Solved: Re: HSRP standby router is unknow - Page 2

hnavi77 · ‎04-30-2022

Hello Team,

I am trying to figure out why my active HSRP router is not seeing the standby router (standby router is unknow).

**

D11(config)#do sh standby bri
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Vl10 0 150 P Active local unknown 10.10.10.254

**

I went with a very simple design to figure out what is happening.

I am using CML 3.0 with 2 routers (D11 and D12 -> HSRP) and a switch where i do have a desktop connected to it for testing purpose with one Interface vlan 10 on both routers. Switch device is configured with VLAN 10 only.

After debugging IP packet from both HSRP devices, i discovered that the active router (D11) is not receiving multicast IP address from D12. I do not have any ACL configured on any Routers and switches...

Below the configuration:

Active HSRP - Router D11

D11(config)#do sh run int g0/1
Building configuration...

Current configuration : 105 bytes
!
interface GigabitEthernet0/1
switchport access vlan 10
switchport mode access
negotiation auto
end

D11(config-if)#do sh run int vlan 10
Building configuration...

Current configuration : 150 bytes
!
interface Vlan10
ip address 10.10.10.1 255.255.255.0
standby version 2
standby 0 ip 10.10.10.254
standby 0 priority 150
standby 0 preempt
end

*************************************

Standby HSRP - Router D11

D12(config)#do sh run int gi0/1
Building configuration...

Current configuration : 105 bytes
!
interface GigabitEthernet0/1
switchport access vlan 10
switchport mode access
negotiation auto
end

D12(config)#do sh run int vlan 10
Building configuration...

Current configuration : 126 bytes
!
interface Vlan10
ip address 10.10.10.2 255.255.255.0
standby version 2
standby 0 ip 10.10.10.254
standby 0 preempt
end

********************************

Switch:

SW1(config)#do sh run int gi0/1
Building configuration...

Current configuration : 105 bytes
!
interface GigabitEthernet0/1
switchport access vlan 10
switchport mode access
negotiation auto
end

SW1(config)#do sh run int gi0/2
Building configuration...

Current configuration : 105 bytes
!
interface GigabitEthernet0/2
switchport access vlan 10
switchport mode access
negotiation auto
end

**********************************

Debugging from D11:

D11(config)#$ 100 permit udp host 10.10.10.2 host 224.0.0.102 eq 1985
D11(config)#$ 100 permit udp host 10.10.10.1 host 224.0.0.102 eq 1985

D11(config)#do debug ip pack 100
IP packet debugging is on for access list 100

D11(config)#
*Apr 29 16:38:30.496: IP: s=10.10.10.1 (local), d=224.0.0.102 (Vlan10), len 80, local feature, Auth Proxy(16), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Apr 29 16:38:30.496: IP: s=10.10.10.1 (local), d=224.0.0.102 (Vlan10), len 80, sending broad/multicast
*Apr 29 16:38:30.496: IP: s=10.10.10.1 (local), d=224.0.0.102 (Vlan10), len 80, sending full packet
D11(config)#

***************************

Debugging from D12:

D12(config)#do sh run | s access-list
access-list 100 permit udp host 10.10.10.2 host 224.0.0.102 eq 1985
access-list 100 permit udp host 10.10.10.1 host 224.0.0.102 eq 1985
D12(config)#do debug ip pack 100
IP packet debugging is on for access list 100

D12(config)#
*Apr 29 16:38:14.149: IP: s=10.10.10.1 (Vlan10), d=224.0.0.102, len 80, rcvd 0
*Apr 29 16:38:14.150: IP: s=10.10.10.1 (Vlan10), d=224.0.0.102, len 80, input feature, packet consumed, MCI Check(109), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Apr 29 16:38:14.495: IP: s=10.10.10.2 (local), d=224.0.0.102 (Vlan10), len 80, local feature, Auth Proxy(16), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Apr 29 16:38:14.496: IP: s=10.10.10.2 (local), d=224.0.0.102 (Vlan10), len 80, sending broad/multicast
*Apr 29 16:38:14.497: IP: s=10.10.10.2 (local), d=224.0.0.102 (Vlan10), len 80, sending full packet
D12(config)#

Thanks for your help, in advance if you can figure out what's going one.

hnavi77 · ‎04-30-2022

Hi David,

Thanks for your recommandation.

I tried everything and nothing works. Currently i have all my links setup as Trunk and VTP is as well setup correctly.

I also ensured STP is not blocking ports between connected HSRP nodes.

As per what i can see on wireshark, the multicast traffic from D12 (standby HSRP node) is beeing sent out on the trunk link between both HSRP devices like you advice, but for some reason this D11(Active HSRP node) doesnt see it.

D12 has full visibility and as no issue.

I dont know if this issue is because i am using an L3 switches. I am pretty sure if i go with Routers i won't see this issue.

hnavi77 · ‎04-30-2022

D11(config)#do sh standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Vl10 0 150 P Active local unknown 10.10.10.254

***

D12(config-if)#do sh standby bri
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Vl10 0 100 P Standby 10.10.10.1 local 10.10.10.254
D12(config-if)#

hnavi77 · ‎04-30-2022

Thanks MHM,

They are already L3 switches:

D11(config)#do sh run all | s ip routing
ip routing protocol purge interface
ip routing
D11(config)#

**

D12(config)#do sh run all | s ip routing
ip routing protocol purge interface
ip routing
D12(config)#

Georg Pauwen · ‎04-30-2022

Hello,

--> I am using CML 3.0 with 2 routers (D11 and D12

What devices are D11 and D12 ? Post the output of 'sh ver'...

hnavi77 · ‎04-30-2022

Hello Georg,

D11(config)#do sh version
Cisco IOS Software, vios_l2 Software (vios_l2-ADVENTERPRISEK9-M), Experimental Version 15.2(20200924:215240) [sweickge-sep24-2020-l2iol-release 135]
Copyright (c) 1986-2020 by Cisco Systems, Inc.
Compiled Tue 29-Sep-20 11:53 by sweickge

ROM: Bootstrap program is IOSv

D11 uptime is 7 hours, 55 minutes
System returned to ROM by reload
System image file is "flash0:/vios_l2-adventerprisek9-m"

D12(config)#do sh version
Cisco IOS Software, vios_l2 Software (vios_l2-ADVENTERPRISEK9-M), Experimental Version 15.2(20200924:215240) [sweickge-sep24-2020-l2iol-release 135]
Copyright (c) 1986-2020 by Cisco Systems, Inc.
Compiled Tue 29-Sep-20 11:53 by sweickge

ROM: Bootstrap program is IOSv

D12 uptime is 7 hours, 57 minutes
System returned to ROM by reload
System image file is "flash0:/vios_l2-adventerprisek9-m"

thanks,

MHM Cisco World · ‎04-30-2022

OK,
can you share the
show mac-table
in SW and HSRP peer

David Ruess · ‎04-30-2022

@hnavi77 @Have you co figured the layer 2 vlan on all switches?

vlan 10

Creating the interface vlan 10 doesn’t create the layer 2 instance on the “D11 and D12” switch devices, so you need to create it on all devices. That may allow the L2 multicast.

-David

MHM Cisco World · ‎04-30-2022

""Because i am having similar issue in my more complex topology.""

you meaning in real network?
are you have right license to run HSRP in L3SW ??

MHM Cisco World · ‎04-30-2022

...

Richard Burts · ‎04-30-2022

In the posted configs I see only one interface configured as access port in vlan 10. How does vlan 10 get from D11 to D12?

to help us better understand this environment please post the output of these commands from both D11 and D12

show cdp neighbor

show interface status

show interface trunk

HTH

Rick

hnavi77 · ‎04-30-2022

Hello Richard,

Attached the print screen for SH command, SH VLAN and Design config.

VLAN 10 exist on all 3 switches.

From D11-> D12 we have trunk setup using vlan 10.

Spanning-tree is blocking port on Gi0/1 on D12.

MHM Cisco World · ‎04-30-2022

...

hnavi77 · ‎04-30-2022

@MHM, L3 switch works fine.

Added a new L3 switch (D13) and enabled OSPF using Loopback interface with D11.

D11(config-if)#router ospf 1
D11(config-router)#netw 7.0.0.0 0.0.0.255 area 0
D11(config-router)#
*Apr 29 22:22:44.789: %OSPF-5-ADJCHG: Process 1, Nbr 12.0.0.1 on GigabitEthernet0/3 from LOADING to FULL, Loading Done
D11(config-router)#

...

O E2 12.0.0.0 [110/20] via 7.0.0.1, 00:00:51, GigabitEthernet0/3

hnavi77 · ‎04-30-2022

@MHM Cisco World

All the links have now been configured as trunk to check the result.

but same problem.

Below the output of your request:

Vlan10 - Group 0 (version 2)
State is Active
Virtual IP address is 10.10.10.254
Active virtual MAC address is 0000.0c9f.f000 (MAC In Use)
Local virtual MAC address is 0000.0c9f.f000 (v2 default)

D11(config)#do sh mac address-table
Mac Address Table
-------------------------------------------

Vlan Mac Address Type Ports
---- ----------- -------- -----
1 5254.0000.003a DYNAMIC Gi0/1
1 5254.0000.0045 DYNAMIC Gi0/2
10 5254.0000.003a DYNAMIC Gi0/1
10 5254.0000.0046 DYNAMIC Gi0/1
Total Mac Addresses for this criterion: 4
D11(config)#

***

D12(config)#do sh mac address-table
Mac Address Table
-------------------------------------------

Vlan Mac Address Type Ports
---- ----------- -------- -----
1 5254.0000.003b DYNAMIC Gi0/1
10 0000.0c9f.f000 DYNAMIC Gi0/1
10 5254.0000.003b DYNAMIC Gi0/1
10 5254.0000.0046 DYNAMIC Gi0/1
Total Mac Addresses for this criterion: 4
D12(config)#

***

SW1(config)#do sh mac address-table
Mac Address Table
-------------------------------------------

Vlan Mac Address Type Ports
---- ----------- -------- -----
1 5254.0000.003f DYNAMIC Gi0/1
1 5254.0000.0043 DYNAMIC Gi0/2
10 0000.0c9f.f000 DYNAMIC Gi0/1
10 5254.0000.0046 DYNAMIC Gi1/0
10 5254.0000.800a DYNAMIC Gi0/2
Total Mac Addresses for this criterion: 5
SW1(config)#

Thanks,

MHM Cisco World · ‎04-30-2022

That ok

Meaning l3 is ok,
for trunk keep config as it.

there is different between two topology, in original post and later you change it!
please remove the direct interconnect link between the two HSRP peer

in SW1 that connect both HSRP peer
no ip routing