Re: HSRP 50% ping

sjamison · ‎10-20-2004

Got two 3550-12T's running layer2/3. 12.1(19)EA1c

When Im in the network and I ping my HSRP address it responds fine. When im off the network the HSRP pings back every other time, same with pinging the vlan interface. If I shut one interface down, then I get 100% ping response. My 3640 is where Im pinging my 3550's. They know about each other through EIGRP. (I am doing intervlan routing) 3640 is in my flat vlan1 network, and I have 4 vlans in my 3550s so far where my new network is living at. (need to still grow it but cant until this is fixed)

Any thoughts suggestions? This is now day three with an open case with TAC and Im going to escalate it if I cant find an easy fix...

Hossy · ‎10-20-2004

Are you using vrfs?

sjamison · ‎10-20-2004

Not that I am aware of. Dont know that one... Unless its turned on be default, Im not using it as far as I am aware of...

Hossy · ‎10-20-2004

Ok. So you are doing HSRP for what vLAN? vLAN 1?

scottosan · ‎10-20-2004

We would nned to see your config to dermin what is wrong.

sjamison · ‎10-20-2004

3550-A

show run

Building configuration...

Current configuration : 3700 bytes

!

! Last configuration change at 10:32:45 mst Wed Oct 20 2004

! NVRAM config last updated at 10:32:56 mst Wed Oct 20 2004

!

version 12.1

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname 3550A-DJ7727

!

clock timezone mst -7

ip subnet-zero

ip routing

!

spanning-tree mode pvst

spanning-tree extend system-id

spanning-tree backbonefast

!

interface GigabitEthernet0/1

description 1stFloor Debras Closet

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface GigabitEthernet0/2

description 4th Floor

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface GigabitEthernet0/3

description 1stFloor Accounting

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface GigabitEthernet0/4

description 2nd Floor 24port

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface GigabitEthernet0/5

description 3rd Floor

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface GigabitEthernet0/6

description 2nd Floor 48port

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface GigabitEthernet0/7

description 1616 Basement

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface GigabitEthernet0/8

switchport mode dynamic desirable

no ip address

!

interface GigabitEthernet0/9

switchport mode dynamic desirable

no ip address

!

interface GigabitEthernet0/10

switchport mode dynamic desirable

no ip address

!

interface GigabitEthernet0/11

description CORE UPLINK

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface GigabitEthernet0/12

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface Vlan1

ip address 159.87.32.227 255.255.255.224 secondary

ip address 10.200.100.43 255.255.252.0

no ip redirects

no ip mroute-cache

standby 14 ip 159.87.32.229

standby 14 priority 110

!

interface Vlan19

description WIRELESS - HSRP

ip address 10.200.117.250 255.255.255.0

ip verify unicast reverse-path

ip helper-address 10.200.100.20

ip helper-address 159.87.32.230

ip helper-address 10.200.100.13

no ip redirects

no ip unreachables

standby 12 ip 10.200.117.254

standby 12 priority 110

!

interface Vlan20

description SWITCH Administration VLAN - HSRP

ip address 10.200.118.250 255.255.255.0

ip verify unicast reverse-path

no ip redirects

no ip unreachables

standby 13 ip 10.200.118.254

standby 13 priority 110

!

interface Vlan21

description BATCAVE NETWORK

ip address 10.200.119.250 255.255.255.0

ip verify unicast reverse-path

ip helper-address 10.200.100.20

ip helper-address 159.87.32.230

ip helper-address 10.200.100.13

no ip redirects

no ip unreachables

standby 15 ip 10.200.119.254

standby 15 priority 110

!

router eigrp 1

network 10.0.0.0

network 159.87.0.0

auto-summary

no eigrp log-neighbor-changes

!

ip default-gateway 159.87.32.225

ip classless

ip default-network 159.87.0.0

ip route 0.0.0.0 0.0.0.0 159.87.32.225

ip route 10.0.0.0 255.0.0.0 159.87.32.225

ip route 10.200.0.0 255.255.0.0 159.87.32.225

ip route 10.250.1.0 255.255.255.0 159.87.32.225

ip route 159.87.0.0 255.255.0.0 159.87.32.225

ip route 159.87.96.251 255.255.255.255 159.87.32.225

ip route 192.168.96.251 255.255.255.255 159.87.32.225

no ip http server

!

logging 10.200.103.212

!

line con 0

line vty 0 4

login

line vty 5 15

login

!

ntp clock-period 17180257

ntp server 10.200.100.13

end

3550A-DJ7727#

sjamison · ‎10-20-2004

3550-B

show run

Building configuration...

Current configuration : 3626 bytes

!

! Last configuration change at 10:34:34 mst Wed Oct 20 2004

! NVRAM config last updated at 10:34:35 mst Wed Oct 20 2004

!

version 12.1

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname 3550B-DJ7728

!

clock timezone mst -7

ip subnet-zero

ip routing

!

spanning-tree mode pvst

spanning-tree extend system-id

spanning-tree backbonefast

!

interface GigabitEthernet0/1

description 1st Floor

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface GigabitEthernet0/2

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface GigabitEthernet0/3

description 3rd Floor

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface GigabitEthernet0/4

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface GigabitEthernet0/5

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface GigabitEthernet0/6

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface GigabitEthernet0/7

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface GigabitEthernet0/8

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface GigabitEthernet0/9

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface GigabitEthernet0/10

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface GigabitEthernet0/11

description CORE LINK

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface GigabitEthernet0/12

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface Vlan1

ip address 159.87.32.228 255.255.255.0 secondary

ip address 10.200.100.44 255.255.252.0

no ip redirects

no ip mroute-cache

standby 14 ip 159.87.32.229

standby 14 priority 150

!

interface Vlan19

description WIRELESS - HSRP

ip address 10.200.117.251 255.255.255.0

ip verify unicast reverse-path

ip helper-address 10.200.100.20

ip helper-address 159.87.32.230

ip helper-address 10.200.100.13

no ip redirects

no ip unreachables

standby 12 ip 10.200.117.254

standby 12 priority 150

standby 12 preempt

!

interface Vlan20

description SWITCH ADMINISTRATION VLAN - HSRP

ip address 10.200.118.251 255.255.255.0

ip verify unicast reverse-path

no ip redirects

no ip unreachables

standby 13 ip 10.200.118.254

standby 13 priority 150

standby 13 preempt

!

interface Vlan21

description BATCAVE NETWORK

ip address 10.200.119.251 255.255.255.0

ip helper-address 10.200.100.20

ip helper-address 159.87.32.230

ip helper-address 10.200.100.13

no ip redirects

no ip unreachables

standby 15 ip 10.200.119.254

standby 15 priority 110

!

router eigrp 1

network 10.0.0.0

network 159.87.0.0

auto-summary

no eigrp log-neighbor-changes

!

ip default-gateway 159.87.32.225

ip classless

ip default-network 159.87.0.0

ip route 0.0.0.0 0.0.0.0 159.87.32.225

ip route 10.0.0.0 255.0.0.0 159.87.32.225

ip route 10.200.0.0 255.255.0.0 159.87.32.225

ip route 10.250.1.0 255.255.255.0 159.87.32.225

ip route 159.87.0.0 255.255.0.0 159.87.32.225

ip route 159.87.96.251 255.255.255.255 159.87.32.225

ip route 192.168.96.251 255.255.255.255 159.87.32.225

no ip http server

!

logging 10.200.103.212

!

line con 0

line vty 0 4

!

login

line vty 5 15

!

login

!

ntp clock-period 17180286

ntp server 10.200.100.13

end

3550B-DJ7728#

Hossy · ‎10-20-2004

How do these switches connect to the 3640?

How do these switch connect to each other (if they do)?

sjamison · ‎10-20-2004

The 3550A connects into 3750A and 3550B connects into 3750B. (Stackwise between the two 3750's)

The 3640 at this time connects into 3750A at this time only. The 3640 is my WAN router.

The 3550's and 3640 points to the 159.87.32.225 address which is the inside address of my firewall. There are route inside statements on the firewall to correspond to the networks inside of my network. Everything else gets routed out to my internet router which is a 7206.

sjamison · ‎10-20-2004

just in case anyone missed the post on top, the 3640 and 3550's are using EIGRP

prahlad_panchal · ‎10-20-2004

interface Vlan1

ip address 159.87.32.227 255.255.255.224 secondary

ip address 10.200.100.43 255.255.252.0

no ip redirects

no ip mroute-cache

standby 14 ip 159.87.32.229

standby 14 priority 110

!

interface Vlan1

ip address 159.87.32.228 255.255.255.0 secondary

ip address 10.200.100.44 255.255.252.0

no ip redirects

no ip mroute-cache

standby 14 ip 159.87.32.229

standby 14 priority 150

Why do you have different subnet masks for network 159.87.32.0 ?

Is this an error ?

sjamison · ‎10-20-2004

No. I have two networks on VLAN1, public and private. In order to make things route to my PIX, I had to add VLAN1 into that network so the 3550's would become aware of it and go straight to it, rather than go through the 3640 to get there (which it learned through EIGRP)

Hossy · ‎10-20-2004

Right, but with the 159.87.32.0 network you are using two different subnet masks on both 3550s.

On 3550A, you're using the 159.87.32.224/27 network.

On 3550B, you're using the 159.87.32.0/24 network.

You need to make sure that you keep the same subnet mask on all devices using that specific subnet.

The 159.87.32.0/24 network hosts range from 159.87.32.1 to 159.87.32.254.

The 159.87.32.224/27 network hosts range from 159.87.32.225 to 159.87.32.254.

Even though the IP 159.87.32.228 (3550B-vLAN1) is present in both these networks, it won't be able to communicate with 159.87.32.227 (3550A-vLAN1) because they have different subnet masks.

sjamison · ‎10-20-2004

doh... used to be that subnet mas just entered it in by habit. I changed it.

Still got the same problem:

ADJC-3640#ping 10.200.118.254

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.200.118.254, timeout is 2 seconds:

.!.!.

Success rate is 40 percent (2/5), round-trip min/avg/max = 1/1/1 ms

ADJC-3640#trace 10.200.118.254

Type escape sequence to abort.

Tracing the route to 10.200.118.254

1 10.200.100.44 4 msec

10.200.100.43 0 msec *

Hossy · ‎10-20-2004

Can you post the output of 'sh ip route 10.200.118.254' from ADJC-3640?

Also, can you post the output of 'sh ip standby 13' from both 3550A and 3550B?