02-11-2023 02:32 AM - edited 02-11-2023 02:49 AM
I have a couple of Catalyst 3750X's in a lab. They aren't stacked but have a 2 x 1Gbps LACP L2 port-channel between them and there are several VLANs that trunk across this. There are L3 SVIs on each C3750X and I'm running HSRP on some of these. Some are in different VRFs. I have one VLAN - 100, that is a transit VLAN to an ASA firewall. IPv4 HSRP is configured on this VLAN which is working as expected. There is no routing protocol between the C3750X's and the ASA, so there is a default route on the C3750X's to the ASA inside address and the ASA has some static IPv4 routes via the HSRP address. This is all working as expected.
I have also enabled IPv6 HSRP with a Global address, however this isn't working. My logic was the same for IPv4 - static IPv6 default on the C3750X's and a static IPv6 route to the /56 behind the C3750X's. The HSRP state for IPv6 on VLAN 100 is Active/Active and the two C3750X's don't appear to be receiving the others HSRP hello messages.
The configuration is pretty simple:
!! C3750X #1
interface Vlan100
description Firewall-Transit
vrf forwarding GLOBAL-ROUTES
ip address 192.168.210.250 255.255.255.248
no ip redirects
no ip proxy-arp
ip pim sparse-mode
standby version 2
standby 0 ipv6 XXXX:XXXX:201:13F8::1/64
standby 10 ip 192.168.210.249
standby 10 priority 90
standby 10 preempt
ipv6 address XXXX:XXXX:201:13F8::2/64
ipv6 enable
!
!! C3750X #2
interface Vlan100
description Firewall-Transit
vrf forwarding GLOBAL-ROUTES
ip address 192.168.210.251 255.255.255.248
no ip redirects
no ip proxy-arp
ip pim sparse-mode
standby version 2
standby 0 ipv6 XXXX:XXXX:201:13F8::1/64
standby 10 ip 192.168.210.249
standby 10 preempt
ipv6 address XXXX:XXXX:201:13F8::3/64
ipv6 enable
The output from 'show standby vlan 100' on each C3750X looks like this:
dna-lab-c3750x-1#sho standby vlan 100
Vlan100 - Group 0 (version 2)
State is Active
2 state changes, last state change 00:29:06
Link-Local Virtual IPv6 address is FE80::5:73FF:FEA0:0 (impl auto EUI64)
Virtual IPv6 address XXXX:XXXX:201:13F8::1/64
Active virtual MAC address is 0005.73a0.0000 (MAC In Use)
Local virtual MAC address is 0005.73a0.0000 (v2 IPv6 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.168 secs
Preemption disabled
Active router is local
Standby router is unknown
Priority 100 (default 100)
Group name is "hsrp-Vl100-0" (default)
Vlan100 - Group 10 (version 2)
State is Standby
1 state change, last state change 00:29:06
Virtual IP address is 192.168.210.249
Active virtual MAC address is 0000.0c9f.f00a (MAC Not In Use)
Local virtual MAC address is 0000.0c9f.f00a (v2 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.456 secs
Preemption enabled
Active router is 192.168.210.251, priority 100 (expires in 9.552 sec)
MAC address is c464.132b.4d47
Standby router is local
Priority 90 (configured 90)
Group name is "hsrp-Vl100-10" (default)
As a test I created a VLAN and the associated SVI but in the global table on each C3750X and enabled IPv6 with HSRP and this worked - or at least the output showed they could see each other.
The C3750X's are running 15.2(4)E10 and have the IPServices license enabled. IP & IPv6 routing is globally enabled on each.
I think this is a bug or limitation as this should be a pretty simple configuration.
Solved! Go to Solution.
02-14-2023 07:24 AM
After lots of messing around and getting just weirder and weirder results, I think I've fixed it, however I have no idea why.... Simple things like just pinging between SVIs wasn't working for all interfaces, the switches weren't seeing each other as IPv6 neighbours. Reboots seemed to get things back for a while, but it just got weird.
The global command:
ipv6 dhcp-relay source-interface Loopback0
was added to the configuration on both C3750X's last week, however neither Loopback0 interfaces had an IPv6 address. Adding an IPv6 address to Loopback0 and all the weirdness has stopped.
All very odd.
02-11-2023 02:52 AM
Standby x ipv6 autoconfig <<- add this and check
02-11-2023 02:56 AM
Already tried that and the results are the same - both say:
Active router is local
Standby router is unknown
02-11-2023 03:01 AM - edited 02-11-2023 03:02 AM
First no standby x ipv6 xxxxxxxxx
Then add
Standby x ipv6 autoconfig
02-11-2023 03:16 AM
Yes, I've already tried that and the results are the same. I've also disabled IPv6 on the SVIs, removed all the IPv6 configuration and added it back. However the results are always the same.
02-11-2023 03:29 AM
>.... have also enabled IPv6 HSRP with a Global address, however this isn't working.
Ref : https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/12-2_53_se/configuration/guide/3750xscg/swhsrp.html#15579
>.... HSRP for IPv4 and HSRP for IPv6 are mutually exclusive. You cannot enable both at the same time.
M.
02-11-2023 04:37 AM
That's the bit I was obviously missing....
Thank you
02-11-2023 04:56 AM
Actually, that is only applicable to stacked 3750's and not standalone, which is what I've got.
02-11-2023 05:04 AM
Yes this confuse me, what support and what not support.
so it need some check.
what if I want to config HSRP ipv6 in different SVI are this can be done or not?
what meaning of global HSRP ipv6 if there is no command in global mode, the command is in interface mode.
anyway let me check and if I get something I will update you.
thanks
02-11-2023 03:39 AM
In description you mention FW
Are you use asa transparent ?
If yes then I think you need to allow 224.0.0.102 mutlicast ip for ipv6 hsrp.
02-11-2023 05:35 AM
I've just configured this on two spare C3560X switches I have - same IOS, L2 port-channel, multiple VRFs etc.
I initially just configured IPv6 on the SVIs and HSRP worked. I then added IPv4 and HSRP didn't work for this, so it points to a limitation. However I then removed the IPv4 HSRP configuration and replaced it with a GLBP and this works. However I've just tried this on the original lab and HSRP for IPv6 is still not working. There is now only one standby group configured and its for IPv6, but I still see:
Active router is local
Standby router is unknown
Think I'm going to give up with it and leave out the HSRPv6 configuration for this SVI.
02-14-2023 07:24 AM
After lots of messing around and getting just weirder and weirder results, I think I've fixed it, however I have no idea why.... Simple things like just pinging between SVIs wasn't working for all interfaces, the switches weren't seeing each other as IPv6 neighbours. Reboots seemed to get things back for a while, but it just got weird.
The global command:
ipv6 dhcp-relay source-interface Loopback0
was added to the configuration on both C3750X's last week, however neither Loopback0 interfaces had an IPv6 address. Adding an IPv6 address to Loopback0 and all the weirdness has stopped.
All very odd.
02-14-2023 07:31 AM
thanks a lot for your feedback.
many many thanks.
02-14-2023 03:30 PM
It was a proper puzzler. There is an IPv4 DHCP scope configured on one of the switches and that stopped working as well. I'm guessing there are some interdependencies with processes and having the invalid configuration broke various things.
Ho hum. All working now though.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: