255, Area 1.1.1.1 
  Process ID 1, Router ID 10.100.0.1, Network Type LOOPBACK, Cost: 1
  Loopback interface is treated as a stub Host
S2S-HubSpoke_va9 is up, line protocol is up  
  Interface is unnumbered. Using address of S2S-Loopback (10.255.255.1), Area 1.1.1.1
  Process ID 1, Router ID 10.100.0.1, Network Type POINT_TO_POINT, Cost: 1562
  Transmit Delay is 1 sec, State POINT_TO_POINT
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    oob-resync timeout 40
    Hello due in 0:00:02
  Does not support Link-local Signaling (LLS)
  Cisco NSF helper support disabled
  IETF NSF helper support disabled
  Index 6/6, flood queue length 0
  Next 0x0(0)/0x0(0)
  Last flood scan length is 0, maximum is 0
  Last flood scan time is 0 msec, maximum is 0 msec
  Neighbor Count is 1, Adjacent neighbor count is 0 
  Suppress hello for 0 neighbor(s)
S2S-HubSpoke_va8 is up, line protocol is up  
  Interface is unnumbered. Using address of S2S-Loopback (10.255.255.1), Area 1.1.1.1
  Process ID 1, Router ID 10.100.0.1, Network Type POINT_TO_POINT, Cost: 1562
  Transmit Delay is 1 sec, State POINT_TO_POINT
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    oob-resync timeout 40
    Hello due in 0:00:01
  Does not support Link-local Signaling (LLS)
  Cisco NSF helper support disabled
  IETF NSF helper support disabled
  Index 5/5, flood queue length 0
  Next 0x0(0)/0x0(0)
  Last flood scan length is 0, maximum is 0
  Last flood scan time is 0 msec, maximum is 0 msec
  Neighbor Count is 1, Adjacent neighbor count is 0 
  Suppress hello for 0 neighbor(s)
S2S-HubSpoke_va7 is up, line protocol is up  
  Interface is unnumbered. Using address of S2S-Loopback (10.255.255.1), Area 1.1.1.1
  Process ID 1, Router ID 10.100.0.1, Network Type POINT_TO_POINT, Cost: 1562
  Transmit Delay is 1 sec, State POINT_TO_POINT
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    oob-resync timeout 40
    Hello due in 0:00:00
  Does not support Link-local Signaling (LLS)
  Cisco NSF helper support disabled
  IETF NSF helper support disabled
  Index 4/4, flood queue length 0
  Next 0x0(0)/0x0(0)
  Last flood scan length is 0, maximum is 0
  Last flood scan time is 0 msec, maximum is 0 msec
  Neighbor Count is 1, Adjacent neighbor count is 0 
  Suppress hello for 0 neighbor(s)
S2S-HubSpoke is up, line protocol is up  
  Interface is unnumbered. Using address of S2S-Loopback (10.255.255.1), Area 1.1.1.1
  Process ID 1, Router ID 10.100.0.1, Network Type POINT_TO_POINT, Cost: 1562
  Transmit Delay is 1 sec, State POINT_TO_POINT
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    oob-resync timeout 40
    Hello due in 0:00:05
  Does not support Link-local Signaling (LLS)
  Cisco NSF helper support disabled
  IETF NSF helper support disabled
  Index 3/3, flood queue length 0
  Next 0x0(0)/0x0(0)
  Last flood scan length is 0, maximum is 0
  Last flood scan time is 0 msec, maximum is 0 msec
  Neighbor Count is 0, Adjacent neighbor count is 0 
  Suppress hello for 0 neighbor(s)
Supply-Wired-Clients is up, line protocol is up  
  Internet Address 10.2.2.1 mask 255.255.255.0, Area 1.1.1.1 
  Process ID 1, Router ID 10.100.0.1, Network Type BROADCAST, Cost: 10
  Transmit Delay is 1 sec, State DR, Priority 1
  Designated Router (ID) 10.100.0.1, Interface address 10.2.2.1
  No backup designated router on this network
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    oob-resync timeout 40
    Hello due in 0:00:06
  Does not support Link-local Signaling (LLS)
  Cisco NSF helper support disabled
  IETF NSF helper support disabled
  Index 1/1, flood queue length 0
  Next 0x0(0)/0x0(0)
  Last flood scan length is 0, maximum is 0
  Last flood scan time is 0 msec, maximum is 0 msec
  Neighbor Count is 0, Adjacent neighbor count is 0 
  Suppress hello for 0 neighbor(s)

 

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to rtarson

‎01-25-2025 01:21 AM

Neighbor ID Pri State Dead Time Address Interface
10.100.0.4 0 EXCHANGE/ - 0:00:36 10.255.255.4 S2S-HubSpoke_va33
10.100.0.5 0 EXCHANGE/ - 0:00:35 10.255.255.5 S2S-HubSpoke_va32
10.100.0.6 0 EXCHANGE/ - 0:00:39 10.255.255.6 S2S-HubSpoke_va31

This from hub before you use broadcast' can I see it after you use broadcast.

Also I dony get' are you use Loopback with ospf ? 

For broadcast we need to use VTI interface in ospf config.

MHM

0 Helpful

Go to solution
rtarson
Level 1
Level 1
In response to MHM Cisco World

‎01-25-2025 07:06 AM - edited ‎01-25-2025 07:12 AM

My hub is the FTD and I was following this documentation https://docs.defenseorchestrator.com/cdfmc/t_configure_endpoints_hub_spoke_topology.html#!t_configure_endpoints_hub_spoke_topology.html

"We recommend that you configure the Borrow IP for the dynamic interface from a loopback interface."

"The hub can use only a dynamic VTI and the spokes can use only static VTI interfaces. You can also configure an extranet device as a hub."

 

So I did just that and followed the documentation on creating a DVTI seen here:

https://docs.defenseorchestrator.com/cdfmc/t_configure_endpoints_hub_spoke_topology.html#!t_create_vti_tunnel.html

I made a Virtual-Template interface. When set to dynamic it forces the use of Barrow IP from their I created the loopback zone. If that sounds correct. I would continue using BGP but one of the spokes dont currently support bgp but full support of OSPF. 

 

@MHM Cisco World wrote:

This from hub before you use broadcast' can I see it after you use broadcast.

I am getting same result but however the interface will not switch from Point to Point. I dont have any directions in my OSPF routing for the interface yet still showing point to point. 

 

rtarson_0-1737817824697.png

 

Current output with no OSPF interfaces in routing:

S2S-Loopback is up, line protocol is up
Internet Address 10.255.255.1 mask 255.255.255.0, Area 1.1.1.1
Process ID 1, Router ID 10.100.0.1, Network Type LOOPBACK, Cost: 1
Loopback interface is treated as a stub Host
S2S-HubSpoke_va12 is up, line protocol is up
Interface is unnumbered. Using address of S2S-Loopback (10.255.255.1), Area 1.1.1.1
Process ID 1, Router ID 10.100.0.1, Network Type POINT_TO_POINT, Cost: 1562
Transmit Delay is 1 sec, State POINT_TO_POINT
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Hello due in 0:00:06
Does not support Link-local Signaling (LLS)
Cisco NSF helper support disabled
IETF NSF helper support disabled
Index 4/4, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 1, Adjacent neighbor count is 0
Suppress hello for 0 neighbor(s)
S2S-HubSpoke_va11 is up, line protocol is up
Interface is unnumbered. Using address of S2S-Loopback (10.255.255.1), Area 1.1.1.1
Process ID 1, Router ID 10.100.0.1, Network Type POINT_TO_POINT, Cost: 1562
Transmit Delay is 1 sec, State POINT_TO_POINT
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Hello due in 0:00:01
Does not support Link-local Signaling (LLS)
Cisco NSF helper support disabled
IETF NSF helper support disabled
Index 3/3, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 1, Adjacent neighbor count is 0
Suppress hello for 0 neighbor(s)
S2S-HubSpoke_va10 is up, line protocol is up
Interface is unnumbered. Using address of S2S-Loopback (10.255.255.1), Area 1.1.1.1
Process ID 1, Router ID 10.100.0.1, Network Type POINT_TO_POINT, Cost: 1562
Transmit Delay is 1 sec, State POINT_TO_POINT
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Hello due in 0:00:07
Does not support Link-local Signaling (LLS)
Cisco NSF helper support disabled
IETF NSF helper support disabled
Index 5/5, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 1, Adjacent neighbor count is 0
Suppress hello for 0 neighbor(s)
S2S-HubSpoke is up, line protocol is up
Interface is unnumbered. Using address of S2S-Loopback (10.255.255.1), Area 1.1.1.1
Process ID 1, Router ID 10.100.0.1, Network Type POINT_TO_POINT, Cost: 1562
Transmit Delay is 1 sec, State POINT_TO_POINT
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Hello due in 0:00:06
Does not support Link-local Signaling (LLS)
Cisco NSF helper support disabled
IETF NSF helper support disabled
Index 6/6, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 0, maximum is 0
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 0, Adjacent neighbor count is 0
Suppress hello for 0 neighbor(s)
Supply-Wired-Clients is up, line protocol is up
Internet Address 10.2.2.1 mask 255.255.255.0, Area 1.1.1.1
Process ID 1, Router ID 10.100.0.1, Network Type BROADCAST, Cost: 10
Transmit Delay is 1 sec, State DR, Priority 1
Designated Router (ID) 10.100.0.1, Interface address 10.2.2.1
No backup designated router on this network
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Hello due in 0:00:01
Does not support Link-local Signaling (LLS)
Cisco NSF helper support disabled
IETF NSF helper support disabled
Index 1/1, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 0, maximum is 0
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 0, Adjacent neighbor count is 0
Suppress hello for 0 neighbor(s)

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to rtarson

‎01-25-2025 09:04 AM

I am not clear what is the issue. The OP says " As right right now the spokes see only the hub as a neighbor" as if that were a problem. But my understanding of the topology is that each spoke has a connection to the hub and not to any other routers. So it is quite appropriate for the spoke to have only one neighbor.

Am I missing something? Is there some other issue?

HTH

Rick
0 Helpful

Go to solution
rtarson
Level 1
Level 1
In response to Richard Burts

‎01-25-2025 09:26 AM

Meaning they are just in Exchange state. Wording was a bit off yes. What I mean is all the neighbor spokes show up to hub and their router ID but the state is stuck in "EXCHANGE"

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to rtarson

‎01-25-2025 10:34 AM

Thanks for the clarification. Perhaps you could post what you see in one of the spoke routers?

HTH

Rick
0 Helpful

Go to solution
rtarson
Level 1
Level 1
In response to Richard Burts

‎01-25-2025 10:58 AM

No problem I appreciate the help. So from looking at the CLI on the spoke side I spotted the issue my VTI66 (handling the connection to the FTD) had a wrong MTU and the MTU matching was set to on. I adjusted to match the MTU of the FTD and wahlah!!!! It making handshake!

 

10.100.0.6 0 FULL/ - 0:00:39 10.255.255.6 S2S-HubSpoke_va20

0 Helpful
Customers Also Viewed These Support Documents