Solved: Re: HSRP standby router is unknow - Page 3

hnavi77 · ‎04-30-2022

Hello Team,

I am trying to figure out why my active HSRP router is not seeing the standby router (standby router is unknow).

**

D11(config)#do sh standby bri
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Vl10 0 150 P Active local unknown 10.10.10.254

**

I went with a very simple design to figure out what is happening.

I am using CML 3.0 with 2 routers (D11 and D12 -> HSRP) and a switch where i do have a desktop connected to it for testing purpose with one Interface vlan 10 on both routers. Switch device is configured with VLAN 10 only.

After debugging IP packet from both HSRP devices, i discovered that the active router (D11) is not receiving multicast IP address from D12. I do not have any ACL configured on any Routers and switches...

Below the configuration:

Active HSRP - Router D11

D11(config)#do sh run int g0/1
Building configuration...

Current configuration : 105 bytes
!
interface GigabitEthernet0/1
switchport access vlan 10
switchport mode access
negotiation auto
end

D11(config-if)#do sh run int vlan 10
Building configuration...

Current configuration : 150 bytes
!
interface Vlan10
ip address 10.10.10.1 255.255.255.0
standby version 2
standby 0 ip 10.10.10.254
standby 0 priority 150
standby 0 preempt
end

*************************************

Standby HSRP - Router D11

D12(config)#do sh run int gi0/1
Building configuration...

Current configuration : 105 bytes
!
interface GigabitEthernet0/1
switchport access vlan 10
switchport mode access
negotiation auto
end

D12(config)#do sh run int vlan 10
Building configuration...

Current configuration : 126 bytes
!
interface Vlan10
ip address 10.10.10.2 255.255.255.0
standby version 2
standby 0 ip 10.10.10.254
standby 0 preempt
end

********************************

Switch:

SW1(config)#do sh run int gi0/1
Building configuration...

Current configuration : 105 bytes
!
interface GigabitEthernet0/1
switchport access vlan 10
switchport mode access
negotiation auto
end

SW1(config)#do sh run int gi0/2
Building configuration...

Current configuration : 105 bytes
!
interface GigabitEthernet0/2
switchport access vlan 10
switchport mode access
negotiation auto
end

**********************************

Debugging from D11:

D11(config)#$ 100 permit udp host 10.10.10.2 host 224.0.0.102 eq 1985
D11(config)#$ 100 permit udp host 10.10.10.1 host 224.0.0.102 eq 1985

D11(config)#do debug ip pack 100
IP packet debugging is on for access list 100

D11(config)#
*Apr 29 16:38:30.496: IP: s=10.10.10.1 (local), d=224.0.0.102 (Vlan10), len 80, local feature, Auth Proxy(16), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Apr 29 16:38:30.496: IP: s=10.10.10.1 (local), d=224.0.0.102 (Vlan10), len 80, sending broad/multicast
*Apr 29 16:38:30.496: IP: s=10.10.10.1 (local), d=224.0.0.102 (Vlan10), len 80, sending full packet
D11(config)#

***************************

Debugging from D12:

D12(config)#do sh run | s access-list
access-list 100 permit udp host 10.10.10.2 host 224.0.0.102 eq 1985
access-list 100 permit udp host 10.10.10.1 host 224.0.0.102 eq 1985
D12(config)#do debug ip pack 100
IP packet debugging is on for access list 100

D12(config)#
*Apr 29 16:38:14.149: IP: s=10.10.10.1 (Vlan10), d=224.0.0.102, len 80, rcvd 0
*Apr 29 16:38:14.150: IP: s=10.10.10.1 (Vlan10), d=224.0.0.102, len 80, input feature, packet consumed, MCI Check(109), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Apr 29 16:38:14.495: IP: s=10.10.10.2 (local), d=224.0.0.102 (Vlan10), len 80, local feature, Auth Proxy(16), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Apr 29 16:38:14.496: IP: s=10.10.10.2 (local), d=224.0.0.102 (Vlan10), len 80, sending broad/multicast
*Apr 29 16:38:14.497: IP: s=10.10.10.2 (local), d=224.0.0.102 (Vlan10), len 80, sending full packet
D12(config)#

Thanks for your help, in advance if you can figure out what's going one.

David Ruess · ‎04-30-2022

Its definitely weird. I configured it in CML with minimal config like you (see attached) and it came up, even on a L2 image. Can you try erasing the config, reloading the devices and configuring again. Maybe try another VLAN. Could just be a weird bug.

-David

MHM Cisco World · ‎04-30-2022

Any Update friend after
remove direct connect and
op ip routing in SW1 ??

hnavi77 · ‎05-01-2022

@David Ruess

I did reconfigure the entire switches but experiencing the exact same problem.

Did you run on D11 and D12 this command - -> "sh standby brief"

***

D11(config-if)#do sh standby bri
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Vl10 1 150 P Active local unknown 10.10.10.254
D11(config-if)#

***

Would you please share your output?

The multicast packet generated from D12 is for some reason dropped by D11.

This is the reason D11 don't see this neighbor.

hnavi77 · ‎05-01-2022

@MHM Cisco World

I am not enabling IP routing on SW1. This switch needs to remain L2 only.

D11 and D12 have now a directly link where multicast is been shared between them.

The question now is why D11 doesn't accept multicast IP address from D12.

See attached documents. We can see both HSRP are connected together via an access vlan 10 port and multicast packets are exchanged. D11 and D12 are exchanging Hello messages via multicast, but D11 does not receive D11 multicast IP packet.

This is weird!

D11 = 10.10.10.1

D12 = 10.10.10.2

MHM Cisco World · ‎05-01-2022

5254.0000.0046 DYNAMIC <- duplicate mac address in both D11 and D12

so If I am right only use different port like
in D11 use g0/1
in D12 use g1/0

David Ruess · ‎05-01-2022

@hnavi77 I have attached the file with the requested output. I have the configuration of all 3 devices on there with separation indicators, and lower down the file I put an alternate port configuration that also works. They all should either be access port or all be trunk ports. It didn't work if access/trunk configuration was used. Please let me know if you have any questions.

D11#sh standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Vl10 0 150 P Active local 10.10.10.2 10.10.10.254

D12#sh standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Vl10 0 100 P Standby 10.10.10.1 local 10.10.10.254
D12#

-David

hnavi77 · ‎05-01-2022

@David Ruess

Thank you very much David for your help.

Everything is now clear to me. What i am seeing on my topology looks to be a cosmetic bug on CML 3.0

When i make the standby HSRP active, i see the same error from the secondary node as well.

Hopefully this does not impact HSRP feature as per my testing.

@MHM Cisco World

Thank you so much for your help too!

David Ruess · ‎05-01-2022

@hnavi77 @Glad to heard that cleared things up. Thank you for marking this post as solved.