06-09-2023 12:19 PM - edited 06-09-2023 01:35 PM
Hi all
Hope you'll be able to help
We have 2 core switches and 2 access switches and 1 firewall
The core switches have HSRP Configured on all vlans where core 1 is is active for 2,3,4,5,6 and core 2 is active for vlan 90,21,100.
the vlans are also configurd with a IPsla the is pinging 8.8.8.8 so that if one of the links to firewall goes down the core with a active link to the firewall becomes the active HSRP for all vlans.
However when we test this by disconnecting one of links to the firewall we can see that the HSRP swaps over. BUT the vlans that swaps over virtual IP is not pingable but both vlan interfaces are. Please don't mind vlan 60 and 61
If you have any suggestions they are much apricated!
the script that is used for core 1
hostname DKARR-CSW01
!
banner motd '*******************************************************************************
*******************************************************************************
*******************************************************************************
***** *****
***** *****
***** Electrotech Solutions *****
***** *****
***** Maa kun anvendes til formaal godkendt af ETS IT administration *****
***** Uautoriseret adgang forbudt *****
***** *****
***** May only be used for purposes authorized by ETS IT management *****
***** Unauthorized access prohibited *****
***** *****
***** *****
***** *****
*******************************************************************************
*******************************************************************************
*******************************************************************************'
!
ip routing
ip domain name ets.local
crypto key generate rsa modulus 2048
ip ssh ver 2
line vty 0 4
access-class SSH-ACCESS in
transport input ssh
login local
line vty 5 15
access-class SSH-ACCESS in
transport input ssh
login local
exit
!
ip access-list standard SSH-ACCESS
permit 10.1.6.0 0.0.0.255
permit 10.1.90.0 0.0.0.255
!
vlan 2
vlan 3
vlan 4
vlan 5
vlan 6
vlan 60
vlan 61
vlan 90
vlan 91
vlan 999
!
interface vlan 999
description BLACKHOLE
no shutdown
!
interface range gig1/0/23-24
description Uplink- port-channel 1
channel-group 1 mode active!
!
interface Port-channel1
description Uplink-CSW02
switchport trunk native vlan 91
switchport mode trunk
!
interface vlan 2
description Accounting
ip address 10.1.2.252 255.255.255.0
ip helper-address 10.1.100.1
ip helper-address 10.1.100.2
standby 2 ip 10.1.2.254
standby 2 priority 110
standby 2 preempt
standby 2 track 1 decrement 20
!
interface vlan 3
description Sales
ip address 10.1.3.252 255.255.255.0
ip helper-address 10.1.100.1
ip helper-address 10.1.100.2
standby 3 ip 10.1.3.254
standby 3 priority 110
standby 3 preempt
standby 3 track 1 decrement 20
!
interface vlan 4
description Administration
ip address 10.1.4.252 255.255.255.0
ip helper-address 10.1.100.1
ip helper-address 10.1.100.2
standby 4 ip 10.1.4.254
standby 4 priority 110
standby 4 preempt
standby 4 track 1 decrement 20
!
interface vlan 5
description WiFi-Client
ip address 10.1.5.252 255.255.255.0
ip helper-address 10.1.100.1
ip helper-address 10.1.100.2
standby 5 ip 10.1.5.254
standby 5 priority 110
standby 5 preempt
standby 5 track 1 decrement 20
!
interface vlan 6
description IT
ip address 10.1.6.252 255.255.255.0
ip helper-address 10.1.100.1
ip helper-address 10.1.100.2
standby 6 ip 10.1.6.254
standby 6 priority 110
standby 6 preempt
standby 6 track 1 decrement 20
!
interface vlan 90
description Server-Management
ip address 10.1.90.252 255.255.255.0
ip helper-address 10.1.100.1
ip helper-address 10.1.100.2
standby 90 ip 10.1.90.254
standby 90 preempt
!
interface vlan 91
description Network-Management
ip address 10.1.91.252 255.255.255.0
ip helper-address 10.1.100.1
ip helper-address 10.1.100.2
standby 91 ip 10.1.91.254
Standby 91 preempt
!
interface vlan 100
description Server
ip address 10.1.100.252 255.255.255.0
ip helper-address 10.1.100.1
ip helper-address 10.1.100.2
standby 100 ip 10.1.100.254
standby 100 preempt
!
interface vlan 60
description DMZ
ip address 192.168.0.252 255.255.255.0
standby 60 ip 192.168.0.254
!
interface vlan 61
description WiFi-Guset
ip address 192.168.1.252 255.255.255.0
ip helper-address 10.1.100.1
ip helper-address 10.1.100.2
ip access-group GuestWifi in
standby 61 ip 192.168.1.254
standby 61 priority 110
standby 61 preempt
standby 61 track 1 decrement 20
!
interface gig1/0/3
description group-channel2
channel-group 2 mode active
no switchport
no shutdown
!
interface gig1/0/4
description group-channel2
channel-group 2 mode active
no switchport
no shutdown
!
interface port-channel 2
description Uplink-Fw
no switchport
ip address 172.21.1.2 255.255.255.252
no shutdown
!
interface gig1/0/1
description Uplink->DKAAR-ASW01
switchport mode trunk
switchport trunk native vlan 91
no shutdown
!
interface gig1/0/2
description Uplink->DKAAR-ASW02
switchport mode trunk
switchport trunk native vlan 91
no shutdown
!
router ospf 1
redistribute connected
network 172.21.1.0 0.0.0.3 area 0
!
interface range gig1/0/5-22
description Disabled-Port
switchport access vlan 999
switchport mode access
shutdown
!
ip sla 1
icmp-echo 8.8.8.8 source-ip 10.1.91.252
frequency 5
exit
!
ip sla schedule 1 life forever start-time now
track 1 ip sla 1 reachability
the script that is used for core 2
en
conf t
hostname DKARR-CSW02
!
banner motd '*******************************************************************************
*******************************************************************************
*******************************************************************************
***** *****
***** *****
***** Electrotech Solutions *****
***** *****
***** Maa kun anvendes til formaal godkendt af ETS IT administration *****
***** Uautoriseret adgang forbudt *****
***** *****
***** May only be used for purposes authorized by ETS IT management *****
***** Unauthorized access prohibited *****
***** *****
***** *****
***** *****
*******************************************************************************
*******************************************************************************
*******************************************************************************'
!
ip routing
ip domain name ets.local
crypto key generate rsa modulus 2048
ip ssh ver 2
line vty 0 4
access-class SSH-ACCESS in
transport input ssh
login local
line vty 5 15
access-class SSH-ACCESS in
transport input ssh
login local
exit
!
ip access-list standard SSH-ACCESS
permit 10.1.6.0 0.0.0.255
permit 10.1.90.0 0.0.0.255
!
vlan 2
vlan 3
vlan 4
vlan 5
vlan 6
vlan 60
vlan 61
vlan 90
vlan 91
vlan 999
!
interface vlan 999
description BLACKHOLE
no shutdown
!
interface range gig1/0/23-24
description Uplink- port-channel 1
channel-group 1 mode active
!
interface Port-channel1
description Uplink-CSW01
switchport trunk native vlan 91
switchport mode trunk
!
interface vlan 2
description Accounting
ip address 10.1.2.253 255.255.255.0
ip helper-address 10.1.100.1
ip helper-address 10.1.100.2
standby 2 ip 10.1.2.254
standby 2 preempt
!
interface vlan 3
description Sales
ip address 10.1.3.253 255.255.255.0
ip helper-address 10.1.100.1
ip helper-address 10.1.100.2
standby 3 ip 10.1.3.254
standby 3 preempt
!
interface vlan 4
description Administration
ip address 10.1.4.253 255.255.255.0
ip helper-address 10.1.100.1
ip helper-address 10.1.100.2
standby 4 ip 10.1.4.254
standby 4 preempt
!
interface vlan 5
description WiFi-Client
ip address 10.1.5.253 255.255.255.0
ip helper-address 10.1.100.1
ip helper-address 10.1.100.2
standby 5 ip 10.1.5.254
standby 5 preempt
!
interface vlan 6
description IT
ip address 10.1.6.253 255.255.255.0
ip helper-address 10.1.100.1
ip helper-address 10.1.100.2
standby 6 ip 10.1.6.254
standby 6 preempt
!
interface vlan 90
description Server-Management
ip address 10.1.90.253 255.255.255.0
ip helper-address 10.1.100.1
ip helper-address 10.1.100.2
standby 90 ip 10.1.90.254
standby 90 priority 110
standby 90 preempt
standby 90 track 1 decrement 20
!
interface vlan 91
description Network-Management
ip address 10.1.91.253 255.255.255.0
ip helper-address 10.1.100.1
ip helper-address 10.1.100.2
standby 91 ip 10.1.91.254
standby 91 priority 110
standby 91 preempt
standby 91 track 1 decrement 20
!
interface vlan 100
description Server
ip address 10.1.100.253 255.255.255.0
ip helper-address 10.1.100.1
ip helper-address 10.1.100.2
standby 100 ip 10.1.100.254
standby 100 priority 110
standby 100 preempt
standby 100 track 1 decrement 20
!
interface vlan 60
description DMZ
ip address 192.168.0.253 255.255.255.0
standby 60 ip 192.168.0.254
!
interface vlan 61
description WiFi-Guset
ip address 192.168.1.253 255.255.255.0
ip helper-address 10.1.100.1
ip helper-address 10.1.100.2
ip access-group GuestWifi in
standby 61 ip 192.168.1.254
standby 61 preempt
!
interface gig1/0/3
no switchport
description port-channel2
channel-group 2 mode active
!
interface gig1/0/4
no switchport
description port-channel2
channel-group 2 mode active
!
interface port-channel 2
description Uplink-Fw
no switchport
ip address 172.21.1.6 255.255.255.252
no shutdown
!
interface gig1/0/1
description Uplink->DKAAR-ASW01
switchport mode trunk
switchport trunk native vlan 91
no shutdown
!
interface gig1/0/2
description Uplink->DKAAR-ASW02
switchport mode trunk
switchport trunk native vlan 91
no shutdown
!
router ospf 1
redistribute connected
network 172.21.1.4 0.0.0.3 area 0
!
interface range gig1/0/5-22
description Disabled-Port
switchport access vlan 999
switchport mode access
shutdown
!
ip sla 1
icmp-echo 8.8.8.8 source-ip 10.1.91.253
frequency 5
exit
!
ip sla schedule 1 life forever start-time now
track 1 ip sla 1 reachability
the script that is used for access 1
en
conf t
hostname DKARR-ASW01
!
banner motd '*******************************************************************************
*******************************************************************************
*******************************************************************************
***** *****
***** *****
***** Electrotech Solutions *****
***** *****
***** Maa kun anvendes til formaal godkendt af ETS IT administration *****
***** Uautoriseret adgang forbudt *****
***** *****
***** May only be used for purposes authorized by ETS IT management *****
***** Unauthorized access prohibited *****
***** *****
***** *****
***** *****
*******************************************************************************
*******************************************************************************
*******************************************************************************'
!
ip domain name ets.local
crypto key generate rsa modulus 2048
ip ssh ver 2
line vty 0 4
access-class SSH-ACCESS in
transport input ssh
login local
line vty 5 15
access-class SSH-ACCESS in
transport input ssh
login local
exit
!
vlan 2
vlan 3
vlan 4
vlan 5
vlan 6
vlan 90
vlan 91
vlan 999
!
interface vlan 999
description BLACK-HOLE
!
interface vlan 2
description Accounting
!
interface vlan 3
description Sales
!
interface vlan 4
description Administration
!
interface vlan 5
description WiFi-Client
!
interface vlan 6
description IT
!
interface vlan 90
description Server-Managemnet
!
Interface vlan 91
description Network-Managemnet
ip address 10.1.91.1 255.255.255.0
!
interface vlan 100
description Server
exit
!
ip default-gateway 10.1.91.254
!
ip access-list standard SSH-ACCESS
permit 10.1.6.0 0.0.0.255
permit 10.1.90.0 0.0.0.255
!
interface GigabitEthernet1/0/1
description Uplink->CSW01
switchport mode trunk
switchport trunk native vlan 91
no shutdown
!
interface GigabitEthernet1/0/2
description Uplink->CSW02
switchport mode trunk
switchport trunk native vlan 91
no shutdown
!
interface range gigabitEthernet1/0/3-6
switchport mode access
switchport access vlan 6
spanning-tree portfast
!
interface range gigabitEthernet1/0/7-8
switchport mode access
switchport access vlan 90
spanning-tree portfast
!
interface range gigabitEthernet1/0/9-12
switchport mode access
switchport access vlan 100
spanning-tree portfast
!
interface range gigabitEthernet1/0/13-45
description Disabled-Port
switchport access vlan 999
switchport mode access
switchport port-security maximum 5
switchport port-security
switchport port-security violation restrict
shutdown
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/46
description MGMT to ETS-HV01 port 0
switchport access vlan 90
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/47
description Uplink to ETS-HV02 port 2
switchport mode trunk
no shutdown
!
interface GigabitEthernet1/0/48
description Uplink to ETS-HV01 port 1
switchport mode trunk
no shutdown
the script that is used for access 2
en
conf t
hostname DKARR-ASW02
!
banner motd '*******************************************************************************
*******************************************************************************
*******************************************************************************
***** *****
***** *****
***** Electrotech Solutions *****
***** *****
***** Maa kun anvendes til formaal godkendt af ETS IT administration *****
***** Uautoriseret adgang forbudt *****
***** *****
***** May only be used for purposes authorized by ETS IT management *****
***** Unauthorized access prohibited *****
***** *****
***** *****
***** *****
*******************************************************************************
*******************************************************************************
*******************************************************************************'
!
ip domain name ets.local
crypto key generate rsa modulus 2048
ip ssh ver 2
line vty 0 4
access-class SSH-ACCESS in
transport input ssh
login local
line vty 5 15
access-class SSH-ACCESS in
transport input ssh
login local
exit
!
vlan 2
vlan 3
vlan 4
vlan 5
vlan 6
vlan 90
vlan 91
vlan 999
!
interface vlan 999
description BLACK-HOLE
!
interface vlan 2
description Accounting
!
interface vlan 3
description Sales
!
interface vlan 4
description Administration
!
interface vlan 5
description WiFi-Client
!
interface vlan 6
description IT
!
interface vlan 90
description Server-Managemnet
!
interface vlan 91
description Network-Managemnet
ip address 10.1.91.2 255.255.255.0
!
interface vlan 100
description Server
exit
!
ip default-gateway 10.1.91.254
!
ip access-list standard SSH-ACCESS
permit 10.1.6.0 0.0.0.255
permit 10.1.90.0 0.0.0.255
!
interface GigabitEthernet1/0/1
description Uplink->CSW01
switchport mode trunk
switchport trunk native vlan 91
!
interface GigabitEthernet1/0/2
description Uplink->CSW02
switchport mode trunk
switchport trunk native vlan 91
!
interface range gigabitEthernet1/0/3-6
switchport mode access
switchport access vlan 6
spanning-tree portfast
!
interface range gigabitEthernet1/0/7-8
switchport mode access
switchport access vlan 90
spanning-tree portfast
!
interface range gigabitEthernet1/0/9-12
switchport mode access
switchport access vlan 100
spanning-tree portfast
!
interface range gigabitEthernet1/0/13-45
description Disabled-Port
switchport access vlan 999
switchport mode access
switchport port-security maximum 5
switchport port-security
switchport port-security violation restrict
shutdown
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/46
description MGMT to ETS-HV02 port 0
switchport access vlan 90
switchport mode access
ip arp inspection trust
ip dhcp snooping trust
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/47
description Uplink to ETS-HV01 port 2
switchport mode trunk
no shutdown
!
interface GigabitEthernet1/0/48
description Uplink to ETS-HV02 port 1
switchport mode trunk
no shutdown
06-09-2023 12:26 PM
can you share show track and show ip sla summary when you do test of failover ?
06-09-2023 12:40 PM
06-09-2023 02:06 PM - edited 06-09-2023 02:06 PM
check this point
06-09-2023 02:41 PM
I'll replay with the above info after this one.
I posted something that is now gone...
So i'll try and merge it together. After i reset all the switches i was missing the "ip sla schedule 1 life forever start-time now" therefore CORE 1 was active on all vlans. now when i entered the command. CORE 2 became active for 90,91 and 100 and I lost connection to the servers. the werid thing is that form core 1 i can ping 253 but not the VIP 254. but from Core 2 i can ping the VIP 254. I know for a fact the servers can't reach 254 either otherwise I would be able to see them online.
I don't know if i'm trying to do something impossible here if so please tell.
DKARR-CSW01#sh standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Vl2 2 110 P Active local 10.1.2.253 10.1.2.254
Vl3 3 110 P Active local 10.1.3.253 10.1.3.254
Vl4 4 110 P Active local 10.1.4.253 10.1.4.254
Vl5 5 110 P Active local 10.1.5.253 10.1.5.254
Vl6 6 110 P Active local 10.1.6.253 10.1.6.254
Vl60 60 100 Standby 192.168.0.253 local 192.168.0.254
Vl61 61 110 P Active local 192.168.1.253 192.168.1.254
Vl90 90 100 P Standby 10.1.90.253 local 10.1.90.254
Vl91 91 100 P Standby 10.1.91.253 local 10.1.91.254
Vl100 100 100 P Standby 10.1.100.253 local 10.1.100.254
DKARR-CSW01#ping 10.1.91.253
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.91.253, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
DKARR-CSW01#ping 10.1.91.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.91.254, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
DKARR-CSW01#show track
Track 1
IP SLA 1 reachability
Reachability is Up
2 changes, last change 00:14:06
Latest operation return code: OK
Latest RTT (millisecs) 6
Tracked by:
HSRP Vlan2 2
HSRP Vlan3 3
HSRP Vlan4 4
HSRP Vlan5 5
HSRP Vlan6 6
HSRP Vlan61 61
DKARR-CSW01#sh ip sla su
DKARR-CSW01#sh ip sla summary
IPSLAs Latest Operation Summary
Codes: * active, ^ inactive, ~ pending
All Stats are in milliseconds. Stats with u are in microseconds
ID Type Destination Stats Return Last
Code Run
-----------------------------------------------------------------------
*1 icmp-echo 8.8.8.8 RTT=6 OK 2 seconds ago
DKARR-CSW02#sh standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Vl2 2 100 P Standby 10.1.2.252 local 10.1.2.254
Vl3 3 100 P Standby 10.1.3.252 local 10.1.3.254
Vl4 4 100 P Standby 10.1.4.252 local 10.1.4.254
Vl5 5 100 P Standby 10.1.5.252 local 10.1.5.254
Vl6 6 100 P Standby 10.1.6.252 local 10.1.6.254
Vl60 60 100 Active local 192.168.0.252 192.168.0.254
Vl61 61 100 P Standby 192.168.1.252 local 192.168.1.254
Vl90 90 110 P Active local 10.1.90.252 10.1.90.254
Vl91 91 110 P Active local 10.1.91.252 10.1.91.254
Vl100 100 110 P Active local 10.1.100.252 10.1.100.254
DKARR-CSW02#sh
DKARR-CSW02#show tr
DKARR-CSW02#show trac
DKARR-CSW02#show track
Track 1
IP SLA 1 reachability
Reachability is Up
2 changes, last change 00:21:24
Latest operation return code: OK
Latest RTT (millisecs) 6
Tracked by:
HSRP Vlan90 90
HSRP Vlan91 91
HSRP Vlan100 100
DKARR-CSW02#show ip sla
DKARR-CSW02#show ip sla su
DKARR-CSW02#show ip sla summary
IPSLAs Latest Operation Summary
Codes: * active, ^ inactive, ~ pending
All Stats are in milliseconds. Stats with u are in microseconds
ID Type Destination Stats Return Last
Code Run
-----------------------------------------------------------------------
*1 icmp-echo 8.8.8.8 RTT=6 OK 1 seconds ago
06-09-2023 02:45 PM
Yes it is a layer 2 link on a port channel
CORE 2
STP
VLAN0091
Spanning tree enabled protocol rstp
Root ID Priority 32859
Address 5c3e.06f4.1900
Cost 4
Port 2 (GigabitEthernet1/0/2)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32859 (priority 32768 sys-id-ext 91)
Address c064.e4d1.de00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi1/0/1 Desg FWD 4 128.1 P2p
Gi1/0/2 Root FWD 4 128.2 P2p
Po1 Altn BLK 3 128.2281 P2p
CORE 1
DKARR-CSW01#sh standby
Vlan2 - Group 2
State is Active
2 state changes, last state change 00:53:13
Virtual IP address is 10.1.2.254
Active virtual MAC address is 0000.0c07.ac02 (MAC In Use)
Local virtual MAC address is 0000.0c07.ac02 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.224 secs
Preemption enabled
Active router is local
Standby router is 10.1.2.253, priority 100 (expires in 9.152 sec)
Priority 110 (configured 110)
Track object 1 state Up decrement 20
Group name is "hsrp-Vl2-2" (default)
FLAGS: 0/1
Vlan3 - Group 3
State is Active
2 state changes, last state change 00:53:15
Virtual IP address is 10.1.3.254
Active virtual MAC address is 0000.0c07.ac03 (MAC In Use)
Local virtual MAC address is 0000.0c07.ac03 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.152 secs
Preemption enabled
Active router is local
Standby router is 10.1.3.253, priority 100 (expires in 9.056 sec)
Priority 110 (configured 110)
Track object 1 state Up decrement 20
Group name is "hsrp-Vl3-3" (default)
FLAGS: 0/1
Vlan4 - Group 4
State is Active
2 state changes, last state change 00:53:15
Virtual IP address is 10.1.4.254
Active virtual MAC address is 0000.0c07.ac04 (MAC In Use)
Local virtual MAC address is 0000.0c07.ac04 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.920 secs
Preemption enabled
Active router is local
Standby router is 10.1.4.253, priority 100 (expires in 10.208 sec)
Priority 110 (configured 110)
Track object 1 state Up decrement 20
Group name is "hsrp-Vl4-4" (default)
FLAGS: 0/1
Vlan5 - Group 5
State is Active
2 state changes, last state change 00:53:15
Virtual IP address is 10.1.5.254
Active virtual MAC address is 0000.0c07.ac05 (MAC In Use)
Local virtual MAC address is 0000.0c07.ac05 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.736 secs
Preemption enabled
Active router is local
Standby router is 10.1.5.253, priority 100 (expires in 8.512 sec)
Priority 110 (configured 110)
Track object 1 state Up decrement 20
Group name is "hsrp-Vl5-5" (default)
FLAGS: 0/1
Vlan6 - Group 6
State is Active
2 state changes, last state change 00:53:14
Virtual IP address is 10.1.6.254
Active virtual MAC address is 0000.0c07.ac06 (MAC In Use)
Local virtual MAC address is 0000.0c07.ac06 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.360 secs
Preemption enabled
Active router is local
Standby router is 10.1.6.253, priority 100 (expires in 10.336 sec)
Priority 110 (configured 110)
Track object 1 state Up decrement 20
Group name is "hsrp-Vl6-6" (default)
FLAGS: 0/1
Vlan60 - Group 60
State is Standby
1 state change, last state change 00:53:50
Virtual IP address is 192.168.0.254
Active virtual MAC address is 0000.0c07.ac3c (MAC Not In Use)
Local virtual MAC address is 0000.0c07.ac3c (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.552 secs
Preemption disabled
Active router is 192.168.0.253, priority 100 (expires in 8.496 sec)
Standby router is local
Priority 100 (default 100)
Group name is "hsrp-Vl60-60" (default)
FLAGS: 0/1
Vlan61 - Group 61
State is Active
2 state changes, last state change 00:53:12
Virtual IP address is 192.168.1.254
Active virtual MAC address is 0000.0c07.ac3d (MAC In Use)
Local virtual MAC address is 0000.0c07.ac3d (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.080 secs
Preemption enabled
Active router is local
Standby router is 192.168.1.253, priority 100 (expires in 10.272 sec)
Priority 110 (configured 110)
Track object 1 state Up decrement 20
Group name is "hsrp-Vl61-61" (default)
FLAGS: 0/1
Vlan90 - Group 90
State is Standby
3 state changes, last state change 00:50:27
Virtual IP address is 10.1.90.254
Active virtual MAC address is 0000.0c07.ac5a (MAC Not In Use)
Local virtual MAC address is 0000.0c07.ac5a (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.216 secs
Preemption enabled
Active router is 10.1.90.253, priority 110 (expires in 8.704 sec)
Standby router is local
Priority 100 (default 100)
Group name is "hsrp-Vl90-90" (default)
FLAGS: 0/1
Vlan91 - Group 91
State is Standby
3 state changes, last state change 00:50:28
Virtual IP address is 10.1.91.254
Active virtual MAC address is 0000.0c07.ac5b (MAC Not In Use)
Local virtual MAC address is 0000.0c07.ac5b (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 2.560 secs
Preemption enabled
Active router is 10.1.91.253, priority 110 (expires in 9.888 sec)
Standby router is local
Priority 100 (default 100)
Group name is "hsrp-Vl91-91" (default)
FLAGS: 0/1
Vlan100 - Group 100
State is Standby
3 state changes, last state change 00:50:28
Virtual IP address is 10.1.100.254
Active virtual MAC address is 0000.0c07.ac64 (MAC Not In Use)
Local virtual MAC address is 0000.0c07.ac64 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.512 secs
Preemption enabled
Active router is 10.1.100.253, priority 110 (expires in 10.528 sec)
Standby router is local
Priority 100 (default 100)
Group name is "hsrp-Vl100-100" (default)
FLAGS: 0/1
ASW01
DKARR-ASW01#show mac address
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
All 0100.0ccc.cccc STATIC CPU
All 0100.0ccc.cccd STATIC CPU
All 0180.c200.0000 STATIC CPU
All 0180.c200.0001 STATIC CPU
All 0180.c200.0002 STATIC CPU
All 0180.c200.0003 STATIC CPU
All 0180.c200.0004 STATIC CPU
All 0180.c200.0005 STATIC CPU
All 0180.c200.0006 STATIC CPU
All 0180.c200.0007 STATIC CPU
All 0180.c200.0008 STATIC CPU
All 0180.c200.0009 STATIC CPU
All 0180.c200.000a STATIC CPU
All 0180.c200.000b STATIC CPU
All 0180.c200.000c STATIC CPU
All 0180.c200.000d STATIC CPU
All 0180.c200.000e STATIC CPU
All 0180.c200.000f STATIC CPU
All 0180.c200.0010 STATIC CPU
All 0180.c200.0021 STATIC CPU
All ffff.ffff.ffff STATIC CPU
1 6cdd.30ce.8b01 DYNAMIC Gi1/0/1
2 0000.0c07.ac02 DYNAMIC Gi1/0/1
2 5c3e.06fe.09f7 STATIC Vl2
2 6cdd.30ce.8b01 DYNAMIC Gi1/0/1
2 c064.e4d1.de77 DYNAMIC Gi1/0/1
3 0000.0c07.ac03 DYNAMIC Gi1/0/1
3 5c3e.06fe.09e7 STATIC Vl3
3 6cdd.30ce.8b01 DYNAMIC Gi1/0/1
3 c064.e4d1.de67 DYNAMIC Gi1/0/1
4 0000.0c07.ac04 DYNAMIC Gi1/0/1
4 5c3e.06fe.09d7 STATIC Vl4
4 6cdd.30ce.8b01 DYNAMIC Gi1/0/1
4 c064.e4d1.de57 DYNAMIC Gi1/0/1
5 0000.0c07.ac05 DYNAMIC Gi1/0/1
5 5c3e.06fe.09c7 STATIC Vl5
5 6cdd.30ce.8b01 DYNAMIC Gi1/0/1
5 c064.e4d1.de47 DYNAMIC Gi1/0/1
6 0000.0c07.ac06 DYNAMIC Gi1/0/1
6 5c3e.06fe.09f7 STATIC Vl6
6 6cdd.30ce.8b01 DYNAMIC Gi1/0/1
6 c064.e4d1.de77 DYNAMIC Gi1/0/1
90 0000.0c07.ac5a DYNAMIC Gi1/0/1
90 000c.29ba.8c54 DYNAMIC Gi1/0/1
90 0050.5699.82c6 DYNAMIC Gi1/0/1
90 5c3e.06fe.09e9 STATIC Vl90
90 6c3c.8c18.5510 DYNAMIC Gi1/0/1
90 6c3c.8c18.55d8 DYNAMIC Gi1/0/46
90 6cdd.30ce.8b01 DYNAMIC Gi1/0/1
90 6cdd.30ce.8b69 DYNAMIC Gi1/0/1
90 c064.e4d1.de69 DYNAMIC Gi1/0/1
91 0000.0c07.ac5b DYNAMIC Gi1/0/1
91 5c3e.06fe.09d9 STATIC Vl91
91 6cdd.30ce.8b01 DYNAMIC Gi1/0/1
91 6cdd.30ce.8b59 DYNAMIC Gi1/0/1
91 c064.e4d1.de59 DYNAMIC Gi1/0/1
100 0000.0c07.ac64 DYNAMIC Gi1/0/1
100 000c.2926.ee1b DYNAMIC Gi1/0/48
100 000c.295b.b5fd DYNAMIC Gi1/0/48
100 000c.29a9.116f DYNAMIC Gi1/0/48
100 000c.29d9.b135 DYNAMIC Gi1/0/1
100 0050.5699.f422 DYNAMIC Gi1/0/48
100 5c3e.06fe.09d1 STATIC Vl100
100 6cdd.30ce.8b01 DYNAMIC Gi1/0/1
100 6cdd.30ce.8b51 DYNAMIC Gi1/0/1
100 c064.e4d1.de51 DYNAMIC Gi1/0/1
999 5c3e.06fe.09c3 STATIC Vl999
999 6cdd.30ce.8b01 DYNAMIC Gi1/0/1
CORE 2
DKARR-CSW02#sh standby
Vlan2 - Group 2
State is Standby
4 state changes, last state change 00:59:27
Virtual IP address is 10.1.2.254
Active virtual MAC address is 0000.0c07.ac02 (MAC Not In Use)
Local virtual MAC address is 0000.0c07.ac02 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.624 secs
Preemption enabled
Active router is 10.1.2.252, priority 110 (expires in 9.600 sec)
Standby router is local
Priority 100 (default 100)
Group name is "hsrp-Vl2-2" (default)
Vlan3 - Group 3
State is Standby
4 state changes, last state change 00:59:27
Virtual IP address is 10.1.3.254
Active virtual MAC address is 0000.0c07.ac03 (MAC Not In Use)
Local virtual MAC address is 0000.0c07.ac03 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.784 secs
Preemption enabled
Active router is 10.1.3.252, priority 110 (expires in 9.552 sec)
Standby router is local
Priority 100 (default 100)
Group name is "hsrp-Vl3-3" (default)
Vlan4 - Group 4
State is Standby
4 state changes, last state change 00:59:27
Virtual IP address is 10.1.4.254
Active virtual MAC address is 0000.0c07.ac04 (MAC Not In Use)
Local virtual MAC address is 0000.0c07.ac04 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.848 secs
Preemption enabled
Active router is 10.1.4.252, priority 110 (expires in 10.016 sec)
Standby router is local
Priority 100 (default 100)
Group name is "hsrp-Vl4-4" (default)
Vlan5 - Group 5
State is Standby
4 state changes, last state change 00:59:27
Virtual IP address is 10.1.5.254
Active virtual MAC address is 0000.0c07.ac05 (MAC Not In Use)
Local virtual MAC address is 0000.0c07.ac05 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 2.384 secs
Preemption enabled
Active router is 10.1.5.252, priority 110 (expires in 10.112 sec)
Standby router is local
Priority 100 (default 100)
Group name is "hsrp-Vl5-5" (default)
Vlan6 - Group 6
State is Standby
4 state changes, last state change 00:59:28
Virtual IP address is 10.1.6.254
Active virtual MAC address is 0000.0c07.ac06 (MAC Not In Use)
Local virtual MAC address is 0000.0c07.ac06 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.648 secs
Preemption enabled
Active router is 10.1.6.252, priority 110 (expires in 8.416 sec)
Standby router is local
Priority 100 (default 100)
Group name is "hsrp-Vl6-6" (default)
Vlan60 - Group 60
State is Active
2 state changes, last state change 01:03:42
Virtual IP address is 192.168.0.254
Active virtual MAC address is 0000.0c07.ac3c (MAC In Use)
Local virtual MAC address is 0000.0c07.ac3c (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.640 secs
Preemption disabled
Active router is local
Standby router is 192.168.0.252, priority 100 (expires in 9.872 sec)
Priority 100 (default 100)
Group name is "hsrp-Vl60-60" (default)
Vlan61 - Group 61
State is Standby
4 state changes, last state change 00:59:24
Virtual IP address is 192.168.1.254
Active virtual MAC address is 0000.0c07.ac3d (MAC Not In Use)
Local virtual MAC address is 0000.0c07.ac3d (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.328 secs
Preemption enabled
Active router is 192.168.1.252, priority 110 (expires in 7.840 sec)
Standby router is local
Priority 100 (default 100)
Group name is "hsrp-Vl61-61" (default)
Vlan90 - Group 90
State is Active
5 state changes, last state change 00:57:02
Virtual IP address is 10.1.90.254
Active virtual MAC address is 0000.0c07.ac5a (MAC In Use)
Local virtual MAC address is 0000.0c07.ac5a (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 2.288 secs
Preemption enabled
Active router is local
Standby router is 10.1.90.252, priority 100 (expires in 8.464 sec)
Priority 110 (configured 110)
Track object 1 state Up decrement 20
Group name is "hsrp-Vl90-90" (default)
Vlan91 - Group 91
State is Active
5 state changes, last state change 00:57:03
Virtual IP address is 10.1.91.254
Active virtual MAC address is 0000.0c07.ac5b (MAC In Use)
Local virtual MAC address is 0000.0c07.ac5b (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.880 secs
Preemption enabled
Active router is local
Standby router is 10.1.91.252, priority 100 (expires in 9.696 sec)
Priority 110 (configured 110)
Track object 1 state Up decrement 20
Group name is "hsrp-Vl91-91" (default)
Vlan100 - Group 100
State is Active
5 state changes, last state change 00:57:03
Virtual IP address is 10.1.100.254
Active virtual MAC address is 0000.0c07.ac64 (MAC In Use)
Local virtual MAC address is 0000.0c07.ac64 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 2.896 secs
Preemption enabled
Active router is local
Standby router is 10.1.100.252, priority 100 (expires in 9.936 sec)
Priority 110 (configured 110)
Track object 1 state Up decrement 20
Group name is "hsrp-Vl100-100" (default)
ASW01
DKARR-ASW02#sh mac address
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
All 0100.0ccc.cccc STATIC CPU
All 0100.0ccc.cccd STATIC CPU
All 0180.c200.0000 STATIC CPU
All 0180.c200.0001 STATIC CPU
All 0180.c200.0002 STATIC CPU
All 0180.c200.0003 STATIC CPU
All 0180.c200.0004 STATIC CPU
All 0180.c200.0005 STATIC CPU
All 0180.c200.0006 STATIC CPU
All 0180.c200.0007 STATIC CPU
All 0180.c200.0008 STATIC CPU
All 0180.c200.0009 STATIC CPU
All 0180.c200.000a STATIC CPU
All 0180.c200.000b STATIC CPU
All 0180.c200.000c STATIC CPU
All 0180.c200.000d STATIC CPU
All 0180.c200.000e STATIC CPU
All 0180.c200.000f STATIC CPU
All 0180.c200.0010 STATIC CPU
All 0180.c200.0021 STATIC CPU
All ffff.ffff.ffff STATIC CPU
1 6cdd.30ce.8b02 DYNAMIC Gi1/0/1
1 c064.e4d1.de02 DYNAMIC Gi1/0/2
2 0000.0c07.ac02 DYNAMIC Gi1/0/1
2 5c3e.06f4.1977 STATIC Vl2
2 c064.e4d1.de77 DYNAMIC Gi1/0/2
3 0000.0c07.ac03 DYNAMIC Gi1/0/1
3 5c3e.06f4.1967 STATIC Vl3
3 c064.e4d1.de67 DYNAMIC Gi1/0/2
4 0000.0c07.ac04 DYNAMIC Gi1/0/1
4 5c3e.06f4.1957 STATIC Vl4
4 c064.e4d1.de57 DYNAMIC Gi1/0/2
5 0000.0c07.ac05 DYNAMIC Gi1/0/1
5 5c3e.06f4.1947 STATIC Vl5
5 c064.e4d1.de47 DYNAMIC Gi1/0/2
6 0000.0c07.ac06 DYNAMIC Gi1/0/1
6 5c3e.06f4.1977 STATIC Vl6
6 c064.e4d1.de77 DYNAMIC Gi1/0/2
90 0000.0c07.ac5a DYNAMIC Gi1/0/2
90 000c.29ba.8c54 DYNAMIC Gi1/0/46
90 0050.5699.82c6 DYNAMIC Gi1/0/48
90 5c3e.06f4.1969 STATIC Vl90
90 6c3c.8c18.5510 DYNAMIC Gi1/0/46
90 6c3c.8c18.55d8 DYNAMIC Gi1/0/1
90 6cdd.30ce.8b69 DYNAMIC Gi1/0/1
90 c064.e4d1.de69 DYNAMIC Gi1/0/2
91 0000.0c07.ac5b DYNAMIC Gi1/0/2
91 5c3e.06f4.1959 STATIC Vl91
91 5c3e.06fe.09d9 DYNAMIC Gi1/0/1
91 6cdd.30ce.8b02 DYNAMIC Gi1/0/1
91 6cdd.30ce.8b59 DYNAMIC Gi1/0/1
91 c064.e4d1.de02 DYNAMIC Gi1/0/2
91 c064.e4d1.de59 DYNAMIC Gi1/0/2
100 0000.0c07.ac64 DYNAMIC Gi1/0/2
100 000c.2926.ee1b DYNAMIC Gi1/0/1
100 000c.295b.b5fd DYNAMIC Gi1/0/1
100 000c.29a9.116f DYNAMIC Gi1/0/1
100 000c.29d9.b135 DYNAMIC Gi1/0/48
100 0050.5699.f422 DYNAMIC Gi1/0/1
100 5c3e.06f4.1951 STATIC Vl100
100 6cdd.30ce.8b51 DYNAMIC Gi1/0/1
100 c064.e4d1.de51 DYNAMIC Gi1/0/2
999 5c3e.06f4.1943 STATIC Vl999
06-09-2023 02:10 PM
As i just saw i was missing a command after resetting all he switches "ip sla schedule 1 life forever start-time now"
this means that all the vlans was active on Core 1 but now when I entered the command VLAN 90,91,100 swaped over and I can no longer reach my servers (As they can't reach the gateway .254). But the active 253 is pingable.
I can also see that core 2 is able to ping the 254.
I'm sorry if I'm trying to create a setup that is just no possible...
CORE1
DKARR-CSW01#sh standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Vl2 2 110 P Active local 10.1.2.253 10.1.2.254
Vl3 3 110 P Active local 10.1.3.253 10.1.3.254
Vl4 4 110 P Active local 10.1.4.253 10.1.4.254
Vl5 5 110 P Active local 10.1.5.253 10.1.5.254
Vl6 6 110 P Active local 10.1.6.253 10.1.6.254
Vl60 60 100 Standby 192.168.0.253 local 192.168.0.254
Vl61 61 110 P Active local 192.168.1.253 192.168.1.254
Vl90 90 100 P Standby 10.1.90.253 local 10.1.90.254
Vl91 91 100 P Standby 10.1.91.253 local 10.1.91.254
Vl100 100 100 P Standby 10.1.100.253 local 10.1.100.254
DKARR-CSW01#ping 10.1.91.253
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.91.253, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
DKARR-CSW01#ping 10.1.91.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.91.254, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
DKARR-CSW01#show track
Track 1
IP SLA 1 reachability
Reachability is Up
2 changes, last change 00:14:06
Latest operation return code: OK
Latest RTT (millisecs) 6
Tracked by:
HSRP Vlan2 2
HSRP Vlan3 3
HSRP Vlan4 4
HSRP Vlan5 5
HSRP Vlan6 6
HSRP Vlan61 61
DKARR-CSW01#sh ip sla su
DKARR-CSW01#sh ip sla summary
IPSLAs Latest Operation Summary
Codes: * active, ^ inactive, ~ pending
All Stats are in milliseconds. Stats with u are in microseconds
ID Type Destination Stats Return Last
Code Run
-----------------------------------------------------------------------
*1 icmp-echo 8.8.8.8 RTT=6 OK 2 seconds ago
CORE2
DKARR-CSW02#sh standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Vl2 2 100 P Standby 10.1.2.252 local 10.1.2.254
Vl3 3 100 P Standby 10.1.3.252 local 10.1.3.254
Vl4 4 100 P Standby 10.1.4.252 local 10.1.4.254
Vl5 5 100 P Standby 10.1.5.252 local 10.1.5.254
Vl6 6 100 P Standby 10.1.6.252 local 10.1.6.254
Vl60 60 100 Active local 192.168.0.252 192.168.0.254
Vl61 61 100 P Standby 192.168.1.252 local 192.168.1.254
Vl90 90 110 P Active local 10.1.90.252 10.1.90.254
Vl91 91 110 P Active local 10.1.91.252 10.1.91.254
Vl100 100 110 P Active local 10.1.100.252 10.1.100.254
DKARR-CSW02#sh
DKARR-CSW02#show tr
DKARR-CSW02#show trac
DKARR-CSW02#show track
Track 1
IP SLA 1 reachability
Reachability is Up
2 changes, last change 00:21:24
Latest operation return code: OK
Latest RTT (millisecs) 6
Tracked by:
HSRP Vlan90 90
HSRP Vlan91 91
HSRP Vlan100 100
DKARR-CSW02#show ip sla
DKARR-CSW02#show ip sla su
DKARR-CSW02#show ip sla summary
IPSLAs Latest Operation Summary
Codes: * active, ^ inactive, ~ pending
All Stats are in milliseconds. Stats with u are in microseconds
ID Type Destination Stats Return Last
Code Run
-----------------------------------------------------------------------
*1 icmp-echo 8.8.8.8 RTT=6 OK 1 seconds ago
06-09-2023 12:34 PM
Hi
This happen for all vlans ? In which port of the access switch the device is connect ? I saw you have priority configured in one core but not in the other. You should have priority on both sides.
06-09-2023 12:38 PM
06-10-2023 07:34 AM
Hello
Your IPSLA is polling an ip address that looks like it can still be reachable via its MGT vlan even though SW1 uplink is lost.
You need to make sure this isnt the case, so when the SW1 primary upstream path is lost ipsla is also lost from SW1 perspective and isn't still reachable via SW2 and a simple local policy route should help.
access-list 100 permit icmp host 10.1.91.253 host 8.8.8.8 echo
route-map ipsla
match ip address 100
set ip next-hop x.x.x.x <ip address of upstream physical nexthop address>
set interface Null0
ip local policy route-map ipsla
06-10-2023 10:54 AM
Thanks for taking your time to look at my problem. Correct me if I’m wrong but if the uplink is cut from core 1 it doesn’t know any other routes to 8.8.8.8. There for it should not be reachable. This is also tested and the HSRP is swapping over. Just for some reason the VIPs on the swaped vlans is not reachable from any other the the active HSRP switch itself.
06-11-2023 06:49 AM
Core have many VLAN and each config with HSRP group
the cisco recommend to use load sharing by config HSRP group that it active is Core1 and other HSRP group it active is Core2
BUT
this I think is imposable with FW connect to Uplink
so I assume that all HSRP group active is Core1 which you config IP SLA on it,
here you config IP SLA under only one standby but other is not, so that why some is active and other is standby after IP SLA down (I will talk about this point later)
here we need to config one IP SLA and then make all HSRP group follow the group we config IP SLA under it (no need IP SLA under each group)
command need is
standby group-number follow group-name
NOW other issue is IP SLA, why we use track IP SLA with destination is 8.8.8.8 ? instead we can use IP SLA track destination to FW IP.
also we can add
ip route <FW IP> interface <connect Core to FW> permanent
this make L3SW always use this interface as egress for this traffic
NOTE:- try keep the link interconnect to Core SW as L3 not L2 link
06-12-2023 01:59 AM
When you say interconnect to core switch are you talking about the link between the to core switches. And why should this be l3? Because of stop?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide