10-20-2004 01:03 PM - edited 03-02-2019 07:25 PM
Got two 3550-12T's running layer2/3. 12.1(19)EA1c
When Im in the network and I ping my HSRP address it responds fine. When im off the network the HSRP pings back every other time, same with pinging the vlan interface. If I shut one interface down, then I get 100% ping response. My 3640 is where Im pinging my 3550's. They know about each other through EIGRP. (I am doing intervlan routing) 3640 is in my flat vlan1 network, and I have 4 vlans in my 3550s so far where my new network is living at. (need to still grow it but cant until this is fixed)
Any thoughts suggestions? This is now day three with an open case with TAC and Im going to escalate it if I cant find an easy fix...
10-20-2004 03:17 PM
Here you go:
ADJC-3640#show ip route 10.200.118.254
Routing entry for 10.200.118.0/24
Known via "eigrp 1", distance 90, metric 28416, type internal
Redistributing via eigrp 1
Last update from 10.200.100.44 on FastEthernet0/0, 00:42:35 ago
Routing Descriptor Blocks:
* 10.200.100.43, from 10.200.100.43, 00:42:35 ago, via FastEthernet0/0
Route metric is 28416, traffic share count is 1
Total delay is 110 microseconds, minimum bandwidth is 100000 Kbit
Reliability 255/255, minimum MTU 1500 bytes
Loading 1/255, Hops 1
10.200.100.44, from 10.200.100.44, 00:42:35 ago, via FastEthernet0/0
Route metric is 28416, traffic share count is 1
Total delay is 110 microseconds, minimum bandwidth is 100000 Kbit
Reliability 255/255, minimum MTU 1500 bytes
Loading 1/255, Hops 1
3550A
Vlan20 - Group 13
Local state is Standby, priority 110
Hellotime 3 sec, holdtime 10 sec
Next hello sent in 2.290
Virtual IP address is 10.200.118.254 configured
Active router is 10.200.118.251, priority 150 expires in 8.276
Standby router is local
3 state changes, last state change 06:05:05
IP redundancy name is "hsrp-Vl20-13" (default)
3550B
Vlan20 - Group 13
Local state is Active, priority 150, may preempt
Hellotime 3 sec, holdtime 10 sec
Next hello sent in 1.960
Virtual IP address is 10.200.118.254 configured
Active router is local
Standby router is 10.200.118.250 expires in 9.244
Virtual mac address is 0000.0c07.ac0d
1 state changes, last state change 1d04h
IP redundancy name is "hsrp-Vl20-13" (default)
10-20-2004 05:12 PM
Can you post a 'sh ip route 10.200.118.254' from 10.200.100.43 and 10.200.100.44?
10-21-2004 05:53 AM
here you go:
3550A-DJ7727>show ip route 10.200.118.254
Routing entry for 10.200.118.0/24
Known via "connected", distance 0, metric 0 (connected, via interface)
Redistributing via eigrp 1
Routing Descriptor Blocks:
* directly connected, via Vlan20
Route metric is 0, traffic share count is 1
3550B-DJ7728>show ip route 10.200.118.254
Routing entry for 10.200.118.0/24
Known via "connected", distance 0, metric 0 (connected, via interface)
Redistributing via eigrp 1
Routing Descriptor Blocks:
* directly connected, via Vlan20
Route metric is 0, traffic share count is 1
10-21-2004 09:37 AM
One thing that I think might be wrong here is that the 3640 router is load balancing the pings to the hsrp networks which the 3550's are confused about because it is directly connected. Try doing this and see if this fixes your problem. Run HSRP on the 3550s for the network IP's 10.200.100.43 and 44, if anything make it a seperate VLAN if you have can. I never cared for secondary IP address or using vlan 1. Change those to be on two seperate VLANs and see if that fixes your problem.
10-21-2004 11:57 AM
unicast reverse path verify was not allowing it. Had to do a urpf allow self ping and then everything was fine. security features keeping me down! =)
10-21-2004 12:02 PM
Now that you say that was a problem I noticed that you didn't have ip cef enabled which is a requirement for unicast reverse path. You could try enabling it and see if that fixes it and allows you to keep you security.
10-21-2004 02:13 PM
hmm you are right, but when I do a show IP cef it shows that its running.. weird that it doesnt show it in the configuration. Is it on by default on these guys?
10-21-2004 10:19 AM
Because your Ping is load balanced between the 2 switches. I'd assume that one of the 3550 switches has no route back to your 3640.. sh ip route and Trace from both 3550 back to the ping source IP address of your 3640..
10-21-2004 11:03 AM
From the 3640, try pinging the 10.200.100.43 and 10.200.100.44 IPs. I suspect the 3640 can't communicate with one of them.
Also, how do the 3750s and 3550s connect to each other. Right now, I understand that the 3640 doesn't connect to 3750B. How does 3550A talk to 3550B?
10-21-2004 11:40 AM
Pings to those addresses from the 3640 respond 100%
Pings from each 3550 to the 3640 respond 100%
3640 isnt doing any type of load balancing. If I put those 10.200.100.43/44 addresses in a different vlan wont that screw things up? Ill have the same subnet in multiple vlans... that cant be good?
I have a escalated engineer in my network checking it out. Going on almost 2 hours now still no answer yet...
10-21-2004 11:56 AM
When you ran Ping from the 3550 to the 4640, did you source the PING from the 10.200.118.251 and 250.. Try that..
I see load balancing
from your sh ip route, you have 2 routes to 10.200.118.254, one via 100.44 and one via 100.43. And I think losing the packets is related to that, because you send one packet via 44 and the second via 43.
ADJC-3640#show ip route 10.200.118.254
Routing entry for 10.200.118.0/24
Known via "eigrp 1", distance 90, metric 28416, type internal
Redistributing via eigrp 1
Last update from 10.200.100.44 on FastEthernet0/0, 00:42:35 ago
Routing Descriptor Blocks:
* 10.200.100.43, from 10.200.100.43, 00:42:35 ago, via FastEthernet0/0
Route metric is 28416, traffic share count is 1
Total delay is 110 microseconds, minimum bandwidth is 100000 Kbit
Reliability 255/255, minimum MTU 1500 bytes
Loading 1/255, Hops 1
10.200.100.44, from 10.200.100.44, 00:42:35 ago, via FastEthernet0/0
Route metric is 28416, traffic share count is 1
Total delay is 110 microseconds, minimum bandwidth is 100000 Kbit
Reliability 255/255, minimum MTU 1500 bytes
Loading 1/255, Hops 1
That could be also a L2 problem as well.. I had the same problem about 2 years ago but I can't remeber
10-21-2004 11:59 AM
unicast reverse path verify was the problem. Once I got this removed or added the command for allow self ping then it worked right.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide