The ways that I've been told about how to stop FHRP protocols from talking over an overlay has been to use a combination of VACLs and MAC filters. There is a cisco doc that also shows how to do this. On some newer versions of IOS ive seen the option to block any FHRP over the overlay. I haven't seen much on the web for this command...
<http://www.cisco.com/en/US/docs/ios-xml/ios/wan/command/wan-m1.html#GUID-3E20C339-68D0-4471-8D05-B9E3C9BB61EA>
OTV_DC1_ASR1#conf t
OTV_DC1_ASR1(config)# interface overlay 1
OTV_DC1_ASR1(config-if)# otv ?
control-group OTV VPN control multicast group
data-group Multicast group range for data
encapsulation-format Encapsulation format
filter-fhrp Configure to not forward HSRP, GLBP, and VRRP packets on overlay
isis ISIS interface subcommands
join-interface OTV VPN join-interface
suppress Enable overlay packet suppression
vpn-name OTV VPN name
OTV_DC1_ASR1(config-if)#otv filter-fhrp
Has anyone tried this with a L2 ACL?
Kind Regards,
Bilal
Please rate useful posts & remember to mark any solved questions as answered. Thank you.