Solved: Re: HSRP problem

steve0miller · ‎09-04-2006

Hey Folks,

I'm having an HSRP problem that's kicking my butt. I have a simple LAN with this

physical layout:

_______ _______

| | | |

| DS1 |-----| DS2 |

|______| |______|

\ /

_______

| |

| AS1 |

|______|

DS1 and DS2 are 3550's running IOS version Version 12.2(25)SEE2. The link connecting the 3550's is a fiber gig trunk link (G0/1).

The problem is that during my HSRP failover testing, when I disable g0/1 on either switch, the VLAN's (both HSRP Active and in Standby mode) go to "unknown" mode, also they get stuck in the "Init" stage.

Here is an example when the trunk link between the switches is up and active:

DS1#sh standby brief

P indicates configured to preempt.

|

Interface Grp Prio P State Active Standby Virtual IP

Vl200 200 110 P Active local 10.0.1.3 10.0.1.1

Vl201 200 100 P Standby 10.0.2.3 local 10.0.2.1

Vl210 200 110 P Active local 10.0.10.3 10.0.10.1

And here is after i disable the trunk link between the switches:

DS1(config)#int g0/1

DS1(config-if)#shut

DS1(config-if)#end

DS1#sh standby brief

P indicates configured to preempt.

|

Interface Grp Prio P State Active Standby Virtual IP

Vl200 200 110 P Init unknown unknown 10.0.1.1

Vl201 200 100 P Init unknown unknown 10.0.2.1

Vl210 200 110 P Init unknown unknown 10.0.10.1

I've tried everything I can think of and have come up short so far. Here are the relevant parts of

the configs, maybe you guys can see something I'm doing wrong. I appreciate any help you could provide.

DS1:

spanning-tree vlan 200,210 priority 4096

spanning-tree vlan 201 priority 8192

!

interface GigabitEthernet0/1

description <== To DS2 ==>

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 200-250

switchport mode trunk

spanning-tree link-type point-to-point

!

interface Vlan200

description <== USER VLAN 200 ==>

ip address 10.0.1.2 255.255.255.0

ip helper-address 10.0.0.9

no ip redirects

no ip proxy-arp

standby 200 ip 10.0.1.1

standby 200 timers 1 3

standby 200 priority 110

standby 200 preempt

!

interface Vlan201

description <== USER VLAN 201 ==>

ip address 10.0.2.2 255.255.255.0

ip helper-address 10.0.0.9

no ip redirects

no ip proxy-arp

standby 200 ip 10.0.2.1

standby 200 timers 1 3

standby 200 preempt

!

interface Vlan210

description <== WIRELESS VLAN 210 ==>

ip address 10.0.10.2 255.255.255.0

ip helper-address 10.0.0.9

no ip redirects

no ip proxy-arp

standby 200 ip 10.0.10.1

standby 200 timers 1 3

standby 200 priority 110

standby 200 preempt

DS2:

spanning-tree vlan 200,210 priority 8192

spanning-tree vlan 201 priority 4096

!

interface GigabitEthernet0/1

description <== To DS1 ==>

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 200-250

switchport mode trunk

spanning-tree link-type point-to-point

!

interface Vlan200

description <== USER VLAN 200 ==>

ip address 10.0.1.3 255.255.255.0

ip helper-address 10.0.0.9

no ip redirects

no ip proxy-arp

standby 200 ip 10.0.1.1

standby 200 timers 1 3

standby 200 preempt

!

interface Vlan201

description <== USER VLAN 201 ==>

ip address 10.0.2.3 255.255.255.0

ip helper-address 10.0.0.9

no ip redirects

no ip proxy-arp

standby 200 ip 10.0.2.1

standby 200 timers 1 3

standby 200 priority 110

standby 200 preempt

!

interface Vlan210

description <== WIRELESS VLAN 210 ==>

ip address 10.0.10.3 255.255.255.0

ip helper-address 10.0.0.9

no ip redirects

no ip proxy-arp

standby 200 ip 10.0.10.1

standby 200 timers 1 3

standby 200 preempt

Edison Ortiz · ‎09-04-2006

I recommend using different standby groups for each SVI.

Also, let's see the

show log

show vtp status

along with

show vlan

from both switches.

Thanks

View solution in original post

steve0miller · ‎09-04-2006

Sorry, my diagram got all messed up. Here is a text file with how it's supposed to look like.

Edison Ortiz · ‎09-04-2006

I recommend using different standby groups for each SVI.

Also, let's see the

show log

show vtp status

along with

show vlan

from both switches.

Thanks

steve0miller · ‎09-04-2006

EdisonOrtiz,

I made the changes as you suggested. My SVI look like this now:

DS1:

interface Vlan200

description <== USER VLAN 200 ==>

ip address 10.0.1.2 255.255.255.0

ip helper-address 10.0.0.9

no ip redirects

no ip proxy-arp

standby 200 ip 10.0.1.1

standby 200 timers 1 3

standby 200 priority 110

standby 200 preempt

!

interface Vlan201

description <== USER VLAN 201 ==>

ip address 10.0.2.2 255.255.255.0

ip helper-address 10.0.0.9

no ip redirects

no ip proxy-arp

standby 201 ip 10.0.2.1

standby 201 timers 1 3

standby 201 preempt

!

interface Vlan210

description <== WIRELESS VLAN 210 ==>

ip address 10.0.10.2 255.255.255.0

ip helper-address 10.0.0.9

no ip redirects

no ip proxy-arp

standby 210 ip 10.0.10.1

standby 210 timers 1 3

standby 210 priority 110

standby 210 preempt

DS2:

DS2

!

interface Vlan200

description <== USER VLAN 200 ==>

ip address 10.0.1.3 255.255.255.0

ip helper-address 10.0.0.9

no ip redirects

no ip proxy-arp

standby 200 ip 10.0.1.1

standby 200 timers 1 3

standby 200 preempt

!

interface Vlan201

description <== USER VLAN 201 ==>

ip address 10.0.2.3 255.255.255.0

ip helper-address 10.0.0.9

no ip redirects

no ip proxy-arp

standby 201 ip 10.0.2.1

standby 201 timers 1 3

standby 201 priority 110

standby 201 preempt

!

interface Vlan210

description <== WIRELESS VLAN 210 ==>

ip address 10.0.10.3 255.255.255.0

ip helper-address 10.0.0.9

no ip redirects

no ip proxy-arp

standby 210 ip 10.0.10.1

standby 210 timers 1 3

standby 210 preempt

I'll let the output speak for itself:

DS1(config)#int g0/1

DS1(config-if)#no shut

DS1(config-if)#shut

DS1(config-if)#

00:05:47: %LINK-5-CHANGED: Interface GigabitEthernet0/1, changed state to administratively down

00:05:48: HSRP: Vl200 Grp 200 Standby router is unknown, was 10.0.1.3

00:05:48: HSRP: Vl201 Grp 201 Standby: c/Active timer expired (10.0.2.3)

00:05:48: HSRP: Vl201 Grp 201 Active router is local, was 10.0.2.3

00:05:48: HSRP: Vl201 Grp 201 Standby router is unknown, was local

00:05:48: HSRP: Vl201 Grp 201 Standby -> Active

00:05:48: %HSRP-6-STATECHANGE: Vlan201 Grp 201 state Standby -> Active

00:05:48: HSRP: Vl201 Grp 201 Redundancy "hsrp-Vl201-201" state Standby -> Active

00:05:48: HSRP: Vl210 Grp 210 Standby router is unknown, was 10.0.10.3

00:05:48: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to down

00:05:51: HSRP: Vl201 Grp 201 Redundancy group hsrp-Vl201-201 state Active -> Active

00:05:54: HSRP: Vl201 Grp 201 Redundancy group hsrp-Vl201-201 state Active -> Active

DS1(config-if)#end

DS1#

00:06:08: %SYS-5-CONFIG_I: Configured from console by console

DS1#sh stand

DS1#sh standby brief

P indicates configured to preempt.

|

Interface Grp Prio P State Active Standby Virtual IP

Vl200 200 110 P Active local unknown 10.0.1.1

Vl201 201 100 P Active local unknown 10.0.2.1

Vl210 210 110 P Active local unknown 10.0.10.1

DS1#

As you can see, the vlans are no longer stuck in INIT and failed over correctly. Thanks so much for the suggestion, everything looks great now.

Regards,

SM

Edison Ortiz · ‎09-04-2006

Glad to hear my suggestion solved your problem. Creating the same standby group on different SVIs can cause conflict at the MAC address level since the group number defines the virtual MAC.

shah.chintan · ‎09-07-2006

Hi,

I have gone through this issue. what i feel Even though if you use same standby group on different SVIs , Same Virtual MAC address will be for all. but Cisco switches support Vlan based MAC table which should not create any issue of conflict of same virtual Mac address.

Please refer this link.

http://www.cisco.com/en/US/products/hw/switches/ps646/products_qanda_item09186a00801cb707.shtml#q8

Can you please clarify more on your suggestion ?

Edison Ortiz · ‎09-07-2006

I agree with your assessment, it should maintain a per-VLAN MAC address table. I've used both combinations (same group on multiple interfaces as well as different group per interface) and they've worked. However, I feel the configuration is more robust when you define a different group per interface.

From the link you posted, Cisco leaves an opening for error when they state 'in most modern switches'.