Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
728
Views
0
Helpful
10
Replies

HSRP cluster not answering request until active switchover

julez1
Level 1
Level 1

‎08-17-2021 01:45 AM - edited ‎08-17-2021 06:29 AM

Hi.

We have the following network infrasturcture:

Spoiler

HSRP&EIGRP (1).png

 

 

We occur a strange problem.

When switching on both systems the hsrp cluster is not answering any requests, except from arp with the virtual mac.

Whenever we try to ping the hsrp cluster address directly we are getting arp answers for that ip, but we can not make sure, the packets arrive at any router. We tried a lot of debugging, but never saw any router processing a packet, except from the arp request.

the status for both the hsrp and the routing looks fine.

In our testing setup we tried to ping the lan-side of the opposite routers (172.26.11.244 & 245) from our test-laptop.

Router 1:

Spoiler

routewanr1.PNG

 

standbywanr1.PNG

 

Router 2:

Spoiler

routewanr2.PNG

 

standbywanr2.PNG

 

after forcing an active switchover, e.g. lowering priority of router 1 to 90 everything is working fine, but none of the standby or route status is changing. when switching back to normal priority settings everything keeps working fine.

see configs for Router 1 and Router 2:

Spoiler
Router 1:
!
interface GigabitEthernet0/0/0
description WAN
ip address 192.168.100.6 255.255.255.252
no ip proxy-arp
load-interval 30
negotiation auto
!
!
!
!
interface GigabitEthernet1/0/15
description test_interface
switchport access vlan 900
switchport mode access
!
!
!
interface TwoGigabitEthernet1/0/18
switchport mode trunk
channel-group 1 mode active
!
interface TwoGigabitEthernet1/0/19
switchport mode trunk
channel-group 1 mode active
!
!
!
interface Vlan900
description ..
ip address 172.26.21.244 255.255.255.240
no ip proxy-arp
standby version 2
standby 900 ip 172.26.21.246
standby 900 timers 1 5
standby 900 priority 104
standby 900 preempt
standby 900 authentication md5 key-string KEY timeout 5
load-interval 30
!
interface Vlan999
description EIGRP <-> CiscoLAN
ip address 172.26.21.5 255.255.255.252
no ip proxy-arp
load-interval 30
!
!
router eigrp 900
network 172.26.21.4 0.0.0.3
network 172.26.21.240 0.0.0.15
network 192.168.100.0 0.0.0.3
neighbor 192.168.100.1 GigabitEthernet0/0/0
neighbor 172.26.21.6 Vlan999
passive-interface default
no passive-interface GigabitEthernet0/0/0
no passive-interface Vlan999
!

 

Spoiler
Router 2:
!
interface GigabitEthernet0/0/0
 description WAN
 ip address 192.168.100.6 255.255.255.252
 no ip proxy-arp
 load-interval 30
 negotiation auto
!
!
!
!
interface GigabitEthernet1/0/15
 description test_interface
 switchport access vlan 900
 switchport mode access
!
!
!
interface TwoGigabitEthernet1/0/18
 switchport mode trunk
 channel-group 1 mode active
!
interface TwoGigabitEthernet1/0/19
 switchport mode trunk
 channel-group 1 mode active
!
!
!
interface Vlan900
 description ..
 ip address 172.26.21.245 255.255.255.240
 no ip proxy-arp
 standby version 2
 standby 900 ip 172.26.21.246
 standby 900 timers 1 5
 standby 900 priority 96
 standby 900 preempt
 standby 900 authentication md5 key-string KEY timeout 5
 load-interval 30
!
!
interface Vlan999
 description EIGRP <-> CiscoLAN
 ip address 172.26.21.6 255.255.255.252
 no ip proxy-arp
 load-interval 30
!
!
router eigrp 900
 network 172.26.21.4 0.0.0.3
 network 172.26.21.240 0.0.0.15
 network 192.168.100.0 0.0.0.3
 neighbor 192.168.100.5 GigabitEthernet0/0/0
 neighbor 172.26.21.5 Vlan999
 passive-interface default
 no passive-interface GigabitEthernet0/0/0
 no passive-interface Vlan999
!
!

At first we had EIGRP exchange information via vlan900, but then thought it might cause problems with HSRP and switched it to another vlan interface.

 

All 4 routers have the Software version 17.3.3 installed.

The opposite site is configured the same.

The same problem occurs on the opposite site aswell.

 

Any help would be appreciated.

 

cheers julian.

 

p.s. im new to all this, so excusez-moi if i am missing any best practice or similar

0 Helpful
10 Replies 10

Georg Pauwen
VIP
VIP

‎08-17-2021 02:46 AM

Hello,

 

looking at your output, it seems that the Vlan 900 interface on Router 1 and Router 2 are not in the same subnet.

 

Router 1 shows a connected route for 172.26.21.240/28 (Vlan 900), while Router 2 shows a connected route for 172.26.21.240/29 (Vlan 900).

 

Change the mask on either one of the Vlan 900 interfaces so that they match.

0 Helpful

julez1
Level 1
Level 1
In response to Georg Pauwen

‎08-17-2021 03:34 AM

Hello Georg.

 

I took the pictures while doing some config changes.

therefore the little mix up.

sorry for that!!

 

they are in the same subnet.

i corrected my post

0 Helpful

Georg Pauwen
VIP
VIP
In response to julez1

‎08-17-2021 04:08 AM

Hello,

 

in the partial configs you posted, both VLAN 900 interfaces also have the same IP address, is this 'real' ?

 

Router 1

 

interface Vlan900
description ..
--> ip address 172.26.21.245 255.255.255.240
no ip proxy-arp
standby version 2
standby 900 ip 172.26.21.246
standby 900 timers 1 5
standby 900 priority 96
standby 900 preempt
standby 900 authentication md5 key-string KEY timeout 5
load-interval 30

 

Router 2

 

interface Vlan900
description ..
--> ip address 172.26.21.245 255.255.255.240
no ip proxy-arp
standby version 2
standby 900 ip 172.26.21.246
standby 900 timers 1 5
standby 900 priority 96
standby 900 preempt
standby 900 authentication md5 key-string KEY timeout 5
load-interval 30

 

0 Helpful

julez1
Level 1
Level 1
In response to Georg Pauwen

‎08-17-2021 04:15 AM

hi.

no a typo again sorry.

0 Helpful

Georg Pauwen
VIP
VIP
In response to julez1

‎08-17-2021 04:29 AM

Hello,

 

this is from your original post:

 

--> In our testing setup we tried to ping the lan-side of the opposite routers (172.26.11.244 & 245) from our test-laptop.

 

What is the .11 subnet ?

0 Helpful

julez1
Level 1
Level 1
In response to Georg Pauwen

‎08-17-2021 05:05 AM

Hi.

 

This is the LAN side network on the opposite site.

0 Helpful

Georg Pauwen
VIP
VIP
In response to julez1

‎08-17-2021 06:18 AM

Hello,

 

It is a little bit difficult to troubleshoot this  since I don't know which parts of the config you have posted actually represent the real configuration. Either way, both Vlan 900 interfaces on both routers have the same standby priority ? If this is what you have actually configured  make sure the prority on one side is lower than that of the other side...

0 Helpful

julez1
Level 1
Level 1
In response to Georg Pauwen

‎08-17-2021 06:36 AM

Hi georg.

 

As i saw, there was a total mixup of the configs i posted.

i corrected them now.

router 1 has a higher priority than router 2 (104/96).

sorry for the trouble.

 

i posted the parts of the config, i assumed are the most important ones.

but the parts i posted are represent in our setup.

i am not sure if i am allowed to post the whole device configuration.

0 Helpful

Georg Pauwen
VIP
VIP
In response to julez1

‎08-17-2021 08:53 AM

Hello,

 

the configs you have posted are sufficient I guess. I will lab this up and get back with my results...

0 Helpful

julez1
Level 1
Level 1
In response to Georg Pauwen

‎09-13-2021 12:40 AM - edited ‎09-13-2021 12:40 AM

Hi Georg.

 

Is there any result yet?

 

sincerly

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card