Re: hsrp problem....hsrp address not responding

justin.donoghue · ‎09-12-2006

Hi

I'm hoping I can get some opinions on this. I have 2 7200 routers with 2 gig interfaces each. Each gig interface is connected to 2 stacked 3750 switches. I have sub interfaces configured on both the gig interfaces so they are essentially dot1q to the 3750 switches. I have specified a hsrp group for each subinterface on the 7200s. My problem is that when I have 1 of the 7200 routers acting as hsrp active for some groups and the other 7200 acting as hsrp active for other groups hosts lose connectivity to their hsrp address for one of the routers. i.e no response to pings yet correct mac address in arp table.All works well when I make either one of the routers the hsrp active for all of the groups. Any ideas?

r1----3750----hosts

\/ | <--stack

/\ |

r2----3750----hosts

justin.donoghue · ‎09-12-2006

diagram above did not come out correctly

Edison Ortiz · ‎09-12-2006

Let's see the 'show config' along with the 'show standby' output, please

justin.donoghue · ‎09-12-2006

config for one router is below.The other router is the same apart from the track command and the priority is 155. The 2 3750s have the vlans configured and dot1q trunks to both of the routers 2 gig ports.

the show standby at the moment shows the correct info ie the correct router is active for all the groups...

thanks

interface GigabitEthernet0/1

description *** Primary link to Switch 1 ***

no ip address

no ip proxy-arp

duplex auto

speed auto

media-type sfp

negotiation auto

!

interface GigabitEthernet0/1.10

encapsulation dot1Q 10

ip address x.x.x.x 255.255.255.224

no ip proxy-arp

no snmp trap link-status

standby 10 ip x.x.x.x

standby 10 priority 160

standby 10 preempt delay minimum 60

standby 10 track GigabitEthernet1/0

!

interface GigabitEthernet0/1.30

encapsulation dot1Q 30

ip address x.x.x.x 255.255.255.192

no ip proxy-arp

no snmp trap link-status

standby 30 ip x.x.x.x

standby 30 priority 160

standby 30 preempt delay minimum 60

standby 30 track GigabitEthernet1/0

!

interface GigabitEthernet0/1.70

encapsulation dot1Q 70

ip address x.x.x.x 255.255.255.252

no ip proxy-arp

no snmp trap link-status

!

interface FastEthernet0/2

no ip address

shutdown

duplex auto

speed auto

!

interface GigabitEthernet0/2

description **** secondary link to switch 2 ***

no ip address

no ip proxy-arp

duplex auto

speed auto

media-type sfp

negotiation auto

!

interface GigabitEthernet0/2.20

encapsulation dot1Q 20

ip address x.x.x.x 255.255.255.224

no ip proxy-arp

ip ospf network broadcast

no snmp trap link-status

standby 20 ip x.x.x.x

standby 20 priority 160

standby 20 preempt delay minimum 60

standby 20 track GigabitEthernet1/0

!

interface GigabitEthernet0/2.40

description *** N2 Web Farm ***

encapsulation dot1Q 40

ip address x.x.x.x 255.255.255.192

no ip proxy-arp

no snmp trap link-status

standby 40 ip x.x.x.x

standby 40 priority 160

standby 40 preempt delay minimum 60

standby 40 track GigabitEthernet1/0

!

interface GigabitEthernet0/2.50

encapsulation dot1Q 50

ip address x.x.x.x 255.255.255.240

no ip proxy-arp

no snmp trap link-status

standby 50 ip x.x.x.x

standby 50 priority 160

standby 50 preempt delay minimum 60

standby 50 track GigabitEthernet1/0

!

interface GigabitEthernet0/2.80

encapsulation dot1Q 80

ip address x.x.x.x 255.255.255.252

no ip proxy-arp

ip ospf network broadcast

no snmp trap link-status

Edison Ortiz · ‎09-12-2006

Justin,

The config looks fine.Which ARP table are you checking ? The switches or the 7200 routers ?

When you ping from the workstation, what's on the workstation ARP table ?

Can either router ping the HSRP address when you have trouble pinging ?

Can the 3750 switches ?

justin.donoghue · ‎09-12-2006

Hi

The arp tables on both the router and the hosts look ok in that the hsrp address's mac address is showing up. The switches mac address tables look ok too.

Pinging the hrsp address from the standby router in the group gets no response either. I haven't tried pinging from the switches but I assume if the routers can't and the hosts can't then the switches can't...but that's an assumption. btw pinging the 2 routers real addresses is fine from the hosts and from each router.

thanks

Edison Ortiz · ‎09-12-2006

Justin,

Looking at the config one more time, I noticed

standby 40 track GigabitEthernet1/0

Where is the interface G1/0 on this router config ?

justin.donoghue · ‎09-12-2006

Hi

I didn't paste it as it isn't really relevant. It's a WAN interface to the internet I am tracking.It looks like this could be a difficult issue to find an answer to.

Edison Ortiz · ‎09-12-2006

Very hard without posting revelant information such as IP addresses. I find it hard to understand your configuration when I'm only getting the subnet mask with xxx.xxx.xxx.xxx as the IP address.

Sorry.

justin.donoghue · ‎09-12-2006

no problem..the ip addresses are public IPs so I cant divulge them. I'm pretty confident that the config is fine as Ive done this a load of times before I'm just wondering if anyone has seen this issue before and what was the fix. thanks anyway

sundar.palaniappan · ‎09-12-2006

Hi,

As you are able to ping the physical address and can't ping the HSRP address can you make sure the HSRP (standby) IP is on the same subnet as the physical address.

If you are using private IP address then you don't have to worry about posting the config on the forum.

Sundar

justin.donoghue · ‎09-12-2006

Hi Sundar

Yes all addressing correct. I've double checked that. hsrp works fine when one router is active for all groups, even the failover works.

glen.grant · ‎09-12-2006

Did you verify the users default gateway is pointed at the hsrp ip address ? It almost sounds like it is pointed to one router interface or the other and not the hsrp address.If you just have 2 interfaces up to the 7200's then to fail over hsrp you would have to kill one of the uplinks which would then leave a portion of your connections unable to get to the hsrp address they are pointed to . Also if you are tracking an interface like g0/1 then i would use a decrement value on the tracking statement on the primary side to make sure it becomes lower than the secondary side.

justin.donoghue · ‎09-12-2006

yep they're pointing to the hsrp address alright. we're testing the failover by pulling the g0/1 interface that is being tracked not the uplinks. the decrement value Im using is the default value of 10....active router pri is 160, standy is 155 so a decrement of 10 will mean it will drop to 150 and the standy will take over.

sundar.palaniappan · ‎09-12-2006

Justin,

It may have something to do with gratuitous ARP not working correctly. Can you configure 'standby use-bia' under the interface on both switches and see if that fixes the problem.

HTH

Sundar