cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3407
Views
0
Helpful
75
Replies

HSRP on 2 3550's not working, HELP please

existhosting
Level 1
Level 1

Hello Everyone,

I am attempting to run and test HSRP but there seems to be some errors.

My first switch is a Catalyst 3550 - 48 Port with SMI image

My second switch is a Catalyst 3550 - 48 Port with EMI image.

I configured HSRP on Vlan12 to try and see if my second switch will take over once I pull the cable out of the first one but it seems like it doesn't.

In the "show standby" command, the second switch shows as "Active router" because I gave it higher priority and it sees the neighbor switch which shows as standby router, so hsrp sees both the switches, knows which one is active and which one is standby but yet when I pull the plug on the first one, network is down, as if it did not revert to the second switch.

My cabling is as follows.

First switch has the first GIG (over fiber) uplink to my provider, the second GIG port is connected to the second gig port on the second switch over fiber as well. The first gig port of the second switch is NOT connected to anything as I only have one provider.

The two ports communicate since hsrp seems the neighbor switches.

The two are configured like this 10.0.0.1 s virtual gateway. 10.0.0.2 is the address of first switch. 10.0.0.3 is address of second switch (backup one). Those IP's are on a MANAGEMENT VLAN which I gave as VLAN ID 100

Now for the VLAN12 I am testing HSRP on, it has VALID INTERNET IP's and not local internal IP's.

Once again, the virtual IP finishes with 225, and I configured 226 as IP on switch1, 227 as IP on switch2.

I am NOT using the track option as I am not sure what it does, I only use the standby priority and preempt options.

So to put it in brief, I am trying to make VLAN12 work with HSRP so that all traffic from VLAN 12 enters switch 1 (from the provider uplink) goes to switch2 since I set vlan12 with higher priority (hsrp) on switch2 goes to the servers, then comes back to switch2, routes to switch1 (since it has to uplink to provider) and out to the internet.

I hope my formatting is not very bad and pretty much understandable.

Can someone please tell me what I am doing wrong and why is hsrp not working for me?

PS: I am suspecting the routing is not done well between one switch and the other so they cannot communicate the traffic, but I am not sure

Please help me

Thank You

75 Replies 75

Hello,

Ok I have done everything you have asked but one thing changed. I now did a VLAN13 to test hsrp as my VLAN12 is now in production and I can't put it down since customers are online on it. So SAME config but now on VLAN13, please keep this in mind, it is NOT on Vlan 12 anymore, but on VLAN 13. Also, BOTH the VLAN13 are on FastEthernet port 13 of BOTH the active and standby 3550

Another thing to keep in mind is that I COULDN'T get the telnet session for me 2950T while the cable was UNPLUGGED on the active 3550, since hsrp did not work, it didn't let me see it so I had to plug it back to get connection and get the commands you wanted me to post.

I hope this helps you to help me find the problem :)

The commands are on an attachment as it is TOO big for the 4000 characters max.

Greatly appreciated.

Thank You

Hi,

Okay, so you're talking about the mt1-sw-bu1 fa0/13 to gi 0/2 of B1.Switch9, right?

Those two have a mismatch of native vlan.

mt1-sw-bu1:

mtl-sw-bu1#show int trunk

Port Mode Encapsulation Status Native vlan

Fa0/13 on 802.1q trunking 1

While the B1.Switch9 shows:

B1.Switch9#show int trunk

Port Mode Encapsulation Status Native vlan

Gi0/1 on 802.1q trunking 13

Gi0/2 on 802.1q trunking 13

Let me ask you, do you see the native vlan mismatch? and you do know what kind of problem that could present, right? Let ask you, the hosts in B1.Switch9 are all in vlan 13 it looks like from show vlan, are they in subnet 2XX.XX.XX.0/27? At this time with the current configurations, these hosts are they able to ping 2XX.XX.XX.3 or 2XX.XX.XX.1? I would hope not. If not, then match the native vlan on both sides and that should do it, or maybe they are not suppose to trunk?

Hope that helps.

Hello,

Yes exactly, BU1 is connected on Port 13 ro GIG2 of B1.Switch9.

Also yes I saw the mismatch, so I left the trunking and applied ALL native vlans on the trunking to 13

And guess what YOU'RE A GENIUS :)

I unplugged the cable on Active 3550 port 13and I could ping "google.com" on my server. I then unplugged Standby 3550 port 13 and reconnected in the Active 3550 and I could still ping it, my guess is that it now works :)

Now some other questions please...

I see that it works, but I want to understand HOW does standby 3550 knows to route all traffic OUT through active 3550 port GIG 0/1 which has provider's cable ???

How do I know I created a real LAYER 3 connection between the two 3550 and not just a layer 2 loop which can fail sometimes.. ?

Also, in the case where for example the Active 3550 switch would die (lets say power supply dead). how would the standby switch get all the "static routing table" I created in active 3550? how would Access-Lists information be copied over, etc...

Basically what I want to do is a completely redundant switch failover (of course I will have to move the providers cable to standby 3550 GIG 0/1 since I only have one provider cable)

I would appreciate if you can answer my three questions above.

Thank You

I see that it works, but I want to understand HOW does standby 3550 knows to route all traffic OUT through active 3550 port GIG 0/1 which has provider's cable ???

>>> the two 3550 have trunk port between them and basically would have the same routing table. As, I keep saying before the HSRP only has one active, who ever it is is the one responding to the packets destine to virtual address, in your case it 2xx.xx.xx.1. the standby does not really route any packet to the "active", it's just sitting there until it is called upon to do active duty.

How do I know I created a real LAYER 3 connection between the two 3550 and not just a layer 2 loop which can fail sometimes.. ?

>> In your case, you need the layer 2 redundancy for the HSRP to work, the L2 redundancy are the connection between the two 3550 and the connection from two 3550 to the 2950s. L2 connectivity is needed for the HSRP, HSRP hellos are not routed. I hope I am not confusing you.

Also, in the case where for example the Active 3550 switch would die (lets say power supply dead). how would the standby switch get all the "static routing table" I created in active 3550? how would Access-Lists information be copied over, etc...

>> It won't, it will need them there too. If you're last hop to the Internet is going through one of the 3550, it does not matter how many redundancy you have since you have one single point of failure which is the 3550, if that 3550 dies, there nothing left to route to the last hop.

Basically what I want to do is a completely redundant switch failover (of course I will have to move the providers cable to standby 3550 GIG 0/1 since I only have one provider cable)

>> If the provider is an ethernet connection, you can put another switch between the two 3550s.

connect the provider to the new switch and connect the new switch to both the 3550's. But you will still have a single point of failure - the new switch.

I would appreciate if you can answer my three questions above.

Please rate helpful posts.

What I meant for the LAYER 3 connection is that someone told me the following:

1) "You need to establish a lyer 3 link between both 3550's, don't create a layer 2 loop unless you absolutely have to, its almost guaranteed to fail at the worst possible time."

What did he mean by that?

2) What I meant for the routing table, access lists etc... is that everytime I add a static route on one 3550 (lets say the active one), how would the standby one know the route was added? Do I need to create them at BOTH the locations all the time??? And what about Vlan's? I need to create them at both location everytime? and access lists? and the rest? (you see what I mean, basically do I have to replicate the same data on both the switches all the time?)

Please answer two questions above.

Thank You

Let me try to ans. it.

1) It means if you enable the VLAN 13 in the trunk between 3550s and you also have VLAN 13 to 2950 from two 3550s. It will create the L2 loop. There are two ways to fix it.

a) To remove all VLAN in the trunk that will also be assigned to the 3550 port to 2950 to prevent the loop then include the remaining VLAN in the trunk in the routing table that communicate to the ISP router;

b) To remove the trunk between two 3550s and assign a dedeicated VLAN access port in this link, this VLAN should not be assigned to the port to 2950, and only used for the inter-connection between two 3550s. Then enable this path in the routing protocol between two 3550s and ISP routers.

2) Basically, you can redistribute the static route in one 3550 to the dynamic routing protocol. Then the another 3550 will learn it via the routing protocol. However, if the static route is different between two 3550s, then you have to configure it in both 3550s. For the access-list, you have to create access-list in both 3550s (if there is a need). It depends on the requirement to dedicde to replicate all or part of the config. but rememeber to change the corresponding IP address in either static route or access-list.

Hope this helps.

Hello

For number 1.

I have to include Vlan13 between the two 3550's since it has to talk to standby 3550 when the first one is down no? It also has to go to the 2950 since it has that Vlan13, that is what I am not really understanding.

For number 2.

Whats the feature I would use for the other 3550 to learn the static routes from the first one ?? can you please be detailed

Thanks

You are superman that you online all the time. Takecare.

The VLAN 13 traffic will communicat via the connection to 2950. Because btoh 3550s connect to the 2950, and 2950 configure both ports w/ same VLAN, so it is L2 connected.

You can use redistribution that redistribute the static route to EIGRP. Check below :

http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_configuration_guide_chapter09186a00800d97f9.html

The Catalyst 3550 switch is supported by either the standard multilayer software image (SMI) or the enhanced multilayer software image (EMI). The EMI provides a richer set of enterprise-class features, including hardware-based IP unicast and multicast routing, inter-VLAN routing, routed access control lists (ACLs), and the Hot Standby Router Protocol (HSRP).

http://www.cisco.com/en/US/products/hw/switches/ps646/products_configuration_guide_chapter09186a00801f0a52.html

I also wanted to add what is the HSRP group feature.

For now, I added different hsrp groups for every vlan, is that the way to do it?

I do not really understand the point of same or different groups, can someone please clarify?

Thank You

You are correct to add/assign different HSRP group for different VLAN. i.e. each subnet require one HSRP group.

Hello,

Ok thank you, but can you please give me more details as to what those group do and what is the benefit of having less or more groups?

Thanks

If you want to use HSRP, you require at least one group. If you enable more groups in same subnet, it will be MHSRP (Multiple HSRP, different virtual IP but same real IP), we normally use it as load-sharing, split the users to two groups then each group point to different HSRP virtual IP address for gateway.

Below is the link. Please read the provided info., if you still have question, please feel free to ask.

http://www.cisco.com/en/US/tech/tk648/tk362/technologies_configuration_example09186a0080094e90.shtml

Hope this clarify.

something very wierd happened.

I enabled ALL hsrp for all my vlans even in production, then customer started to complain that things were down, after a brief check, I found out that ALL the static IP routes I put it, all those IP's do not work anymore. For example, I router 2XX.XX.62.0 /24 to VLAN 7, ANY server using an IP from that static route, was getting a TTL EXPIRED IN TRANSIT ERROR when pinging the website.

Then, I added that same static route on the STANDBY 3550 routing table and it started working right after....

I thought things would continue to work WITHOUT me needing to put the static routing table on the second standby 3550 since ALL the hsrp groups are ACTIVE for the active 3550, so why does it need to see the standby 3550 routing table for it to work?

Also just to add I DID NOT connect the port on STANDBY 3550 to the GIG/2 uplink of that 2950T so I don't know why it needs to see the standby 3550 routing table in order to work. Very odd as that 2950T is ONLY connected to the Active 3550.

Also, it seems that only because the plug is NOT connected that I needed to put this static route on the standby one too.

ALL the other static routes have their respective vlan to which they forward connected to BOTH active and standby 3550's, just that static route for VLAN 7 is not UP for the standby 3550 as I did not pass the cable yet to that switch

Maybe I did some incorrect loops or something.

Please this is urgent, I need help

Thanks

Review Cisco Networking for a $25 gift card