I've configured HSRP with 2 Cisco 2621 and Cisco 2610. Tracking on WAN interfaces is also configured. When I disconnected the WAN interface on active router, it seems like everything works ok by looking at debug messages standby router took over, BUT it took 4 minutes til I could ping or reach fare end hosts. I could ping any thing if I stood on the routers but not from any hosts on the LAN until about 4 minutes. Any idea?
Keep in mind that for ping to work, there must be a valid path both to the target and back from the target to you. HSRP only helps with the first hop of your system finding a working router. When you disconnect the WAN interface, how long does it take for the route change to propagate to the new HSRP active router? More likely, how long does it take for the routers on the other side of the WAN to detect that the link is down and route the return traffic back via a working link?
Good luck and good hunting!
Vincent C Jones
Are you using static routes or a routing protocol and could both routers ping successfully (thinking of icmp redirects even if hosts still sent packets to the old active router)?
Sounds like it could be an arp issue. When a router becomes Active the virtual IP address is moved to a different MAC address. The newly Active router sends a gratuitous Address Resolution Protocol (ARP) response, but not all host implementations handle the gratuitous ARP correctly. Check what the hosts arp table looks like and also the switches cam table.
Hope it helps.