cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
877
Views
0
Helpful
12
Replies

HSRP shows both MSFCs to be Active instead of one Active and the Other Stan

moorepl
Level 1
Level 1

Uplinks changed from switchports to trunk ports.

I also needed to make changes to the 6509 Catos to allow trunking and set the native vlan and allowed vlans for the link.

After doing the above however, when you connect to the MSFCs on the 6509s and issue a Show Standby Brief command, it lists both MSFCs as being State = Active; Active Address = Local ; Standby Addr= Unknown.

Both 6509s can ping the physical 3550 switch vlan address, but when you try to ping from the two MSFCs, only the actual primary gateway(priority 200) will successfully ping the 3550 switch vlan address. I have checked all the connections and there are no hardware errors. The secondary vlan uses the default priority of 100, tracking 2 interfaces with different decremement values as shown. In order to restore connectivity I had to shutdown vlan 711 on the standby box(HOSTNAMEBC2). This is a server access switch so I need to restore redundancy asap. Anybody any ideas on this ?

HOSTNAMEBC1#SHO RUN INT VLan 711

Building configuration...

Current configuration : 281 bytes

!

interface Vlan711

ip address X.X.X.3 255.255.255.224

no ip redirects

no ip proxy-arp

ip route-cache flow

no ip mroute-cache

load-interval 60

arp timeout 28800

standby ip X.X.X.1

standby priority 200

standby preempt delay minimum 60

standby track Vlan99 150

end

HOSTNAMEBC1#show standby vlan 711

Vlan711 - Group 0

Local state is Active, priority 200, may preempt

Preemption delayed for at least 60 secs

Hellotime 3 sec, holdtime 10 sec

Next hello sent in 0.160

Virtual IP address is 9.x.x.1 configured

Active router is local

Standby router is unknown

Virtual mac address is 0000.0c07.ac00

17 state changes, last state change 3d19h

IP redundancy name is "hsrp-Vl711-0" (default)

Priority tracking 1 interface or object, 1 up:

Interface or object Decrement State

Vlan99 150 Up

HOSTNAMEBC2#sho run int vlan 711

Building configuration...

Current configuration : 285 bytes

!

interface Vlan711

ip address X.X.X.4 255.255.255.224

no ip redirects

no ip proxy-arp

ip route-cache flow

no ip mroute-cache

load-interval 60

arp timeout 28800

standby ip X.X.X.1

standby preempt delay minimum 60

standby track Vlan100 75

standby track Vlan711 38

end

HOSTNAMEBC2#sho stand vlan 711

Vlan711 - Group 0

Local state is Active, priority 150, may preempt

Preemption delayed for at least 60 secs

Hellotime 3 sec, holdtime 10 sec

Next hello sent in 1.450

Virtual IP address is X.X.X.1 configured

Active router is local

Standby router is unknown

Virtual mac address is 0000.0c07.ac00

19 state changes, last state change 00:11:18

IP redundancy name is "hsrp-Vl711-0" (default)

Priority tracking 2 interfaces or objects, 2 up:

Interface or object Decrement State

Vlan100 75 Up

Vlan711 38 Up

12 Replies 12

rajeshk200_2
Level 1
Level 1

are you getting reply when pinging msfc 2physical ip address of interface vlan 711 from msfc 1 and vice versa.

Regards,

Rajesh

No.... if I ping vlan 711 ip address x.x.x.5 on the 3550 switch, it will only ping from hostnameBC1, not hostnameBC2. However, if I connect to the Supervisor engine on the 6509, I can ping from both SupervisorBC1 and SupervisorBC2. Please remember that the above happens when the vlan is enabled on both MSFCs.. I had to shut the Vlan down on the redundant router in order to get it all to work. Once the vlan is shut down on the redundant router, I can ping the 3550 vlan 711 from both MSFCs.

limtohsoon
Level 1
Level 1

Hi,

In the first place, can HOSTNAMEBC1 ping to X.X.X.4 of HOSTNAMEBC2, and can HOSTNAMEBC2 ping to to X.X.X.3 of HOSTNAMEBC1? Do "show ip arp vlan 711" to verify.

If the ping fails, kindly make sure VLAN 711 spans these two switches. Check your trunk config, etc.

Thank you.

B.Rgds,

Lim TS

moorepl
Level 1
Level 1

The below text is missing from the top of the original posting.... sorry guys.

Hi

I recently made changes to a 3550 access layer vlan. I needed to make the following changes:

Vlan IP Address from 7th to 5th useable address in subnet.

Removed IP Default Gateway and replaced with Default IP Route to same address.(IP Routing needed to be enabled here)

Uplinks changed from switchports to trunk ports.

is trunking is configured between 3550 and 6500 and hsp configured between them.

if my understanding of your network is correct ...then check the trunk configuration between them

if u r dot1q then check native vlan is same for both the ends.

Regards,

Rajesh

Hi

Yes, Trunking from 3550 to 6509, and between the two 6509 MSFCs HSRP is running. Dot1q between the 3550 and the 6509 and native vlan is 711 on both ends. No problems with the trunking.

Hi,

You mentioned that you can ping the 3550 switch (vlan 711 ip address x.x.x.5) from both SupervisorBC1 and SupervisorBC2. Whether the CatOS sc0 is on Vlan 711 or not, the above test indicates that you should also be able to ping the 3550 switch from both MSFC hostnameBC1 and hostnameBC2.

Please do "sh ip arp vlan 711" on both MSFCs and check whether x.x.x.5 is successfully resolved? Also, can both MSFCs ping each other on Vlan 711?

If your problem persists, most likely it's Layer 2 issue. Verify all VLAN and trunk config on all the 3 switches. Also verify the resultant STP topology of VLAN 711 on the 3 switches.

HTH.

Thank you.

B.Rgds,

Lim TS

ragarwal123
Level 1
Level 1

Hi,

Try to make HSRP Group other than 0, and after making it once reboot both the switches.

Thank you.

Rahul Agarwal

Wipro Infotexh.

amit-singh
Level 8
Level 8

Hi,

What is the IOS version running on the MSFC's. Also which Sup's are being used in the chassis.

Seems to be some abnormal issue, it feels like both the MSFC are not able to see the hello packets from each other.That's why they both are claiming to be active on the same group.

What happens when you shut the vlan 711 off on BC1 box. Does the other MSFC take over and routes ??

Did you try connecting both the switches directly and see if the behaviour is still same.

HTH,

regards,

-amit singh

moorepl
Level 1
Level 1

Hi All

I went on-site last night to figure this out and make the same changes to a number of other Server access switches.

I noticed that the g0/2 uplink led was flashing amber, even though the trunk was up, the interface was up and there were no errors. I disconnected it, re-enabled the vlan on the standby MSFC but still the same problem. I had another fiber with me so I swapped it out and hey presto, its working. Sho Standby Brief shows primary and standby correctly now. Its as if the IOS considered the port to be UP/UP but in actual fact it wasn't. The other servers were changed without incident so was not on-site for too long..:-)

Thanks for everybodies input around this problem, it was greatly appreciated.

Paul

Hi Paul,

It's indeed a weird issue. Please update us if you have new findings.

In most of such cases that I encountered, the typical causes are as follows:

(1) Both MSFCs have inbound ACL on the VLAN interface, which implicitly denies HSRP messages (UDP port 1985).

(2) Or, in the case of "routers on a stick" model, either the VLAN is not created on one of the switches or the VLAN is not allowed on one of the trunks.

Thank you.

B.Rgds,

Lim TS

Hi,

Reconfigure SC1 interface for management of your switch (Vlan 711) and reconfigure SC0 for native VLAN 1 - "set interface SC0 1 0.0.0.0" and close the interface "set interface SC0 down".

I've experienced similar problems and changing the management interface on the CAT resolved this problem.

Let me know how you get on.

Thanks Chris

Review Cisco Networking for a $25 gift card