Re: HSRP virtual IP unreachable with portchannel subinterface in CML l - Page 2

Rohit Patil · ‎10-13-2024

HSRP virtual IP unreachable with portchannel subinterface in CML lab

########### config for switch begins here #######
!
conf t
!
int po32
description "port-channel interface connected to rtr1"
switchport mode trunk
switchport trunk allow vlan 10,20
no shut
!
int e0/3
description "member interface of port-channel32 interface connected to rtr1"
switchport trunk allow vlan 10,20
switchport mode trunk
channel-group 32 mode active
no shut
!
int e0/0
description "member interface of port-channel32 interface connected to rtr1"
switchport mode trunk
switchport trunk allow vlan 10,20
channel-group 32 mode active
no shut
!
end
!
conf t
int po33
description "port-channel interface connected to rtr2"
switchport mode trunk
switchport trunk allow vlan 10,20
no shut
!
int e0/1
switchport mode trunk
description "member interface of port-channel33 interface connected to rtr2"
switchport trunk allow vlan 10,20
channel-group 33 mode active
no shut
!
int e1/0
switchport mode trunk
description "member interface of port-channel33 interface connected to rtr2"
switchport trunk allow vlan 10,20
channel-group 33 mode active
no shut
!
end
!
wr
########### config ends here #######
########### config for rtr1 begins here #######
!
conf t
!
int po32
description "port-channel interface connected to be-data-sw"
no shut
!
int gi1
description "member interface of port-channel32 interface connected to switch1"
no ip add
channel-group 32 mode active
no shut
!
int gi2
description "member interface of port-channel32 interface connected to switch2"
no ip add
channel-group 32 mode active
no shut
!
int po32.20
no shut
encapsulation dot1q 20
ip add 172.16.20.251
standby version 2
standby 1 priority 105
standby 1 ip 172.16.20.1
standby 1 preempt
standby 1 timers msec 252 msec 840
!
int po32.10
no shut
encapsulation dot1q 10
ip add 172.16.10.251
standby version 2
standby 2 priority 105
standby 2 ip 172.16.10.1
standby 2 preempt
standby 2 timers msec 252 msec 840
standby 2 track 1 decrement 60
!
end
!
wr
!
########### config ends here #######
########### config for rtr2 begins here #######
!
conf t
!
int po33
description "port-channel interface connected to be-data-sw"
no shut
!
int gi2
description "member interface of port-channel33 interface connected to switch1"
no ip add
channel-group 33 mode active
no shut
!
int gi1
description "member interface of port-channel33 interface connected to switch2"
no ip add
channel-group 33 mode active
no shut
!
int po33.20
no shut
encapsulation dot1q 20
ip add 172.16.20.252
standby version 2
standby 1 priority 100
standby 1 ip 172.16.20.1
standby 1 preempt
standby 1 timers msec 100 msec 300
!
int po33.10
no shut
encapsulation dot1q 10
ip add 172.16.10.252
standby version 2
standby 2 priority 100
standby 2 ip 172.16.10.1
standby 2 preempt
standby 2 timers msec 252 msec 840
standby 2 track 1 decrement 60
!
end
!
wr
!
########### config ends here #######

Rohit Patil · ‎10-14-2024

If i configure HSRP only on physical interfaces, instead of portchannls, i am able to ping all the IPs everything works fine. Is this a problem with cisco CML might be it is not able to simulate HSRP on port channel, and portchannel subinterfaces. Forgive me if i reached to wrong conclusion.

paul driver · ‎10-14-2024

Hello
correct , I would defiantly not rule that out

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

paul driver · ‎10-14-2024

Hello
It is possible this is a CML simulation bug however can you post from both rtrs:
sh ip arp

Just to confirm you do have IP routing disabled on the switch correct?

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Rohit Patil · ‎10-14-2024

sw#show ip arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 172.16.10.1 0 0000.0c07.ac02 ARPA Vlan10
Internet 172.16.10.22 - aabb.cc80.0700 ARPA Vlan10
Internet 172.16.10.251 0 001e.f616.b6df ARPA Vlan10
Internet 172.16.10.252 0 001e.1415.23e0 ARPA Vlan10
Internet 172.16.20.22 - aabb.cc80.0700 ARPA Vlan20
sw#show mac add
sw#show mac address-table
Mac Address Table
-------------------------------------------

Vlan Mac Address Type Ports
---- ----------- -------- -----
10 0000.0c07.ac02 DYNAMIC Po33
10 001e.1415.23e0 DYNAMIC Po33
10 001e.f616.b6df DYNAMIC Po32
10 5254.0018.65f7 DYNAMIC Et0/0
20 0000.0c07.ac01 DYNAMIC Po33
20 001e.f616.b6df DYNAMIC Po32
Total Mac Addresses for this criterion: 6
sw#

====

r2#
r2#show ip arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 172.16.10.1 - 0000.0c07.ac02 ARPA Port-channel33.10
Internet 172.16.10.11 13 5254.0018.65f7 ARPA Port-channel33.10
Internet 172.16.10.251 7 001e.f616.b6df ARPA Port-channel33.10
Internet 172.16.10.252 - 001e.1415.23e0 ARPA Port-channel33.10
Internet 172.16.20.1 - 0000.0c07.ac01 ARPA Port-channel33.20
Internet 172.16.20.252 - 001e.1415.23e0 ARPA Port-channel33.20
r2#show standby br
r2#show standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Po33.10 2 100 Active local 172.16.10.251 172.16.10.1
Po33.20 1 100 Active local 172.16.20.251 172.16.20.1
r2#
====

r1#
r1#
r1#show ip arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 172.16.10.1 7 0000.0c07.ac02 ARPA Port-channel32.10
Internet 172.16.10.11 13 5254.0018.65f7 ARPA Port-channel32.10
Internet 172.16.10.251 - 001e.f616.b6df ARPA Port-channel32.10
Internet 172.16.20.251 - 001e.f616.b6df ARPA Port-channel32.20
r1#
r1#
r1#
r1#
r1#show standby br
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Po32.10 2 100 Standby 172.16.10.252 local 172.16.10.1
Po32.20 1 100 Standby 172.16.20.252 local 172.16.20.1
r1#

Rohit Patil · ‎10-14-2024

I tried enabling and disabling IP routing on the switch.
Tried creating SVIs on switch as well.

paul driver · ‎10-14-2024

Hello

@Rohit Patil wrote:

Protocol Address Age (min) Hardware Addr Type Interface
Internet 172.16.10.1 - 0000.0c07.ac02 ARPA Port-channel33.10
Internet 172.16.20.1 - 0000.0c07.ac01 ARPA Port-channel33.20

Protocol Address Age (min) Hardware Addr Type Interface
Internet 172.16.10.1 7 0000.0c07.ac02

The above is not correct, you have HSRPv2 enabled but the vip mac is HSRP v1, so not sure why its like that TBH.
You could try negating the HSRP mac by using the rtrs own mac.

int x/x/
standby x use-bia

test again...

Note: You need to make sure the switch has ip routing DISABLED.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Rohit Patil · ‎10-14-2024

now to simplify, i have configured HSRP with minimal configs, with HSRP 1 not V2. To understand the problem i have tried various combinations.

########### config ends here #######
########### config for rtr2 begins here #######
!
conf t
!
int po33
description "port-channel interface connected to be-data-sw"
no shut
!
int gi1
description "member interface of port-channel33 interface connected to switch1"
no ip add
channel-group 33 mode active
no shut
!
int gi2
description "member interface of port-channel33 interface connected to switch2"
no ip add
channel-group 33 mode active
no shut
!
int po33.20
no shut
encapsulation dot1q 20
ip add 172.16.20.252 255.255.255.0
standby 1 ip 172.16.20.1
!
int po33.10
no shut
encapsulation dot1q 10
ip add 172.16.10.252 255.255.255.0
standby 2 ip 172.16.10.1
!
end
!
wr
!
########### config ends here #######

current rtrs configs

Rohit Patil · ‎10-14-2024

sw(config)#no ip routing
sw(config)#
sw(config)#
sw(config)#
sw(config)#end
sw#
sw#
sw#conf
Configuring from terminal, memory, or network [terminal]?
Enter configuration commands, one per line. End with CNTL/Z.
sw(config)#
sw(config)#
sw(config)#no int vlan 20
sw(config)#no int vlan 10
sw(config)#
sw(config)#
sw(config)#
sw(config)#end
sw#show ip route
Default gateway is not set

Host Gateway Last Use Total Uses Interface
ICMP redirect cache is empty
sw#
sw#
sw#
=====
====
r2#show standby br
r2#show standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Po33.10 2 100 Active local 172.16.10.251 172.16.10.1
Po33.20 1 100 Active local 172.16.20.251 172.16.20.1
r2#ping 172.16.10.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.10.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
r2#
===
====
r2#show standby br
r2#show standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Po33.10 2 100 Active local 172.16.10.251 172.16.10.1
Po33.20 1 100 Active local 172.16.20.251 172.16.20.1
r2#ping 172.16.10.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.10.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
r2#

Tested again by disabling the IP routing on sw and also removed SVIs. but from standby router unable to ping VIP.

also from PC i am able to ping only the physical IP:

inserthostname-here:~$ ping 172.16.10.1
PING 172.16.10.1 (172.16.10.1): 56 data bytes
^C
--- 172.16.10.1 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss
inserthostname-here:~$ ping 172.16.10.251
PING 172.16.10.251 (172.16.10.251): 56 data bytes
64 bytes from 172.16.10.251: seq=0 ttl=42 time=0.670 ms
64 bytes from 172.16.10.251: seq=1 ttl=42 time=0.816 ms
^C
--- 172.16.10.251 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.670/0.743/0.816 ms
inserthostname-here:~$

MHM Cisco World · ‎10-14-2024

The issue I think not in hsrp but you test from SW'

Try connect PC and check

OR

Use source in your ping

I.e.

Ping <vip of hsrp of vlan10> source <vlan10 svi >

Rohit Patil · ‎10-14-2024

sw#ping 172.16.10.1 source 172.16.10.22
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.10.1, timeout is 2 seconds:
Packet sent with a source address of 172.16.10.22
.....
Success rate is 0 percent (0/5)
sw#
sw#ping 172.16.10.252 source 172.16.10.22
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.10.252, timeout is 2 seconds:
Packet sent with a source address of 172.16.10.22
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/201/1001 ms
sw#

Rohit Patil · ‎10-14-2024

It is still the same.

reenabled SVI on sw. tried to ping using SVI IP as source to the VIP. not able to ping.

MHM Cisco World · ‎10-14-2024

Under PO subinterface add

Ip redirect

And try ping from SW using source SVI

MHM

Rohit Patil · ‎10-14-2024

r2(config)#int po33.10
r2(config-subif)#ip redi
r2(config-subif)#ip redirects
r2(config-subif)#int po33.20
r2(config-subif)#ip redirects
r2(config-subif)#
r2(config-subif)#
r2(config-subif)#end
r2#
r2#

+++

r1(config-if)#
r1(config-if)#
r1(config-if)#int po32.10
r1(config-subif)#ip redirects
r1(config-subif)#int po32.20
r1(config-subif)#ip redirects
r1(config-subif)#
r1(config-subif)#
r1(config-subif)#
r1(config-subif)#end
r1#
r1#
r1#

====

sw#
sw#
sw#
sw#ping 172.16.10.1 source 172.16.10.22
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.10.1, timeout is 2 seconds:
Packet sent with a source address of 172.16.10.22
.....
Success rate is 0 percent (0/5)
sw#
sw#
sw#ping 172.16.10.252 source 172.16.10.22
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.10.252, timeout is 2 seconds:
Packet sent with a source address of 172.16.10.22
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
sw#show tim
sw#show time-range
sw#show clo
sw#show clock
*08:52:45.025 UTC Mon Oct 14 2024
sw#

Rohit Patil · ‎10-14-2024

Still it is the same..tried

Rohit Patil · ‎10-14-2024

Adding on to this:

I am able to ping PC from the router but not with standby IP as source IP

r2#ping 172.16.10.11 source 172.16.10.1
% Invalid source address- IP address not on any of our up interfaces
r2#show standby br
r2#show standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Po33.10 2 100 Active local 172.16.10.251 172.16.10.1
Po33.20 1 100 Active local 172.16.20.251 172.16.20.1
r2#ping 172.16.10.11
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.10.11, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
r2#