Hi - thats great! If this

Hassan Ali Hassan Ali Gazal · ‎04-12-2015

I have two core switches connected together with trunk interface ,SW-1 is the Main and SW-2 is the backup , i applied HSRP on the SVI on both switches with high priority on SW-1, now for testing i opened ping session on host (100.100.100.100 ) to ping interface VLAN 100 (100.100.100.1) the ping is working well, but when i shutdown interface VLAN100 on SW-1 the SW-2 show command "show standby brief" display that SW-2 is become the Active for VLAN100 but the ping is not working. same issue for all SVI.

Here is my configuration on both switches, Note: SW-2 have the same configurations , routes, ACL like SW-1 except the SVI IP addresses

SW-1:

interface Vlan1
ip address 192.168.1.2 255.255.255.0
standby 0 ip 192.168.1.1
standby 0 priority 110
standby 0 preempt
!
interface Vlan30
ip address 192.168.30.2 255.255.255.0
standby 0 ip 192.168.30.1
standby 0 priority 110
standby 0 preempt
!
interface Vlan100
ip address 100.100.100.2 255.255.255.0
standby 0 ip 100.100.100.1
standby 0 priority 110
standby 0 preempt

!

SW-2:

interface Vlan1
ip address 192.168.1.3 255.255.255.0
standby 0 ip 192.168.1.1
standby 0 preempt
!
interface Vlan30
ip address 192.168.30.3 255.255.255.0
standby 0 ip 192.168.30.1
standby 0 preempt
!
interface Vlan100
ip address 100.100.100.3 255.255.255.0
standby 0 ip 100.100.100.1
standby 0 preempt
!

SHOW on SW-1 ( show standby brief):

Interface   Grp Pri   P   State     Active          Standby           Virtual IP
Vl1           0    110 P   Active    local           192.168.1.3        192.168.1.1
Vl30       0    110 P   Active    local           192.168.30.3      192.168.30.1
Vl100     0    110 P Active    local           100.100.100.3    100.100.100.1

SHOW on SW-2 ( show standby brief):

Interface   Grp Pri   P   State    Active                     Standby           Virtual IP
Vl1           0    100 P   Standby    192.168.1.2           local        192.168.1.1
Vl30       0    100 P   Standby    192.168.30.2         local                192.168.30.1
Vl100     0    100 P   Standby    100.100.100.2       local    100.100.100.1

johnlloyd_13 · ‎04-12-2015

hi,

could you post a brief network topology of your switching environment?

could you 'shutdown' or disconnect the trunk link between the core switches instead of the SVI (VLAN 100)?

Hassan Ali Hassan Ali Gazal · ‎04-13-2015

here is the topology connection, note again the SW-2 has copy of the same configuration of SW-1 except the SVI interfaces, for the trunk link i can't disconnected it we are working in live environment

johnlloyd_13 · ‎04-13-2015

hi,

thanks for the diagram!

you may want to schedule a window time to test failover/HSRP.

alternatively, you could do on core SW-2 and observe:

SW-2

interface Vlan100
standby 0 priority 150

Hassan Ali Hassan Ali Gazal · ‎04-13-2015

i did but without any success

Chris Dixon · ‎04-13-2015

hmm... next time you check it, have a look at the show mac address table on the edge switches and see which switch it's going towards for the HSRP virtual mac.

Hassan Ali Hassan Ali Gazal · ‎04-13-2015

thanks my friend, i disconnect the physical cable it self and it's working fine :)

remain only one issue, on of SVI which i have there is an access-list applied on this SVI to limit access for specific servers, in "show standby brief" i get only this SVI is UNKOWN for the standby router, then when i remove the access-list it became active

interface Vlan20
ip address 192.168.20.3 255.255.255.0
ip access-group 102 in
standby 0 ip 192.168.20.1
standby 0 preempt

With Access-list i get this output , on SW-1 :

Interface Grp Pri P State Active Standby Virtual IP
Vl20 0 110 P Active local unknown 192.168.20.1

With Access-list i get this output , SW-2:

Interface Grp Pri P State Active Standby Virtual IP
Vl20 0 100 P Active local unknown 192.168.20.1

after removing access list-SW-1:

Interface Grp Pri P State Active Standby Virtual IP
Vl20 0 110 P Active local 192.168.20.3 192.168.20.1

after removing access list-SW-2:

Interface Grp Pri P State Active Standby Virtual IP
Vl20 0 100 P Standby 192.168.20.2 local 192.168.20.1

what i should add in access list to allow both core switches see each other as active or standby ?

Chris Dixon · ‎04-13-2015

Hi

you need to allow the hsrp control traffic on the acl

Chris Dixon · ‎04-13-2015

See this doc - if you stay on hsrp v1 you need permit from svi to 224.0.0.2 for udp 1985 but remember to change multicast address to 224.0.0.102 if you move to v2

http://www.cisco.com/c/en/us/support/docs/ip/hot-standby-router-protocol-hsrp/9281-3.html

Hassan Ali Hassan Ali Gazal · ‎04-13-2015

thanks my friend , it's working fine now :)

Chris Dixon · ‎04-14-2015

Hi - thats great!

If this issue is now closed please mark it as answered :)

Chris Dixon · ‎04-13-2015

Hi,

How long do you actually leave it down when you test? You could just be seeing a delay in spanning tree convergence...

Hassan Ali Hassan Ali Gazal · ‎04-13-2015

actually i leave it around 2 minutes as am using Rapid-PVST

Jon Marshall · ‎04-13-2015

Can you try configuring vlan 100 using a different HSRP group number and retest.

Just for vlan 100 ie. don't configure the new group number under any of your other SVIs.

Jon

HSRP Issue between two Core switches