Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
10646
Views
1
Helpful
3
Replies

HSRP and access-list on Vlan

Go to solution
jefvaneijk
Level 1
Level 1

‎06-20-2005 01:00 AM - edited ‎03-02-2019 11:09 PM

I have tow 6509 with HSRP configured. On one vlan lan i have a access-list configured. Know one router can not learn from the other on this vlan.

Vlan50 - Group 50

Local state is Active, priority 110

Hellotime 3 sec, holdtime 10 sec

Next hello sent in 2.678

Virtual IP address is *.*.* configured

Active router is local

Standby router is unknown

Virtual mac address is *.*.*

5 state changes, last state change 20:11:28

IP redundancy name is "****" (default)

What do i need to configure in the access-list to let it work?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
amit-singh
Level 8
Level 8
In response to jefvaneijk

‎06-20-2005 04:02 AM

Hi,

HSRP hello packets are sent to multicast address 224.0.0.2 using UDP port 1985. Whenever an ACL is applied to an HSRP interface, ensure that packets destined to 224.0.0.2 on UDP port 1985 are permitted.

You just permit this and it will work.

HTH,

-amit singh

View solution in original post

3 Replies 3

Go to solution
amit-singh
Level 8
Level 8

‎06-20-2005 01:17 AM

Please paste the config.

regards,

-amit singh

0 Helpful

Go to solution
jefvaneijk
Level 1
Level 1
In response to amit-singh

‎06-20-2005 02:19 AM

interface Vlan50

description one

ip address *.*.*.253 255.255.255.0

ip access-group one in

ip helper-address *.*.*.*

ip helper-address *.*.*.*

no ip redirects

standby 50 ip *.*.*.254

standby 50 priority 110

ip access-list extended one

permit udp any any eq bootps

permit ip any host *.*.*.*

permit ip any host *.*.*.*

permit ip any host *.*.*.*

permit ip any host *.*.*.*

permit ip any 0.0.0.133 255.255.255.0

permit ip any 0.0.0.121 255.255.255.0

permit udp any 0.0.0.121 255.255.255.0

permit udp any host 1*.*.*.*

permit ip any host *.*.*.*

permit ip any host *.*.*.252 ip other router

interface Vlan50

description two

ip address *.*.*.252 255.255.255.0

ip access-group one in

ip helper-address *.*.*.*

ip helper-address *.*.*.*

no ip redirects

delay 1000

standby 50 ip *.*.*.254

*.*.*.*

ip access-list extended one

permit udp any any eq bootps

permit ip any host *.*.*.*

permit ip any host *.*.*.*

permit ip any host *.*.*.*

permit ip any host *.*.*.*3

permit ip any 0.0.0.133 255.255.255.0

permit ip any 0.0.0.121 255.255.255.0

permit udp any 0.0.0.121 255.255.255.0

permit udp any host *.*.*.*

permit ip any host *.*.*.*

permit ip any host *.*.*.253 ip other router

Vlan* - Group *

Local state is Active, priority 110

Hellotime 3 sec, holdtime 10 sec

Next hello sent in 2.884

Virtual IP address is *.*.*.254 configured

Active router is local

Standby router is unknown

Virtual mac address is *.*.*.*

5 state changes, last state change 21:36:58

IP redundancy name is "*" (default

0 Helpful

Go to solution
amit-singh
Level 8
Level 8
In response to jefvaneijk

‎06-20-2005 04:02 AM

Hi,

HSRP hello packets are sent to multicast address 224.0.0.2 using UDP port 1985. Whenever an ACL is applied to an HSRP interface, ensure that packets destined to 224.0.0.2 on UDP port 1985 are permitted.

You just permit this and it will work.

HTH,

-amit singh

Customers Also Viewed These Support Documents