A few days ago, I replaced Cisco 3750X stack with Cisco 9300 switches (also stacked) at one of my customers location.

After installing and powering on new switches, I noticed that there was no OSPF neighbor relationship between new stack and the ASA 5508X, but only with two Mikrotik routers.

After some Wiresharking, I noticed that the C9300 is sending OSPF hello packet with an unknown LLS TLV option, which is why ASA 5508X discards this package.

C9300 OSPF ASA5508X

Mikrotik routers (and also ASA 5510) receive this kind of hello packet, and ignore an additional option, thus establishing OSPF neighbor relationship with C9300.


The option in question is LLS (Link-Local Signaling). This option provides additional capabilities to the OSPF protocol itself. Hello packet on C9300 is wrongly formatted, which can be attributed to the bug in IOS…

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvg85146

For the reference, I used 16.9.3 version of IOS-XE on C9300-48T switch.

The solution is to disable this OSPF option on the C9300 interface which leads to ASA…

C9300# show run int vlan 10
interface Vlan10
 description LINK_TO_ASA
 ip address 10.1.1.2 255.255.255.0
 ip ospf lls disable
!

At that moment, OSPF neighbor relationship between C9300 and ASA5508X was up!

Cisco C9300, OSPF and ASA 5508X
Tagged on: