04-10-2013 08:55 AM - edited 03-07-2019 12:44 PM
Hi All,
Is there anyone experienced deploy OTV using ASR 1001 between 2 datacenters? We want to acquire HSRP localization there, but at this moment I can only see lots docs are saying how to do this on N7K, not ASR. I saw it has a FHRP filtering enabled by default when the OTV configuration is done, and also see there is a access-list created by default call otv_filter_fhrp, Im just wondering besides this IP ACL there should be MAC ACL applied also, anyone have sample configuration on this? Many thanks.
04-10-2013 12:23 PM
Hello you are correct, there is a Layer 2 mac access list to be applied. I did this a while ago.
The otv filter-hsrp only blocks pdu's from traversing the overlay, but you still need to stop on the ethernet flow points (EFP's) for HSRP mac address being learned.
https://supportforums.cisco.com/thread/2173395
!HSRP L2ACL
mac access-list extended FILTER_HSRP
deny 0000.0c07.ac00 0000.0000.00ff any
permit any any
!
interface overlay 1
otv filter-fhrp
!
Service Instance 100
Ethernet encapsulation dot1q 100
mac access-group FILTER_HSRP out
bridge-domain 100
More info here for HSRP, GLBP and VRRP:
http://www.cisco.com/en/US/docs/ios-xml/ios/wan/command/wan-m1.html#wp3953249580
Hope this helps.
Please rate useful posts and remember to mark any solved questions as answered. Thank you.
04-10-2013 09:55 PM
Hi Bilal,
Thanks for your prompt. It helps me a lot.
Besides, we now have problems with OTV AED not capable, I have checked that the site bridge-domain is permitted on the internal interface of ASR, and I have put Join interface & internal interface & overlay interface into a vrf besides the default router, and the routing (otv extended vlan gateway & core uplink interface) into default router, but the OTV adjacency disappeared then. Here is the output, any comments?
SPRTORT01#show otv site
Site Adjacency Information (Site Bridge-Domain: 3010)
Overlay1 Site-Local Adjacencies (Count: 1)
Hostname System ID Last Change Ordinal AED Enabled Status
* SPRTORT01 B0FA.EB8E.7C80 - Not AED capable
SPRTORT01#show otv detail
Overlay Interface Overlay1
VPN name : SAFP_OTV_1
VPN ID : 1
State : UP
AED Capable : No, overlay DIS not elected
IPv4 control group : 239.1.1.1
Mcast data group range(s): 232.1.1.0/28
Join interface(s) : GigabitEthernet0/0/0
Join IPv4 address : 172.30.0.101
Tunnel interface(s) : Tunnel0
Encapsulation format : GRE/IPv4
Site Bridge-Domain : 3010
Capability : Multicast-reachable
Is Adjacency Server : No
Adj Server Configured : No
Prim/Sec Adj Svr(s) : None
OTV instance(s) : 0
FHRP Filtering Enabled : Yes
ARP Suppression Enabled : No
ARP Cache Timeout : 600 seconds
04-10-2013 10:14 PM
Hello, Just to check over config, are you able to post it here?
Also please check that your OTV vlan that is used for election etc... Is not on your overlay interface, should only be on your inside interface.
Hope this helps
Sent from Cisco Technical Support iPhone App
03-15-2018 07:52 AM
Hello Toi Seng,
OTV on ASR 1001
You can refer to the example given in the link provided.
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/wan_otv/configuration/xe-3s/wan-otv-xe-3s-book/wan-otv-adj-server.pdf
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide