cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2381
Views
0
Helpful
75
Replies

HSRP on 2 3550's not working, HELP please

existhosting
Level 1
Level 1

Hello Everyone,

I am attempting to run and test HSRP but there seems to be some errors.

My first switch is a Catalyst 3550 - 48 Port with SMI image

My second switch is a Catalyst 3550 - 48 Port with EMI image.

I configured HSRP on Vlan12 to try and see if my second switch will take over once I pull the cable out of the first one but it seems like it doesn't.

In the "show standby" command, the second switch shows as "Active router" because I gave it higher priority and it sees the neighbor switch which shows as standby router, so hsrp sees both the switches, knows which one is active and which one is standby but yet when I pull the plug on the first one, network is down, as if it did not revert to the second switch.

My cabling is as follows.

First switch has the first GIG (over fiber) uplink to my provider, the second GIG port is connected to the second gig port on the second switch over fiber as well. The first gig port of the second switch is NOT connected to anything as I only have one provider.

The two ports communicate since hsrp seems the neighbor switches.

The two are configured like this 10.0.0.1 s virtual gateway. 10.0.0.2 is the address of first switch. 10.0.0.3 is address of second switch (backup one). Those IP's are on a MANAGEMENT VLAN which I gave as VLAN ID 100

Now for the VLAN12 I am testing HSRP on, it has VALID INTERNET IP's and not local internal IP's.

Once again, the virtual IP finishes with 225, and I configured 226 as IP on switch1, 227 as IP on switch2.

I am NOT using the track option as I am not sure what it does, I only use the standby priority and preempt options.

So to put it in brief, I am trying to make VLAN12 work with HSRP so that all traffic from VLAN 12 enters switch 1 (from the provider uplink) goes to switch2 since I set vlan12 with higher priority (hsrp) on switch2 goes to the servers, then comes back to switch2, routes to switch1 (since it has to uplink to provider) and out to the internet.

I hope my formatting is not very bad and pretty much understandable.

Can someone please tell me what I am doing wrong and why is hsrp not working for me?

PS: I am suspecting the routing is not done well between one switch and the other so they cannot communicate the traffic, but I am not sure

Please help me

Thank You

75 Replies 75

Also, for the other options of HSRP such as preempt with a delay, track option etc... whats the primary use to use those?

I did not use those in my hsrp and it seems that it still does work but is there an advantage in using them?

Thanks

Also, for the other options of HSRP such as preempt with a delay, track option etc... whats the primary use to use those?

I did not use those in my hsrp and it seems that it still does work but is there an advantage in using them?

Thanks

Please refer to the doc. that I provided before. Those parameters do affect the HSRP operation, it depends on the design and requirment to fine tune those parameters.

If it is a simple design, there is no need to change. If it becomes complicated, it requires to fine tune.

Please read those doc., it is very informative.

when I enable the standby protocol, why on the standby router, hsrp automatically creates a "no ip redirects" on the vlan?

It does it by itself.. What does it do? should I leave it?

Thanks

something very wierd happened.

I enabled ALL hsrp for all my vlans even in production, then customer started to complain that things were down, after a brief check, I found out that ALL the static IP routes I put it, all those IP's do not work anymore. For example, I router 2XX.XX.62.0 /24 to VLAN 7, ANY server using an IP from that static route, was getting a TTL EXPIRED IN TRANSIT ERROR when pinging the website.

Then, I added that same static route on the STANDBY 3550 routing table and it started working right after....

I thought things would continue to work WITHOUT me needing to put the static routing table on the second standby 3550 since ALL the hsrp groups are ACTIVE for the active 3550, so why does it need to see the standby 3550 routing table for it to work?

Maybe I did some incorrect loops or something.

Please this is urgent, I need help

Thanks

can someone please answer the post I posted yesterday :), here it is:

something very wierd happened.

I enabled ALL hsrp for all my vlans even in production, then customer started to complain that things were down, after a brief check, I found out that ALL the static IP routes I put it, all those IP's do not work anymore. For example, I router 2XX.XX.62.0 /24 to VLAN 7, ANY server using an IP from that static route, was getting a TTL EXPIRED IN TRANSIT ERROR when pinging the website.

Then, I added that same static route on the STANDBY 3550 routing table and it started working right after....

I thought things would continue to work WITHOUT me needing to put the static routing table on the second standby 3550 since ALL the hsrp groups are ACTIVE for the active 3550, so why does it need to see the standby 3550 routing table for it to work?

Maybe I did some incorrect loops or something.

Please this is urgent, I need help

Thanks

Could you please provide both 3550s updated configuration ? And the "Sh ip route" at both 3550s ?

Hello,

Thank you for your answer, here is the running-config and show ip route on both the active and standby. Once again today, out of nowhere, a customer tells me the his IP's are not working, the IP's were in the static routing table pointing to VLAN3, the static routes were set ONLY on the Active 3550 since it created no issues when I first enabled hsrp but all of a sudden this morning, pinging the IP's brought back:

2XX.XX.60.3 . TTL EXPIRED IN TRANSIT.

This 60.3 address is the configured VLAN3 IP on the STANDBY router, not sure why it is hitting it as the active router was not down and show standby showed active so something must not be set right. Then, just for testing I put the SAME static route on the Backup 3550 and the IP's started pinging again....

In any case, attached are the configs and show ip route

Thank You

Thanks for the details config. I have below suggestions and questions.

1) I suggest to use dynmaic routing protocol between two 3550s. e.g. EIGRP, because it is classless routing protocol, you can redistribute the static routes to EIGRP to let both router knows the path.

2) Is RIP using between 3550 and ISP router ? I did not find route learn from RIP.

3) Is VLAN 100 the link between two 3550s ? or the interface connects to another sw ?

4) Please summarize the static route to simply the config and no need to specify mask/32 in most static routes;

5) Please remove the static route which is the same as local interface. e.g.ip route 2XX.XX.60.0 255.255.255.0 Vlan3 is already the connected interface, no need to specify it locally;

6) Please ensure the user is pointing to the virtual IP of HSRP as default GW;

7) Please remove "ip default-gateway 38.99.217.41", due to static route already indicated the defalt path, and you can redistribute this default static route to the dynamic routing protocol then no need to specify it in standby sw;

8) Are you sure that same IP subnet will be route through two VLAN ? e.g. VLAN 6 & 100. Please double confirm the static route;

The root problem is the routing between two 3550s. Use dynamic routing protocol to simplify it and easier to troubleshoot.

Please advise the result.

Hello,

1) I cannot use EIGRP on one of the routers as it is an SMI and I don't think it supports that protocol. Also, I don't mind to enter the static routes on the standby one but now it seems like it is routing to the standby even though the primary is still up, it's trying to go to the standby for no reason.

2) no RIP is not used at all in the network, everything is static as far as I know

3) Yes VLAN 100 is the link between the two 3550's and they have those respective addresses. 10.0.0.1 virtual hsrp gateway, 10.0.0.2 physical active 3550 IP, 10.0.0.3 standby active 3550 IP.

4) I do not understand what you mean by that, can you give more details please?

5) I removed that one from the config as you suggested.

6) All users point to the Virtual Gw IP's.

7) I removed that one too as suggested.

8) I do not understand what you mean by that, can you give more details please?

I know the route problem is the routing between the two, but I cannot figure out what I am doing wrong....

Please advise

Thanks

Hello,

1) As well, here is another information, a customer just complained his IP's are not routed anymore, so here is what a PING and TRACEROUTE brings back. Those are BOTH done from within my network.

Microsoft Windows XP [Version 5.1.2600]

(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Administrator>ping 2XX.XX.XX.105

Pinging 2XX.XX.XX.105 with 32 bytes of data:

Reply from 2XX.XX.XX.3: TTL expired in transit.

Reply from 2XX.XX.XX.3: TTL expired in transit.

Reply from 2XX.XX.XX.3: TTL expired in transit.

Reply from 2XX.XX.XX.3: TTL expired in transit.

Ping statistics for 2XX.XX.XX.105:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\Documents and Settings\Administrator>tracert 2XX.XX.XX.105

Tracing route to expand.aoudtransmit.com [2XX.XX.XX.105]

over a maximum of 30 hops:

1 <1 ms <1 ms 1 ms 2XX.XX.XX.2

2 <1 ms <1 ms <1 ms 2XX.XX.XX.3

3 <1 ms <1 ms <1 ms 10.0.0.2

4 <1 ms 1 ms <1 ms 2XX.XX.XX.3

5 1 ms 1 ms <1 ms 10.0.0.2

6 <1 ms <1 ms <1 ms 2XX.XX.XX.3

7 3 ms 1 ms <1 ms 10.0.0.2

8 <1 ms <1 ms <1 ms 2XX.XX.XX.3

9 4 ms 1 ms <1 ms 10.0.0.2

10 1 ms <1 ms 1 ms 2XX.XX.XX.3

11 2 ms 1 ms 1 ms 10.0.0.2

12 <1 ms <1 ms <1 ms 2XX.XX.XX.3

13 6 ms 1 ms 1 ms 10.0.0.2

14 <1 ms <1 ms <1 ms 2XX.XX.XX.3

15 6 ms 3 ms 7 ms 10.0.0.2

16 <1 ms <1 ms <1 ms 2XX.XX.XX.3

^C

C:\Documents and Settings\Administrator>

As you can see in the traceroute, its constantly looping back and forth between 2XX.XX.XX.3 and my Active 3550 which is 10.0.0.2, this is with the exact same config as I have emailed right before so you should be able to see the error in my configs I sent in the earlier reply.

So there must be some kind of loop somewhere and I would like to have an answer on what I am doing wrong.

2) Also I dont get it why it hits the 2XX.XX.XX.2 or .3 IP's which are the physical IP's assigned to ACTIVE (.2) and STANDBY (.3) routers, isn't the point of HSRP to create the "VIRTUAL IP" I set on hsrp which are ALL .1 IP's... why is it not hitting those IP's as it is supposed to.

Please answer BOTH my questions 1 and 2

Thanks

As I replied in last question. There is routing issue. Please clearn it up.

Could you please specify the traceroute path and destination address more details ? e.g. 2xx.xx.60.3 instead of using 2xx.xx.xx.3. It is hardly to trace the problem.

The initial ans. is the standby 3550 using a default route to point to primary 3550 and primary 3550 point it back to the standby 3550. So, still the problem of routing issue.

In response to your question, the router will use real IP to communicate and the virtual IP is for the host or end-user as GW. It is your expected reason. Please check the HSRP doc. that I referred before, it tells the detail operation.

Please follow the suggestion and modify the config. please advise if there is any issue.

Hope this helps.

here is another traceroute, I am tracerouting from a computer connected on VLAN3 to an IP that is statically routed to VLAN 3.

2XX.XX.60.0 /24 is the real VLAN 3

In my static routing table, I am routing 2XX.XX.70.50 to VLAN3 with a 255.255.255.255 subnet mask (as you can see from my configs)

Now this gives me EXPIRED TTL while pinging and the below traceroute.

NOW, if I ping 2XX.XX.70.5 which is a direct VLAN13, it pings just fine. So it seems that all statically entered routes in my routing table to other vlans are the ones creating the problem.

Microsoft Windows XP [Version 5.1.2600]

(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Administrator>tracert 2XX.XX.70.50

Tracing route to 2XX.XX.70.50 over a maximum of 30 hops

1 <1 ms <1 ms <1 ms 2XX.XX.63.2

2 <1 ms <1 ms <1 ms 2XX.XX.60.3

3 <1 ms <1 ms <1 ms 10.0.0.2

4 <1 ms <1 ms <1 ms 2XX.XX.60.3

5 1 ms <1 ms <1 ms 10.0.0.2

6 <1 ms <1 ms <1 ms 2XX.XX.60.3

7 <1 ms <1 ms <1 ms 10.0.0.2

8 <1 ms <1 ms <1 ms 2XX.XX.60.3

^C

C:\Documents and Settings\Administrator>

The first hop is correct as it is the active router MAIN ip for VLAN3, but then it hits 60.3 which is the standby router main IP for VLAN3, then jumps to 10.0.0.2 which is main IP for active 3550 and then keeps looping.

I hope this is al the information you need to tell me EXACTLY what to do on any of the routers to correct the situation

THanks

Thanks for the updated result.

What I found you configure different static route for same VLAN but in different subnet. I assume there is exteral router or other L3 switch is assigned to this VLAN and subnet.

e.g. static route of 2xx.xx.70.50 is configured to route the packet to VLAN3. There should be a router / L3 switch at VLAN3 that is using 2xx.xx.70.50 as IP and belong to this subnet.

Please advise the default GW of the host of 2xx.xx.70.50.

Please use IP address as next-hop in static for easier to trace the problem. I cannot find any physical interface in switch that is assigned as 2xx.xx.70.50, how can the packet route to this host ?

So the packet just forward between switch by its default & static routes.

Please assign the IP address & default GW in switch & host correctly. Please share the idea and logic that why you think the static route is configured correctly ?

Hello,

Here it is how it is done. VLAN3 has this virtual IP and GW (hsrp) 2XX.XX.60.1 and is a /24, there are MANY servers attached to that Class C. Then a customer in that class C asked for an additional IP, since I did not have other IP's free on this Class C I did a static route of 2XX.XX.70.50 to VLAN3 and it worked, it STOPPED working and giving those traceroutes that loop and TTL expired errors as soon as I implemented HSRP.

There is no phtsical interface to which 70.50 belongs, it is only statically routed to VLAN3 so this customer can use this IP.

I hope this helps you determine where is my problem

Thanks

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco