Referencing the this topology (ctrl+f for "Dual L2/L3 POD Interconnect")
In this back-to-back vPC trunk configuration, I am trying to achieve FHRP domain isolation so each site has it's own version of Active/Standby SVIs. According to this document I just have to apply a PACL to the DCI trunk interface (Po20/vPC20 in my configuration) and configure "no ip arp gratuitous hsrp duplicate" on the stretched VLAN SVIs, and I should achieve this isolation. I have it stood up with 4x N9Kvs in GNS3 right now, but I can't seem to get it to stop sharing HSRP information across the DCI. One data center has an Active and a Listener, the other has a Standby and a Listener. Is this a GNS3 bug or am I missing something here? Seems like a simple enough config.
config:
interface port-channel20
description L2_to_9k1/2_vPC20 (Inter-DC Trunk)
switchport mode trunk
switchport trunk native vlan 999
switchport trunk allowed vlan 94,1000
ip port access-group DENY_HSRP_IP in
spanning-tree port type edge trunk
spanning-tree bpdufilter enable
vpc 20
7k1(config)# show access-list DENY_HSRP_IP
IP access list DENY_HSRP_IP
statistics per-entry
10 deny udp any 224.0.0.2/32 eq 1985
20 deny udp any 224.0.0.102/32 eq 1985
30 permit ip any any
interface Vlan94
description Stretched_L2_Example_VLAN
no shutdown
no ip redirects
ip address 10.200.0.15/27
no ipv6 redirects
ip router eigrp 100
ip passive-interface eigrp 100
no ip arp gratuitous hsrp duplicate
hsrp version 2
hsrp 94
preempt
priority 140
ip 10.200.0.30
No comments:
Post a Comment