×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

FHRP Isolation with OTV

Unanswered Question
Aug 27th, 2014
User Badges:

Hi,

I have a two datacenter where OTV is implemented, the FHRP isolation is running to segregate the gateways for the vlans.

I have one vlan which still needs to have active hsrp on DC1 and standby in DC2.

I have exclude that vlan from the vlan filterlist in order to have the virtual IP moved from one DC to the other for that vlan only.

But since I have the following vmac filtaration:

 

mac-list OTV_HSRP_VMAC_deny seq 10 deny 0000.0c07.ac00 ffff.ffff.ff00
mac-list OTV_HSRP_VMAC_deny seq 20 deny 0000.0c9f.f000 ffff.ffff.ff00
mac-list OTV_HSRP_VMAC_deny seq 30 permit 0000.0000.0000 0000.0000.0000


route-map OTV_HSRP_FILTER permit 10
  match mac-list OTV_HSRP_VMAC_deny

otv-isis default
  vpn Overlay1
    redistribute filter route-map OTV_HSRP_FILTER

 

it seems that the OTV still blocking the vmac and the hsrp is not being able to communicate between the two gateways !!

Any idea ? shoud I move for something like routing between the two gateways ? or can I exclude the hsrp group from the vmac access-list  ?!

 

Thanks in advance.

Regards

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
muhammad.saad Sun, 10/19/2014 - 16:23
User Badges:

Hello,

As per me research, you need to allow the HSRP VMAC in the OTV_HSRP_VMAC_deny list to be able to present HSRP isolation happening.

e.g. HSRP VMAC = aaaa.bbbb.cccc

mac-list OTV_HSRP_VMAC_deny seq 1 allow aaaa.bbbb.cccc

This list is checked at control plane and will be applied to all VLANs regardless they are added in VLAN filter list or not.

I have yet to test this solution myself but hope it helps.

Regards,

Muhammad Saad

Colm OLeary Tue, 06/28/2016 - 03:21
User Badges:

I ran into this problem also.


I was able to get around the global filter on the Overlay by manually configuring the the mac addr of the HSRP Group to be outside of the default range.


in vlan 900

hsrp 900

mac-addr 0000.0000.0001

Actions

This Discussion

Related Content

 

 

Trending Topics: Other DC Subjects