Solved: Re: HSRP Issue

garybeach · ‎08-06-2007

I am having an issue between two routers running HSRP.

Both routers are running as being the Active Router. At first i thought that the LAN connection between the two had failed, but they can still both ping each other and when I run "sh cdp neighbors" each router shows up in the respective output, yet "sh standby" shows that both show the "active router" as local and the "standby router" as unknown.

Any thoughts?

milan.kulik · ‎08-07-2007

Yes,

I recently met 3Com switches in default configuration blocking multicasts and making VRRP not working so.

It could be the same case with HSRP.

BR,

Milan

View solution in original post

Richard Burts · ‎08-06-2007

Gary

Some additional details would be helpful. Can you post the output of show standby from both routers? It probably would also be helpful to see the interface configs from both routers. And the output of show cdp neighbor (even better would be the output of show cdp neighbor detail) might help also.

Especially if CDP shows each router as a neighbor that is a good sign that there is connectivity. How are the routers connected to each other (what is the physical connectivity)?

I assume that you have checked the configs for any mismatch (HSRP group number, shared address, etc).

If the outputs of show standby and the configs do not show the problem then it might be helpful to run debug standby.

HTH

Rick

HTH

Rick

garybeach · ‎08-06-2007

Hi Rick

Thanks for responding so quickly..here are sh standby outputs:-

Leased line router:-

FastEthernet0/0 - Group 1

State is Active

2 state changes, last state change 00:59:50

Virtual IP address is 192.168.13.254

Active virtual MAC address is 0000.0c07.ac01

Local virtual MAC address is 0000.0c07.ac01 (v1 default)

Hello time 3 sec, hold time 10 sec

Next hello sent in 0.088 secs

Preemption enabled

Active router is local

Standby router is unknown

Priority 110 (configured 110)

IP redundancy name is "hsrp-Fa0/0-1" (default)

Backup ISDN Router:-

Ethernet0/0 - Group 1

State is Active

2 state changes, last state change 00:02:02

Virtual IP address is 192.168.13.254

Active virtual MAC address is 0000.0c07.ac01

Local virtual MAC address is 0000.0c07.ac01 (default)

Hello time 3 sec, hold time 10 sec

Next hello sent in 0.676 secs

Preemption enabled

Active router is local

Standby router is unknown

Priority 100 (default 100)

IP redundancy name is "hsrp-Et0/0-1" (default)

Interface configs:-

Leased Line router:-

interface FastEthernet0/0

description *** LAN at ***

ip address 192.168.13.253 255.255.254.0

ip helper-address 128.1.10.25

no ip redirects

duplex auto

speed auto

standby 1 ip 192.168.13.254

standby 1 priority 110

standby 1 preempt

Backup ISDN Router:-

interface Ethernet0/0

description *** LAN ISDN ***

ip address 192.168.13.252 255.255.254.0

ip helper-address 128.1.10.25

no ip redirects

full-duplex

standby 1 ip 192.168.13.254

standby 1 preempt

CDP Neighbors output:-

Leased line router:-

Device ID: ISDN

Entry address(es):

IP address: 192.168.13.252

Platform: cisco 2610, Capabilities: Router

Interface: FastEthernet0/0, Port ID (outgoing port): Ethernet0/0

Holdtime : 141 sec

Version :

Cisco Internetwork Operating System Software

IOS (tm) C2600 Software (C2600-I-M), Version 12.3(19), RELEASE SOFTWARE (fc2)

Technical Support: http://www.cisco.com/techsupport

Compiled Fri 12-May-06 04:13 by evmiller

advertisement version: 2

Duplex: full

Backup ISDN Router:-

Device ID: IPClear

Entry address(es):

IP address: 192.168.13.253

Platform: Cisco 1841, Capabilities: Router Switch IGMP

Interface: Ethernet0/0, Port ID (outgoing port): FastEthernet0/0

Holdtime : 122 sec

Version :

Cisco IOS Software, 1841 Software (C1841-ADVIPSERVICESK9-M), Version 12.4(5), RE

LEASE SOFTWARE (fc3)

Technical Support: http://www.cisco.com/techsupport

Compiled Mon 31-Oct-05 18:02 by alnguyen

advertisement version: 2

VTP Management Domain: ''

Duplex: full

The routers are connected to each other over 2 fibre switches, ie each router's Ethernet interface is connected to a switch which then connects to another building over fibre.

Hope this helps

Cheers

Gary

wochanda · ‎08-06-2007

Kind of a tough one here. What I would do is:

1. Ping 224.0.0.2 from each router. If HSRP is turned on, each router should be listening on this multicast address as that is what HSRP is sent on. If one of the routers isn't responding on it, look for anything in the config that could be blocking it, and maybe try a reload.

2. Turn on 'debug standby', and see if it shows any errors that clue you in to what is going wrong.

Richard Burts · ‎08-06-2007

Gary

Thanks for posting the additional information. It does show connectivity between the routers according to CDP. I have looked at the show standby and at the config information and I do not see anything there that identifies the problem.

Am I correct in assuming that the switches that connect the routers are not Cisco switches? I wonder if the switches could be doing something that prevents the HSRP from getting through? Can you tell us anything else about these switches?

I like the suggestion of pinging 224.0.0.2. Beyond that the next thing I can think of is to run debug standby. It should show that the routers are sending standby messages and whether they are receiving standby messages. At this point I am guessing that they may not be receiving the standby messages from each other.

HTH

Rick

HTH

Rick

garybeach · ‎08-07-2007

Hi Rick

We have just insatlled a brand new Cisco 2811 as the backup ISDN router and that is still not talking HSRP to the leased line router!

I am getting no response from ping 224.0.0.2 from either router.

Extract from debug standby as follows:-

Backup ISD Router:-

Aug 7 11:33:29.354: HSRP: Fa0/0 Grp 1 Hello out 192.168.13.252 Active pri 10

0 vIP 192.168.13.254

*Aug 7 11:33:32.359: HSRP: Fa0/0 Grp 1 Hello out 192.168.13.252 Active pri 10

0 vIP 192.168.13.254

*Aug 7 11:33:35.364: HSRP: Fa0/0 Grp 1 Hello out 192.168.13.252 Active pri 10

0 vIP 192.168.13.254

*Aug 7 11:33:38.369: HSRP: Fa0/0 Grp 1 Hello out 192.168.13.252 Active pri 10

0 vIP 192.168.13.254

*Aug 7 11:33:40.653: HSRP: Fa0/0 API arp for proto, 192.168.13.254 is active vI

P

*Aug 7 11:33:41.374: HSRP: Fa0/0 Grp 1 Hello out 192.168.13.252 Active pri 10

0 vIP 192.168.13.254

*Aug 7 11:33:42.889: HSRP: Fa0/0 API arp for proto, 192.168.13.254 is active vI

P

*Aug 7 11:33:44.379: HSRP: Fa0/0 Grp 1 Hello out 192.168.13.252 Active pri 10

0 vIP 192.168.13.254

*Aug 7 11:33:45.405: HSRP: Fa0/0 API arp for proto, 192.168.13.254 is active vI

P

*Aug 7 11:33:47.384: HSRP: Fa0/0 Grp 1 Hello out 192.168.13.252 Active pri 10

0 vIP 192.168.13.254

*Aug 7 11:33:50.389: HSRP: Fa0/0 Grp 1 Hello out 192.168.13.252 Active pri 10

0 vIP 192.168.13.254

Leased Line Router:-

Aug 7 11:32:47: HSRP: Fa0/0 API arp for proto, 192.168.13.254 is active vIP

Aug 7 11:32:48: HSRP: Fa0/0 API arp for proto, 192.168.13.254 is active vIP

Aug 7 11:32:50: HSRP: Fa0/0 Grp 1 Hello out 192.168.13.253 Active pri 110 vIP

192.168.13.254

Aug 7 11:32:51: HSRP: Fa0/0 API arp for proto, 192.168.13.254 is active vIP

Aug 7 11:32:53: HSRP: Fa0/0 Grp 1 Hello out 192.168.13.253 Active pri 110 vIP

192.168.13.254

Aug 7 11:32:56: HSRP: Fa0/0 Grp 1 Hello out 192.168.13.253 Active pri 110 vIP

192.168.13.254

Aug 7 11:32:59: HSRP: Fa0/0 Grp 1 Hello out 192.168.13.253 Active pri 110 vIP

192.168.13.254

Aug 7 11:32:59: HSRP: Fa0/0 API arp for proto, 192.168.13.254 is active vIP

Aug 7 11:33:00: HSRP: Fa0/0 API arp for proto, 192.168.13.254 is active vIP

Aug 7 11:33:02: HSRP: Fa0/0 Grp 1 Hello out 192.168.13.253 Active pri 110 vIP

192.168.13.254

Aug 7 11:33:05: HSRP: Fa0/0 Grp 1 Hello out 192.168.13.253 Active pri 110 vIP

192.168.13.254

Aug 7 11:33:05: HSRP: Fa0/0 API arp for proto, 192.168.13.254 is active vIP

Aug 7 11:33:07: HSRP: Fa0/0 API arp for proto, 192.168.13.254 is active vIP

Aug 7 11:33:08: HSRP: Fa0/0 Grp 1 Hello out 192.168.13.253 Active pri 110 vIP

192.168.13.254

Hope this helps

Cheers

Gary

milan.kulik · ‎08-07-2007

Yes,

I recently met 3Com switches in default configuration blocking multicasts and making VRRP not working so.

It could be the same case with HSRP.

BR,

Milan

garybeach · ‎08-07-2007

Hi Milan

That is very interesting...apparently the remote site in question have just replaced some old 3Com switches with some new ones.

Certainly worth exploring!

Will update as soon as I have investigated.

Many Thanks

Gary

milan.kulik · ‎08-07-2007

Hi Gary,

but the routers do see each other via CDP which is also sent as an L2 multicast!

That's really strange...

Maybe the 3Coms are L2/L3 switches permitting L2 multicasts but denying L3 IP multicasts?

BR,

Milan

Richard Burts · ‎08-07-2007

Gary

The debug standby clearly shows that each router is sending HSRP packets and is not receiving any HSRP packets. The show CDP neighbor clearly shows that there is connectivity. So something must be blocking the HSRP packets and the switches are the logical thing that would be doing this. I like Milan's suggestion that perhaps the switches are doing something layer2/layer3 which is allowing the CDP multicast but not the HSRP multicast. Find out what you can about the switches and let us know.

HTH

Rick

HTH

Rick

garybeach · ‎08-07-2007

Hi Guys...

Well....well done to Milan and everyone else for their support.

It was indeed the 3Com switches blocking the HSRP traffic.

A colleague on the remote site has disabled the blocking function and HSRP is back up and working.

Thanks very much for all your assistance and input.

I will rate your posts shortly.

Many thanks

Gary