cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

1544
Views
0
Helpful
1
Replies
Highlighted
Engager

FHRP Gateway Optimization in an OTV Network across DC's

The ways that I've been told about how to stop FHRP protocols from talking over an overlay has been to use a combination of VACLs and MAC filters. There is a cisco doc that also shows how to do this. On some newer versions of IOS ive seen the option to block any FHRP over the overlay. I haven't seen much on the web for this command...

<http://www.cisco.com/en/US/docs/ios-xml/ios/wan/command/wan-m1.html#GUID-3E20C339-68D0-4471-8D05-B9E3C9BB61EA>

OTV_DC1_ASR1#conf t

OTV_DC1_ASR1(config)# interface overlay 1

OTV_DC1_ASR1(config-if)# otv ?

  control-group         OTV VPN control multicast group

  data-group            Multicast group range for data

  encapsulation-format  Encapsulation format

  filter-fhrp           Configure to not forward HSRP, GLBP, and VRRP packets on overlay

  isis                  ISIS interface subcommands

  join-interface        OTV VPN join-interface

  suppress              Enable overlay packet suppression

  vpn-name              OTV VPN name

OTV_DC1_ASR1(config-if)#otv filter-fhrp

Has anyone tried this with a L2 ACL?

Kind Regards,

Bilal

Please rate useful posts & remember to mark any solved questions as answered. Thank you.
Everyone's tags (6)
1 REPLY 1
Beginner

FHRP Gateway Optimization in an OTV Network across DC's

Here's what we have in our 7K configuration:

In global config:

ip access-list otv-hsrp-filter

  10 deny udp any 224.0.0.2/32 eq 1985

  20 permit ip any any

mac-list hsrp-vmac seq 10 deny 0000.0c07.ac00 ffff.ffff.ff00

mac-list hsrp-vmac seq 20 permit 0000.0000.0000 0000.0000.0000

route-map hsrp-filter permit 10

  match mac-list hsrp-vmac

On the L2 interface between the OTV VDC and the distribution VDC:

interface port-channel41

  ip port access-group otv-hsrp-filter in

Then:

otv-isis default

  vpn Overlay1

    redistribute filter route-map hsrp-filter

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards