07-26-2006 01:52 PM - edited 03-03-2019 04:14 AM
Hello Everyone,
I am attempting to run and test HSRP but there seems to be some errors.
My first switch is a Catalyst 3550 - 48 Port with SMI image
My second switch is a Catalyst 3550 - 48 Port with EMI image.
I configured HSRP on Vlan12 to try and see if my second switch will take over once I pull the cable out of the first one but it seems like it doesn't.
In the "show standby" command, the second switch shows as "Active router" because I gave it higher priority and it sees the neighbor switch which shows as standby router, so hsrp sees both the switches, knows which one is active and which one is standby but yet when I pull the plug on the first one, network is down, as if it did not revert to the second switch.
My cabling is as follows.
First switch has the first GIG (over fiber) uplink to my provider, the second GIG port is connected to the second gig port on the second switch over fiber as well. The first gig port of the second switch is NOT connected to anything as I only have one provider.
The two ports communicate since hsrp seems the neighbor switches.
The two are configured like this 10.0.0.1 s virtual gateway. 10.0.0.2 is the address of first switch. 10.0.0.3 is address of second switch (backup one). Those IP's are on a MANAGEMENT VLAN which I gave as VLAN ID 100
Now for the VLAN12 I am testing HSRP on, it has VALID INTERNET IP's and not local internal IP's.
Once again, the virtual IP finishes with 225, and I configured 226 as IP on switch1, 227 as IP on switch2.
I am NOT using the track option as I am not sure what it does, I only use the standby priority and preempt options.
So to put it in brief, I am trying to make VLAN12 work with HSRP so that all traffic from VLAN 12 enters switch 1 (from the provider uplink) goes to switch2 since I set vlan12 with higher priority (hsrp) on switch2 goes to the servers, then comes back to switch2, routes to switch1 (since it has to uplink to provider) and out to the internet.
I hope my formatting is not very bad and pretty much understandable.
Can someone please tell me what I am doing wrong and why is hsrp not working for me?
PS: I am suspecting the routing is not done well between one switch and the other so they cannot communicate the traffic, but I am not sure
Please help me
Thank You
07-26-2006 04:12 PM
If I understand you correctly, you pull the cable connecting the two switches and the network goes down? Do you mean the all the interface vlans on both switches go down? Is this the only physical interface that is up or connected? you mentioned vlan 12, is there any other port that belongs to vlan 12? I suspect that you are pulling a trunk port between the switches and there are no other physical ports that belongs to vlan 12 or no physical port that belongs to vlan 12 that is up/up. And the only port that is keeping the interface vlan 12 is the trunk port or the port that connects the two switches. Naturally, if there are no physical port that is up that belongs to vlan 12 that interface vlan will go down as well.
Please rate helpful posts.
07-26-2006 04:56 PM
Hello,
Maybe I didn't explain myself clearly.
Basically the TWO 3550's are connected on GIG 2 port using a TRUNK of ALL vlan's. They see each other perfectly, they are even in clustered mode on my network assistant.
Then Port 12 (which is also Vlan12 on my network) connects to a catalyst 2950T. So basically, you have the TWO (active and standby) 3550's with an active link with the 2950T (in the two uplinks port).
The cable I pull is NOT the link between the two, it is the cable in port 12 (vlan 12) on the Active switch to see if the standby 3550's will continue serving the 2950T, but as soon as I plug it out, the servers connected to the 2950t are offline, so the standby router is NOT even serving anything.
Also to note, I have put the priority HIGHER in the standby 3550 so that by default vlan12 should be served by that 3550, but seems that when I unplug the cable on the active 3550, vlan12 goes down(or perhaps the server are not connected to internet anymore)...
Please let me know what can be the problem
Very much appreciated
07-26-2006 05:18 PM
According to your description, the trunk between two 3550s are carrying all VLANs, so the VLAN 12 will also be carried in this trunk. Did you check the spanning tree configuration ? Is the VLAN 12 down caused by the SPT ?
Please provide the config. for reference.
I suggest to make a test to disconnect the trunk between two 3550s, it should not affect the communication then try to disconnect the active 3550 port 12 from 2950T to determine the result.
Hope this helps.
07-26-2006 06:06 PM
Hello,
Ok I am copy and pasting the configs of INTERFACE FASTETHERNET 12, VLAN12 and SHOW STANDY on BOTH 3550's...
NOTE: Port 12 is not connected at this point on standby 3550 to the 2950t anymore as I have disconnected the cable since it was not working, this is why there are less details for interface fast ethernet port 12 on standby switch, if you need full details I can give you more details once I connect it again, even with it disconnected, show standby shows the standby 3550 as active for Vlan12, but yet vlan12 operates out of active 3550 even when port 12 was active on standby one.
For privacy reasons, I have XXX'ed the IP's
Here is the data:
--------------------------------------
--- ACTIVE 3550 -----------------
interface FastEthernet0/12
description Switch 8 Uplink
switchport trunk encapsulation dot1q
switchport trunk native vlan 12
switchport trunk allowed vlan 1,3,12,100
switchport mode trunk
mls qos trust cos
macro description cisco-switch
auto qos voip trust
wrr-queue bandwidth 10 20 70 1
wrr-queue min-reserve 1 5
wrr-queue min-reserve 2 6
wrr-queue min-reserve 3 7
wrr-queue min-reserve 4 8
wrr-queue cos-map 1 0 1
wrr-queue cos-map 2 2 4
wrr-queue cos-map 3 3 6 7
wrr-queue cos-map 4 5
priority-queue out
spanning-tree link-type point-to-point
interface Vlan12
ip address 2XX.XX.XX.226 255.255.255.224
no ip redirects
standby 12 ip 2XX.XX.XX.225
standby 12 priority 95
standby 12 preempt
Vlan12 - Group 12
State is Standby
4 state changes, last state change 1d08h
Virtual IP address is 2XX.Xx.XX.225
Active virtual MAC address is 0000.0c07.ac0c
Local virtual MAC address is 0000.0c07.ac0c (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.068 secs
Preemption enabled
Active router is 2XX.XX.XX.227, priority 110 (expires in 7.508 sec)
Standby router is local
Priority 95 (configured 95)
IP redundancy name is "hsrp-Vl12-12" (default)
Vlan100 - Group 10
State is Active
2 state changes, last state change 2d03h
Virtual IP address is 10.0.0.1
Active virtual MAC address is 0000.0c07.ac0a
Local virtual MAC address is 0000.0c07.ac0a (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.064 secs
Preemption enabled
Active router is local
Standby router is 10.0.0.3, priority 100 (expires in 9.608 sec)
Priority 150 (configured 150)
IP redundancy name is "Hsrp-Vlan100" (cfgd)
---- STANDBY 3550 -------------------------
interface FastEthernet0/12
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,3,12,100
switchport mode trunk
interface Vlan12
ip address 2XX.XX.XX.227 255.255.255.224
no ip redirects
standby 12 ip 2XX.XX.XX.225
standby 12 priority 110
standby 12 preempt
Vlan12 - Group 12
Local state is Active, priority 110, may preempt
Hellotime 3 sec, holdtime 10 sec
Next hello sent in 0.126
Virtual IP address is 2XX.XX.XX.225 configured
Active router is local
Standby router is 2XX.XX.XX.226 expires in 7.756
Virtual mac address is 0000.0c07.ac0c
2 state changes, last state change 1d08h
IP redundancy name is "hsrp-Vl12-12" (default)
Vlan100 - Group 10
Local state is Standby, priority 100, may preempt
Preemption delayed at most a further 0 secs for syncs
Hellotime 3 sec, holdtime 10 sec
Next hello sent in 2.348
Virtual IP address is 10.0.0.1 configured
Active router is 10.0.0.2, priority 150 expires in 7.752
Standby router is local
1 state changes, last state change 2d03h
IP redundancy name is "Hsrp-Vlan100" (cfgd)
-----------------------------------------------------
Hope this helps you experts to help me :)
Thanks
07-26-2006 06:20 PM
Thanks for the info. I don't find any problem for the HSRP config. However, I still suggest to disconnect the trunk between 3550s or remove the VLAN 12 in this trunk to test it again.
Please provide your result if you test it again.
07-26-2006 06:30 PM
Hello,
Can you please explain in details what you mean by disconnect the trunk between 3550's or from removing the vlan12 trunk?
What exactly (in details please) do you want me to do or test?
I appreciate GREATLY your help
Thanks
07-26-2006 06:46 PM
As I mentioned before, I suspect there is spanning tree issue to cause the port down at 2950T or 3550. If you include VLAN 12 in the trunk between 3550, it will be a loop at L2, the spanning tree will be take effect to block one port somewhere. So, I want to isolate this issue first. If you ensure there is no spanning tree then it is fine. But I cannot figure out any problem at this moment.
Please feel free to share your opinion for discussion.
07-26-2006 06:59 PM
Hello,
Understood and I am completely with you. So here are my questions to you
1. Can you tell me step by step what to do in order to isolate the issue?
2. I was suspecting the routing between the two 3550 to be the issue since there is no provider uplink on standby 3550, so not sure how it would talk to the standby 3550 to then talk to the server on the 2950t then back to standby 3550 then to active 3550 then out to provider if you see what I mean...
Please get back to me on those two points and guide me to what you think I should do.
Thanks
07-26-2006 07:21 PM
I understood your question more now. There is only one uplink from your site to the provider, so you require the trunk between 3550s to carry the traffic.
In this case, I recommend to remove the VLAN 12 from the trunk and make two 3550s to route the traffic between them via the trunk.
i.e. the trunk will include VLAN X that will be included in the routing protocol to the provider uplink and the VLAN 12.
From active 3550, it will find the path to provider is direct connected interface; from standby 3550, it will find the path to provider via the active 3550.
However, in this design, you can only provide one protection level for the VLAN 12 port. e.g. only if the VLAN 12 port down, then the packet will flow to the standby 3550 then active 3550 to the provider. If the active 3550 down, the standby 3550 still not able to connect to the provider. I suggest to connect both 3550s to the router of provider. If it is not possible, simple remove the HSRP, enable ethernetchannel and use it as a flat LAN will simpler.
Please let me know your opinion.
07-26-2006 08:59 PM
This answer is for: jackyoung
Hello,
Ok how can I achieve that? I do not run routing protocol, everything is static, my provider announces my IP's and I just statically route them in my 3550's, there is no routing protocol. So how can I achieve what you are saying by static routing... ?
Your help is very much appreciated.
Thanks
07-26-2006 09:31 PM
Can you provide the routing section in your config. and advise which route you want to route to where ? Let me try to make it. Moreover, even the provider did not communicate w/ dynamic routing protocol and you still can enable it between two 3550s. It depends on your preference.
Moreover, please also advise your preference, which option you prefer to achieve, e.g. flat LAN or route between 3550s ?
Please clarify my assumption is correct or not ? If not, please provide a simple network diagram and the preferred routing path then we try to help.
Wait for your feedback.
07-26-2006 07:31 PM
I have copy\ied and pasted your configuration here, first of all, the 3550 you've labeled active is acitve for what? It's certainly not active for vlan 12, can you see that? second of all, not seeing the 2950 configurations, and merely basing on 3550's configurations, on the 3550 you've labeled active your native vlan is 12, what is the native vlan of the 2950? make sure they match. Third, the 3550 you've labeled "standby" shows that fa 0/12 native vlan is vlan 1, which is default since it's not specified in the configuration of the fa 0/12, you might want to check on that 2950's connection to the "standby" 3550 that the native vlan is also matching.
Fourth, when you disconnect the fa 0/12 from the 3550 you've labled "active", are you not able to ping the 2XX.XX.XX.225 from the server connected on 2950? Which should be the default gateway, right? Fifth, I must misunderstood, but if you disconnect the fa 0/12 on the 3550 you've labled "active", the interface vlan 12 does not go down, right? I mean show interface vlan 12, shows it's up/up? can you confirm that? If the interface vlan 12 remains up/up, that means the problem is the servers are not able to ping the 2XX.XX.XX.225 when it's only connection is the connection to the fa 0/12 of the 3550 you've labled "standby". I would make sure that the fa 0/12 of the 3550 "standby" and the port from 2950 to that port are both trunking and they have a matching native vlan. Finally, on HSRP there is only one active router at any given time, the standby is what the name suggests it's on "standby" and does not serve any hosts until the "active" HSRP goes away for whatever reason.
--- ACTIVE 3550 -----------------
interface FastEthernet0/12
description Switch 8 Uplink
switchport trunk encapsulation dot1q
switchport trunk native vlan 12
switchport trunk allowed vlan 1,3,12,100
switchport mode trunk
mls qos trust cos
macro description cisco-switch
auto qos voip trust
wrr-queue bandwidth 10 20 70 1
wrr-queue min-reserve 1 5
wrr-queue min-reserve 2 6
wrr-queue min-reserve 3 7
wrr-queue min-reserve 4 8
wrr-queue cos-map 1 0 1
wrr-queue cos-map 2 2 4
wrr-queue cos-map 3 3 6 7
wrr-queue cos-map 4 5
priority-queue out
spanning-tree link-type point-to-point
interface Vlan12
ip address 2XX.XX.XX.226 255.255.255.224
no ip redirects
standby 12 ip 2XX.XX.XX.225
standby 12 priority 95
standby 12 preempt
Vlan12 - Group 12
State is Standby >>>>>>>>>>>>>>> It say's "standby"
4 state changes, last state change 1d08h
Virtual IP address is 2XX.Xx.XX.225
Active virtual MAC address is 0000.0c07.ac0c
Local virtual MAC address is 0000.0c07.ac0c (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.068 secs
Preemption enabled
Active router is 2XX.XX.XX.227, priority 110 (expires in 7.508 sec)
Standby router is local
Priority 95 (configured 95)
IP redundancy name is "hsrp-Vl12-12" (default)
---- STANDBY 3550 -------------------------
interface FastEthernet0/12 >> this interface native vlan is vlan 1, what is the native vlan on 2950? is it even trunking?
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,3,12,100
switchport mode trunk
interface Vlan12
ip address 2XX.XX.XX.227 255.255.255.224
no ip redirects
standby 12 ip 2XX.XX.XX.225
standby 12 priority 110
standby 12 preempt
Vlan12 - Group 12
Local state is Active, priority 110, may preempt
Hellotime 3 sec, holdtime 10 sec
Next hello sent in 0.126
Virtual IP address is 2XX.XX.XX.225 configured
Active router is local
Standby router is 2XX.XX.XX.226 expires in 7.756
Virtual mac address is 0000.0c07.ac0c
2 state changes, last state change 1d08h
IP redundancy name is "hsrp-Vl12-12" (default)
07-26-2006 08:57 PM
This answer is for: bosalaza
Before I answer the other questions, let me clarify your last point which says:
"Finally, on HSRP there is only one active router at any given time, the standby is what the name suggests it's on "standby" and does not serve any hosts until the "active" HSRP goes away for whatever reason. "
I thought that you can just assign a HIGHER priority to the "standby router" so that it takes control of Vlan12, is that not possible? That is what I am trying to do in this case.
Also, I don't see where you see native vlan as 1, the trunk shows 4 vlans, there are not natives vlans....
The 2950T is a layer 2 switch, I have set the uplink of that switch to TRUNK all Vlans and then the separate ports are all on Static Access for Vlan 12.
I did not try to ping the 225 address from the server as when I disconnect the port 12 from the active router I lose completely the connection to the servers on that vlan12, so I cannot go forward.
Hope this makes things clearer.
Thanks for the help
07-26-2006 09:54 PM
I thought that you can just assign a HIGHER priority to the "standby router" so that it takes control of Vlan12, is that not possible? That is what I am trying to do in this case.
>> huh?? By sharing an IP address and a MAC (Layer 2) address, two or more routers can act as a single "virtual" router. The members of the virtual router group continually exchange status messages. This way, one router can assume the routing responsibility of another, should it go out of commission for either planned or unplanned reasons. Hosts continue to forward IP packets to a consistent IP and MAC address, and the changeover of devices doing the routing is transparent. I think that is the same thing I said in layman's terms.
http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a0080094a91.shtml#background
http://www.cisco.com/en/US/tech/tk648/tk362/technologies_q_and_a_item09186a00800a9679.shtml
Also, I don't see where you see native vlan as 1, the trunk shows 4 vlans, there are not natives vlans....
>> interface FastEthernet0/12
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,3,12,100
switchport mode trunk
That means the native vlan for this port is vlan 1, to confirm "show inter fa 0/12 switchport", you'll see that the native vlan for this interface is vlan 1.
The 2950T is a layer 2 switch, I have set the uplink of that switch to TRUNK all Vlans and then the separate ports are all on Static Access for Vlan 12.
I did not try to ping the 225 address from the server as when I disconnect the port 12 from the active router I lose completely the connection to the servers on that vlan12, so I cannot go forward.
>> you need to post the following when you disconnect fa 0/12 as you described and the server's are lost:
From both of the 3550:
1. show int vlan 12 >> to confirm int vlan 12 are up/up. If they are down then no need to proceed further.
2. show standby vlan 12 >> just to verify that the HSRP are in good state, I think they are but since we are troubleshooting, it's best not to leave any stones unturned.
3. show int trunk >> to see which int are trunking and which vlans are forwarding.
4. show cdp neigh >> to verify the ports and what devices connects to what port.
5. show vlan
From the 2950 where the servers are connected:
1. show vlan
2. show int trunk
3. show cdp neigh
If you are willing to post the above, I am sure one of the contributors, If I can't, will be able to help you. the above will make everything clear for the rest of us.
Please rate helpful posts.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide