04-12-2015 03:25 AM - edited 03-05-2019 01:13 AM
I have two core switches connected together with trunk interface ,SW-1 is the Main and SW-2 is the backup , i applied HSRP on the SVI on both switches with high priority on SW-1, now for testing i opened ping session on host (100.100.100.100 ) to ping interface VLAN 100 (100.100.100.1) the ping is working well, but when i shutdown interface VLAN100 on SW-1 the SW-2 show command "show standby brief" display that SW-2 is become the Active for VLAN100 but the ping is not working. same issue for all SVI.
Here is my configuration on both switches, Note: SW-2 have the same configurations , routes, ACL like SW-1 except the SVI IP addresses
SW-1:
interface Vlan1
ip address 192.168.1.2 255.255.255.0
standby 0 ip 192.168.1.1
standby 0 priority 110
standby 0 preempt
!
interface Vlan30
ip address 192.168.30.2 255.255.255.0
standby 0 ip 192.168.30.1
standby 0 priority 110
standby 0 preempt
!
interface Vlan100
ip address 100.100.100.2 255.255.255.0
standby 0 ip 100.100.100.1
standby 0 priority 110
standby 0 preempt
!
SW-2:
interface Vlan1
ip address 192.168.1.3 255.255.255.0
standby 0 ip 192.168.1.1
standby 0 preempt
!
interface Vlan30
ip address 192.168.30.3 255.255.255.0
standby 0 ip 192.168.30.1
standby 0 preempt
!
interface Vlan100
ip address 100.100.100.3 255.255.255.0
standby 0 ip 100.100.100.1
standby 0 preempt
!
SHOW on SW-1 ( show standby brief):
Interface Grp Pri P State Active Standby Virtual IP
Vl1 0 110 P Active local 192.168.1.3 192.168.1.1
Vl30 0 110 P Active local 192.168.30.3 192.168.30.1
Vl100 0 110 P Active local 100.100.100.3 100.100.100.1
SHOW on SW-2 ( show standby brief):
Interface Grp Pri P State Active Standby Virtual IP
Vl1 0 100 P Standby 192.168.1.2 local 192.168.1.1
Vl30 0 100 P Standby 192.168.30.2 local 192.168.30.1
Vl100 0 100 P Standby 100.100.100.2 local 100.100.100.1
04-12-2015 10:09 PM
hi,
could you post a brief network topology of your switching environment?
could you 'shutdown' or disconnect the trunk link between the core switches instead of the SVI (VLAN 100)?
04-13-2015 07:04 AM
here is the topology connection, note again the SW-2 has copy of the same configuration of SW-1 except the SVI interfaces, for the trunk link i can't disconnected it we are working in live environment
04-13-2015 07:18 AM
hi,
thanks for the diagram!
you may want to schedule a window time to test failover/HSRP.
alternatively, you could do on core SW-2 and observe:
SW-2
interface Vlan100
standby 0 priority 150
04-13-2015 08:10 AM
i did but without any success
04-13-2015 08:33 AM
hmm... next time you check it, have a look at the show mac address table on the edge switches and see which switch it's going towards for the HSRP virtual mac.
04-13-2015 09:54 AM
thanks my friend, i disconnect the physical cable it self and it's working fine :)
remain only one issue, on of SVI which i have there is an access-list applied on this SVI to limit access for specific servers, in "show standby brief" i get only this SVI is UNKOWN for the standby router, then when i remove the access-list it became active
interface Vlan20
ip address 192.168.20.3 255.255.255.0
ip access-group 102 in
standby 0 ip 192.168.20.1
standby 0 preempt
With Access-list i get this output , on SW-1 :
Interface Grp Pri P State Active Standby Virtual IP
Vl20 0 110 P Active local unknown 192.168.20.1
With Access-list i get this output , SW-2:
Interface Grp Pri P State Active Standby Virtual IP
Vl20 0 100 P Active local unknown 192.168.20.1
after removing access list-SW-1:
Interface Grp Pri P State Active Standby Virtual IP
Vl20 0 110 P Active local 192.168.20.3 192.168.20.1
after removing access list-SW-2:
Interface Grp Pri P State Active Standby Virtual IP
Vl20 0 100 P Standby 192.168.20.2 local 192.168.20.1
what i should add in access list to allow both core switches see each other as active or standby ?
04-13-2015 10:15 AM
Hi
you need to allow the hsrp control traffic on the acl
04-13-2015 10:26 AM
See this doc - if you stay on hsrp v1 you need permit from svi to 224.0.0.2 for udp 1985 but remember to change multicast address to 224.0.0.102 if you move to v2
http://www.cisco.com/c/en/us/support/docs/ip/hot-standby-router-protocol-hsrp/9281-3.html
04-13-2015 10:28 AM
thanks my friend , it's working fine now :)
04-14-2015 04:24 AM
Hi - thats great!
If this issue is now closed please mark it as answered :)
04-13-2015 07:38 AM
Hi,
How long do you actually leave it down when you test? You could just be seeing a delay in spanning tree convergence...
04-13-2015 08:02 AM
actually i leave it around 2 minutes as am using Rapid-PVST
04-13-2015 09:47 AM
Can you try configuring vlan 100 using a different HSRP group number and retest.
Just for vlan 100 ie. don't configure the new group number under any of your other SVIs.
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide