topic Re: Vwire inbetween Cisco Asr router and Nexus 9K Switch in General Topics

Vwire inbetween Cisco Asr router and Nexus 9K Switch

markk96 — Tue, 04 Dec 2018 15:33:19 GMT

I am having trouble with the following.

Cisco ASR router with IP of 10.1.1.5 plugs into Cisco 9K switch into port eth 1/3, eth 1/3 is configured the follwoing way.

interface TenGigabitEthernet0/0/1
description LAS-9K-2
ip address 10.1.1.5
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
load-interval 30
cdp enable
end

interface Ethernet1/3
switchport access vlan 852
no shutdown

The Palo is configured as follows.

L3-9K2-vwire ethernet1/19 ethernet1/20 p 0-4094

Palo port 19 connected to 9K eth 1/15

interface Ethernet1/15
switchport access vlan 852
no shutdown

Palo port 20 Connected to 9k eth 1/16

interface Ethernet1/16
description Palo-Wan2-eth20
no switchport
speed 10000
no ip redirects
ip address 10.1.1.6
no ip ospf passive-interface
ip router ospf 1 area 0.0.0.0

The IP's above have been changed for this discussion. What is happening there is no traffic from the layer2 vlan 852 on the cisco switch. In the palo traffic logs i can see 10.1.1.6 trying ping 10.1.1.5, but never 10.1.15 to 10.1.16

I am not sure what i am missing, I have done this before.

Re: Vwire inbetween Cisco Asr router and Nexus 9K Switch

OtakarKlier — Tue, 04 Dec 2018 15:38:37 GMT

Hello,

Do you have security policies on the vwire allowing traffic in both directions? Check the traffic logs for any drops or denies in either direction.

Regards,

Re: Vwire inbetween Cisco Asr router and Nexus 9K Switch

Raido_Rattameister — Tue, 04 Dec 2018 15:43:08 GMT

By default virtual wire permits through only untagged packets.

Did you add 0-4094 (or you can be more specific to allow only vlans you want) into virtual wire Tag Allowed box?

Re: Vwire inbetween Cisco Asr router and Nexus 9K Switch

markk96 — Tue, 04 Dec 2018 16:13:09 GMT

The Policy rule is set for any any, with application default set to any.

The vwire is set to 0-4094 for tagging.