It is indeed strange that when you put R3 in the community VLAN it works fine. Perhaps a bug or perhaps an issue with your private VLAN configuration. Private VLANs are pretty configuration intense and it is insanely easy to miss a step. I would go over that with a fine tooth comb as well, directly from the docCD. In the 3750 configuration guide there is a great example I always go to when messing with PVLANs. Good luck.
On Mon, Aug 20, 2012 at 11:59 AM, Mike Rojas <[email protected]> wrote: > Hey Joe, > > Thanks for looking into it, I did the lab a few days ago . I will reset the > lab one of these days. I just found it very wear and was hoping for someone > to run into something similar. Once I do it I will let you know. > > mIKE. > >> Date: Mon, 20 Aug 2012 11:34:27 -0400 >> Subject: Re: [OSL | CCIE_Security] Private Vlan and OSPF. >> From: [email protected] >> To: [email protected] >> CC: [email protected] > >> >> I think you may be having a different issue, and that you will also >> see other issues with your configuration >> >> 1) point-to-point uses fast timers of 10/40 seconds, but >> point-to-multipoint uses slow timers. Without tweaking the timers on >> one side, you will run into adjacency issues with one side configured >> as point-to-point and the other as point-to-multipoint >> >> 2) Both point-to-point and point-to-multipoint utilize multicast >> >> Try resetting both sides to the default of "broadcast" and run "debug >> ip ospf adjacency" >> >> On Sat, Aug 18, 2012 at 6:43 PM, Mike Rojas <[email protected]> wrote: >> > Hello, >> > >> > I run into this one trying to understand the features, is not documented >> > in >> > any lab is merely me playing around. I have the following scenario: >> > >> > Router1 Get KS (Multicast >> > rekey) >> > | | >> > | >> > |-------------IPS >> > | | >> > ASA1----------------ASA2 >> > (Multicontext failover pair) >> > | |--GRE---BGP >> > peering with authentication. >> > | | >> > Router2 Get GM (DMVPN Hub) >> > | >> > WebVPN server | >> > (Get GM/DMVPN spoke) Router3----Switch1-----Router4 (Get GM/DMVPN spoke) >> > | >> > Switch2 >> > | >> > Router5 (Get GM/DMVPN spoke) >> > >> > Router 4,5 Are on Community Vlans >> > Router 3 is on a Isolated Vlan, >> > Port that goes to the Router 2 is promiscuous >> > >> > I am running ospf between the Routers. Router 4,5,2 see each other as >> > neighbors. Router3 sees Router2 (as expected) however, the adjacency is >> > never build. The router stays on >> > >> > Neighbor ID Pri State Dead Time Address Interface >> > 172.16.20.1 1 EXSTART/BDR 00:00:33 48.48.200.2 >> > FastEthernet0/0 >> > >> > If I change the network type to point to point and change it on the >> > Router 2 >> > as Point to multipoint, everything comes up clean. If I remove the >> > network >> > type and place the router 3 on the community vlan, it comes up fine. >> > >> > I suspected a problem with Multicast vs Isolated Vlan, however, I >> > received a >> > GET vpn rekey without any problems. >> > >> > >> > Mike. >> > >> > >> > _______________________________________________ >> > For more information regarding industry leading CCIE Lab training, >> > please >> > visit www.ipexpert.com >> > >> > Are you a CCNP or CCIE and looking for a job? Check out >> > www.PlatinumPlacement.com >> >> >> >> -- >> Regards, >> >> Joe Astorino >> CCIE #24347 >> http://astorinonetworks.com >> >> "He not busy being born is busy dying" - Dylan -- Regards, Joe Astorino CCIE #24347 http://astorinonetworks.com "He not busy being born is busy dying" - Dylan _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
