07-01-2023 09:08 PM
I have a configuration consisting of 2 routers meant to be in the same HSRP group, each connected to a L3 switch with routing enabled. The HSRP routers, however, are not communicating with each other because the HSRP packet stops at the L3 switches connected to each respective router. This is obviously problematic because it means no HSRP adjacency is formed and no redundant default route is established. I have verified connectivity between the two routers, and they are also both in the same OSPF area.
Any help is greatly appreciated! Thank you.
07-01-2023 10:00 PM
@michaeleastongodwin can you share the HSRP config
07-02-2023 01:19 AM
Hello
@michaeleastongodwin wrote:
The HSRP routers, however, are not communicating with each other because the HSRP packet stops at the L3 switches connected to each respective router.
Please note for HSRP to work the rtrs much share the same lan segment, this is because they use a same virtual HSRP mac address which means you cannot peer just over L3 connection and routing protocol such as ospf.
HSRP vips mac:
0000.0C07.AC.xx = version1
0000.0C9F.Fx.xx = version 2
0005.73A0.0x.xx = version 6 (ipv6)
07-02-2023 06:23 AM - edited 07-02-2023 06:30 AM
What you are seeing is by design: HSRP packets must not be forwarded between subnets (ie, cannot cross your switch operating at L3). Why? Because HSRP uses UDP packets with link-local dest multicast addresses to form adjacencies.
For HSRPv1, dest addr is 224.0.0.2; for v2 it is 224.0.0.102 (and ff02::66 for IPv6). All of these are link-local and a properly functioning router must not forward them from one subnet to another, preventing HSRP adjacencies from being formed between nodes on different subnets.
BTW... switching to VRRP will not help either, as it uses 224.0.0.18 as its dest addr, also link-local.
07-02-2023 06:30 AM
Hi
This will not work over routing protocol, you must provide direct connectivey on the routers or through a switch.
07-02-2023 07:13 AM
share the config, and topology
the HSRP can not work if
ip igmp snooping is enable <<- make issue in some SW platform
there is ACL in L3SW
there is no L2 connectivity between two HSRP router
you misconfig the interface and/or standby IP
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide