Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1544
Views
0
Helpful
3
Replies

FHRP Isolation with OTV

eng.bader
Level 1
Level 1

‎08-27-2014 06:08 AM - edited ‎03-01-2019 07:39 AM

Hi,

I have a two datacenter where OTV is implemented, the FHRP isolation is running to segregate the gateways for the vlans.

I have one vlan which still needs to have active hsrp on DC1 and standby in DC2.

I have exclude that vlan from the vlan filterlist in order to have the virtual IP moved from one DC to the other for that vlan only.

But since I have the following vmac filtaration:

 

mac-list OTV_HSRP_VMAC_deny seq 10 deny 0000.0c07.ac00 ffff.ffff.ff00
mac-list OTV_HSRP_VMAC_deny seq 20 deny 0000.0c9f.f000 ffff.ffff.ff00
mac-list OTV_HSRP_VMAC_deny seq 30 permit 0000.0000.0000 0000.0000.0000


route-map OTV_HSRP_FILTER permit 10
  match mac-list OTV_HSRP_VMAC_deny

otv-isis default
  vpn Overlay1
    redistribute filter route-map OTV_HSRP_FILTER

 

it seems that the OTV still blocking the vmac and the hsrp is not being able to communicate between the two gateways !!

Any idea ? shoud I move for something like routing between the two gateways ? or can I exclude the hsrp group from the vmac access-list  ?!

 

Thanks in advance.

Regards

1 person had this problem
Labels:
0 Helpful
3 Replies 3

InayathUlla Sharieff
Cisco Employee
Cisco Employee

‎08-29-2014 07:19 PM

Please  check the below link:

http://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/overlay-transport-virtualization-otv/white_paper_c11-702185.html#wp9001588

 

HTH

Regards

Inayath.

0 Helpful

muhammad.saad
Level 1
Level 1

‎10-19-2014 04:23 PM

Hello,

As per me research, you need to allow the HSRP VMAC in the OTV_HSRP_VMAC_deny list to be able to present HSRP isolation happening.

e.g. HSRP VMAC = aaaa.bbbb.cccc

mac-list OTV_HSRP_VMAC_deny seq 1 allow aaaa.bbbb.cccc

This list is checked at control plane and will be applied to all VLANs regardless they are added in VLAN filter list or not.

I have yet to test this solution myself but hope it helps.

Regards,

Muhammad Saad

0 Helpful

Colm OLeary
Level 1
Level 1

‎06-28-2016 03:21 AM

I ran into this problem also.

I was able to get around the global filter on the Overlay by manually configuring the the mac addr of the HSRP Group to be outside of the default range.

in vlan 900

hsrp 900

mac-addr 0000.0000.0001

0 Helpful
Customers Also Viewed These Support Documents