After migration from Catalyst 3750-X to 9300 switch all of a sudden OSPF adjacency to ASA was not establishing. Since configuration did not change I started debugging it.
Switch side was stuck in “INIT/DROTHER” state. ASA side had no neighbors. “Show OSPF” indicated that Area BACKBONE(0) was (Inactive). The interface was in the area, subnet, HELLO/DEAD timers matched.
asa# sh ospf 100
<SNIP>
Area BACKBONE(0) (Inactive)
Number of interfaces in this area is 1
Area has no authentication
Looking further at “show OSPF events” revealed a strange message indicating bad packet header from an invalid/non-existing IP address.
asa# sh os 100 ev
OSPF Router with ID (Process ID 100)
1 May 18 21:10:51.416: Bad pkt rcvd: <invalid IP>
2 May 18 21:10:41.946: Bad pkt rcvd: <invalid IP>
3 May 18 21:10:32.876: Bad pkt rcvd:
I checked IP and it did not exist in my network so I ran “show ospf traffic” on ASA to look for invalid packet header error messages.
asa# sh os traffic
<SNIP>
OSPF header errors
Length 0, Auth Type 0, Checksum 0, Version 0,
Bad Source 0, No Virtual Link 0, Area Mismatch 0,
No Sham Link 0, Self Originated 0, Duplicate ID 0,
Hello 0, MTU Mismatch 0, Nbr Ignored 0,
LLS 80, Unknown Neighbor 0, Authentication 0,
TTL Check Fail 0
Under OSPF header errors I found errors related to LLS. Google search returned this bug related to ASA not supporting OSPF LLS TLV under interface.
So the fix was to disable LLS TLV on the switch/router interface.
Interface X
ip ospf lls disable
Once interface command was entered OSPF adjacency to ASA established successfully.
12 comments On Cisco ASA: OSPF neighbor stuck in “init” state
thank you so mach!
You solved my problem
ASA – 9.9(2)
C3850 – 16.6.5
Totally solves the issue. My problem occurred in a DMZ where about a dozen routers meet, so I had to update every one. I get paid by the hour.
Top man – saved my bacon.
Hello,
I just fixed the same issue with your comment.
kudos
thanks a lot bro, u fixed my problems and i’m finding to solve this issue around 5 hours
Thank you! Solved my issue.
ASA 9.6(3)1
C3850 – 16.9.5
Thank you worked u saved us ))
Thank you ! Issue resolved
ASA – 9.8(2)
Cisco – 3850
This was perfect! Thankyou!
网上查了找很多资料,终于在这里找到了解决方法
ahh….thank you !!!!!
Thanks, we also encountered this between an AS5525 and a recent ASR1001-HX