HSRP address - arp problem

sstefanovic · ‎01-19-2005

pix#1----|----7507 R#1

|

pix#2----|----7507 R#2

R1 and R2 are running HSRP

I can not ping HSRP -ip address from pix until

create static arp

Sniffer shows that active R1 is not responding to ARP

request?

Please help!

I tryed interface command "stand use-bia"

It did not help...

Regards,

Slad

Richard Burts · ‎01-19-2005

It would help if you would post the output of show standby, show interface, show ip interface of the routers. It might also help if you post the config of the intefaces on both routers.

HTH

Rick

HTH

Rick

ehirsel · ‎01-19-2005

What does the sniffer trace show? Does R2 respond or is there no response?

Remove the standby-use-bia from the hsrp config on both routers and remove the static arp entry on the pix firewalls. Then try this:

At the switch display the mac-address table. I assume that there is only one swtich in use, let me know if there are two switches or more that are invlolved.

The hsrp process should use a virtual mac address and the active router should issue a gratuitous arp to let the switch know to update its mac-address-table.

At the active pix, do a show arp command, or a show ip arp (one will only list pix interface mac-addresses, the other will list all entries. Post the results here.

Another item to check is that the subnet and mask is properly defined on the pix, routers and that the hsrp address falls within that subnet.

Let me know what you find.

sstefanovic · ‎01-19-2005

Ping works with interface IP address

ping to HSRP IP address not.

There are 4 switches in this switch environment

It was 2 before , we have replaced switches this weekend , and it did stop working that night....

It is not just PIX it looks like we have this

on all VLANs.

So what could be wrong with switching ?

On all switches

sh mac add

shows HSRP MAC address no problem

Sniffer shows ARP request is going to R1 but no responce from R1 or R2...?

Please comment...

Regards,

Slad

ehirsel · ‎01-19-2005

On each router that participates in HSRP, run this command:

show standby

Post the results here. I am looking to see if each router thinks it is active beacuse the hsrp frames are not crossing the switch trunk links. I assume that each router is connected to a different switch. Let me know if that is not the case.

You did mention that each switch has an entry for the hsrp mac address, for those switches that the active router is NOT connected to does the mac-address-table point to the proper trunk link?

Are you using token-ring or ethernet lan topology?

sstefanovic · ‎01-20-2005

sh stand

points to one Active router R1

and one Standby router R2.

everyting looks normal.

I am going to open Case

It must be something very simple....

Regards,

Slad

ehirsel · ‎01-20-2005

Are both routers connected to the same layer switch?

Please let me know what the results of the TAC case are.

ehirsel · ‎01-24-2005

Just wondering if your issue was solved or if you need more help.