cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1039
Views
4
Helpful
12
Replies

Intervlan routing with HSRP and IP sla

fred726i
Level 1
Level 1

Hi all

Hope you'll be able to help

We have 2 core switches and 2 access switches and 1 firewall

TopologyTopology

The core switches have HSRP Configured on all vlans where core 1 is is active for 2,3,4,5,6 and core 2 is active for vlan 90,21,100.

the vlans are also configurd with a IPsla the is pinging 8.8.8.8 so that if one of the links to firewall goes down the core with a active link to the firewall becomes the active HSRP for all vlans.

 

However when we test this by disconnecting one of links to the firewall we can see that the HSRP swaps over. BUT the vlans that swaps over virtual IP is not pingable but both vlan interfaces are. Please don't mind vlan 60 and 61

 

If you have any suggestions they are much apricated!

 

the script that is used for core 1

hostname DKARR-CSW01

!

banner motd '*******************************************************************************

*******************************************************************************

*******************************************************************************

*****                                                                     *****

*****                                                                     *****

*****                        Electrotech Solutions                        *****

*****                                                                     *****

*****     Maa kun anvendes til formaal godkendt af ETS IT administration  *****

*****     Uautoriseret adgang forbudt                                     *****

*****                                                                     *****

*****     May only be used for purposes authorized by ETS IT management   *****

*****     Unauthorized access prohibited                                  *****

*****                                                                     *****

*****                                                                     *****

*****                                                                     *****

*******************************************************************************

*******************************************************************************

*******************************************************************************'

!

ip routing

ip domain name ets.local

crypto key generate rsa modulus 2048

ip ssh ver 2

line vty 0 4  

access-class SSH-ACCESS in

transport input ssh 

login local

line vty 5 15

access-class SSH-ACCESS in

transport input ssh 

login local

exit

!

ip access-list standard SSH-ACCESS

permit 10.1.6.0 0.0.0.255

permit 10.1.90.0 0.0.0.255

!

vlan 2

vlan 3

vlan 4

vlan 5

vlan 6

vlan 60

vlan 61

vlan 90

vlan 91

vlan 999

!

interface vlan 999

 description BLACKHOLE

 no shutdown

!

interface range gig1/0/23-24

 description Uplink- port-channel 1

 channel-group 1 mode active!

!

interface Port-channel1

 description Uplink-CSW02

 switchport trunk native vlan 91

 switchport mode trunk

!

interface vlan 2

 description Accounting

 ip address 10.1.2.252 255.255.255.0

 ip helper-address 10.1.100.1

 ip helper-address 10.1.100.2

 standby 2 ip 10.1.2.254

 standby 2 priority 110

 standby 2 preempt

 standby 2 track 1 decrement 20 

!

interface vlan 3

 description Sales

 ip address 10.1.3.252 255.255.255.0

 ip helper-address 10.1.100.1

 ip helper-address 10.1.100.2

 standby 3 ip 10.1.3.254

 standby 3 priority 110

 standby 3 preempt

 standby 3 track 1 decrement 20

!

interface vlan 4

 description Administration

 ip address 10.1.4.252 255.255.255.0

 ip helper-address 10.1.100.1

 ip helper-address 10.1.100.2

 standby 4 ip 10.1.4.254

 standby 4 priority 110

 standby 4 preempt

 standby 4 track 1 decrement 20

!

interface vlan 5 

 description WiFi-Client

 ip address 10.1.5.252 255.255.255.0

 ip helper-address 10.1.100.1

 ip helper-address 10.1.100.2

 standby 5 ip 10.1.5.254

 standby 5 priority 110

 standby 5 preempt

 standby 5 track 1 decrement 20

!

interface vlan 6

 description IT

 ip address 10.1.6.252 255.255.255.0

 ip helper-address 10.1.100.1

 ip helper-address 10.1.100.2

 standby 6 ip 10.1.6.254

 standby 6 priority 110

 standby 6 preempt

 standby 6 track 1 decrement 20

!

interface vlan 90

 description Server-Management

 ip address 10.1.90.252 255.255.255.0

 ip helper-address 10.1.100.1

 ip helper-address 10.1.100.2

 standby 90 ip 10.1.90.254

standby 90 preempt

 

!

interface vlan 91

 description Network-Management

 ip address 10.1.91.252 255.255.255.0

 ip helper-address 10.1.100.1

 ip helper-address 10.1.100.2

 standby 91 ip 10.1.91.254

Standby 91 preempt

!

interface vlan 100

 description Server

 ip address 10.1.100.252 255.255.255.0

 ip helper-address 10.1.100.1

 ip helper-address 10.1.100.2

 standby 100 ip 10.1.100.254

 standby 100 preempt

!

interface vlan 60

 description DMZ

 ip address 192.168.0.252 255.255.255.0

 standby 60 ip 192.168.0.254

!

interface vlan 61

 description WiFi-Guset

 ip address 192.168.1.252 255.255.255.0

 ip helper-address 10.1.100.1

 ip helper-address 10.1.100.2

 ip access-group GuestWifi in

 standby 61 ip 192.168.1.254

 standby 61 priority 110

 standby 61 preempt

 standby 61 track 1 decrement 20

!

interface gig1/0/3

 description group-channel2

 channel-group 2 mode active

 no switchport 

 no shutdown

!

interface gig1/0/4

description group-channel2

 channel-group 2 mode active

 no switchport 

 no shutdown

!

interface port-channel 2

 description Uplink-Fw

 no switchport

 ip address 172.21.1.2 255.255.255.252

 no shutdown 

!

interface gig1/0/1

 description Uplink->DKAAR-ASW01

 switchport mode trunk 

 switchport trunk native vlan 91

 no shutdown

!

interface gig1/0/2

 description Uplink->DKAAR-ASW02

 switchport mode trunk 

 switchport trunk native vlan 91

 no shutdown

!

router ospf 1

 redistribute connected

 network 172.21.1.0 0.0.0.3 area 0

!

interface range gig1/0/5-22

 description Disabled-Port

 switchport access vlan 999

 switchport mode access

 shutdown

ip sla 1 

 icmp-echo 8.8.8.8 source-ip 10.1.91.252

 frequency 5

 exit

!

ip sla schedule 1 life forever start-time now

track 1 ip sla 1 reachability

the script that is used for core 2

en

conf t

hostname DKARR-CSW02

!

banner motd '*******************************************************************************

*******************************************************************************

*******************************************************************************

*****                                                                     *****

*****                                                                     *****

*****                        Electrotech Solutions                        *****

*****                                                                     *****

*****     Maa kun anvendes til formaal godkendt af ETS IT administration  *****

*****     Uautoriseret adgang forbudt                                     *****

*****                                                                     *****

*****     May only be used for purposes authorized by ETS IT management   *****

*****     Unauthorized access prohibited                                  *****

*****                                                                     *****

*****                                                                     *****

*****                                                                     *****

*******************************************************************************

*******************************************************************************

*******************************************************************************'

!

ip routing

ip domain name ets.local

crypto key generate rsa modulus 2048

ip ssh ver 2

line vty 0 4  

access-class SSH-ACCESS in

transport input ssh 

login local

line vty 5 15

access-class SSH-ACCESS in

transport input ssh 

login local

exit

!

ip access-list standard SSH-ACCESS

permit 10.1.6.0 0.0.0.255

permit 10.1.90.0 0.0.0.255

!

vlan 2

vlan 3

vlan 4

vlan 5

vlan 6

vlan 60

vlan 61

vlan 90

vlan 91

vlan 999

!

interface vlan 999

 description BLACKHOLE

 no shutdown

!

interface range gig1/0/23-24

 description Uplink- port-channel 1

 channel-group 1 mode active

!

interface Port-channel1

 description Uplink-CSW01

 switchport trunk native vlan 91

 switchport mode trunk

!

interface vlan 2

 description Accounting

 ip address 10.1.2.253 255.255.255.0

 ip helper-address 10.1.100.1

 ip helper-address 10.1.100.2

 standby 2 ip 10.1.2.254

 standby 2 preempt

!

interface vlan 3

 description Sales

 ip address 10.1.3.253 255.255.255.0

 ip helper-address 10.1.100.1

 ip helper-address 10.1.100.2

 standby 3 ip 10.1.3.254

 standby 3 preempt

!

interface vlan 4

 description Administration

 ip address 10.1.4.253 255.255.255.0

 ip helper-address 10.1.100.1

 ip helper-address 10.1.100.2

 standby 4 ip 10.1.4.254

 standby 4 preempt

!

interface vlan 5 

 description WiFi-Client

 ip address 10.1.5.253 255.255.255.0

 ip helper-address 10.1.100.1

 ip helper-address 10.1.100.2

 standby 5 ip 10.1.5.254

 standby 5 preempt

!

interface vlan 6

 description IT

 ip address 10.1.6.253 255.255.255.0

 ip helper-address 10.1.100.1

 ip helper-address 10.1.100.2

 standby 6 ip 10.1.6.254

 standby 6 preempt

!

interface vlan 90

 description Server-Management

 ip address 10.1.90.253 255.255.255.0

 ip helper-address 10.1.100.1

 ip helper-address 10.1.100.2

 standby 90 ip 10.1.90.254

 standby 90 priority 110

 standby 90 preempt

 standby 90 track 1 decrement 20

!

interface vlan 91

 description Network-Management

 ip address 10.1.91.253 255.255.255.0

 ip helper-address 10.1.100.1

 ip helper-address 10.1.100.2

 standby 91 ip 10.1.91.254

 standby 91 priority 110

 standby 91 preempt

 standby 91 track 1 decrement 20

!

interface vlan 100

 description Server

 ip address 10.1.100.253 255.255.255.0

 ip helper-address 10.1.100.1

 ip helper-address 10.1.100.2

 standby 100 ip 10.1.100.254

 standby 100 priority 110

 standby 100 preempt

 standby 100 track 1 decrement 20

!

interface vlan 60

 description DMZ

 ip address 192.168.0.253 255.255.255.0

 standby 60 ip 192.168.0.254

!

interface vlan 61

 description WiFi-Guset

 ip address 192.168.1.253 255.255.255.0

 ip helper-address 10.1.100.1

 ip helper-address 10.1.100.2

 ip access-group GuestWifi in

 standby 61 ip 192.168.1.254

 standby 61 preempt

!

interface gig1/0/3

 no switchport 

 description port-channel2

 channel-group 2 mode active

!

interface gig1/0/4

 no switchport

 description port-channel2

 channel-group 2 mode active

!

interface port-channel 2

 description Uplink-Fw   

 no switchport

 ip address 172.21.1.6 255.255.255.252

 no shutdown 

!

interface gig1/0/1

 description Uplink->DKAAR-ASW01

 switchport mode trunk 

 switchport trunk native vlan 91

 no shutdown

!

interface gig1/0/2

 description Uplink->DKAAR-ASW02

 switchport mode trunk 

 switchport trunk native vlan 91

 no shutdown

!

router ospf 1

 redistribute connected

 network 172.21.1.4 0.0.0.3 area 0

!

interface range gig1/0/5-22

 description Disabled-Port

 switchport access vlan 999

 switchport mode access

 shutdown

ip sla 1 

 icmp-echo 8.8.8.8 source-ip 10.1.91.253

 frequency 5

 exit

!

ip sla schedule 1 life forever start-time now

track 1 ip sla 1 reachability

the script that is used for access 1

en

conf t

hostname DKARR-ASW01

!

banner motd '*******************************************************************************

*******************************************************************************

*******************************************************************************

*****                                                                     *****

*****                                                                     *****

*****                        Electrotech Solutions                        *****

*****                                                                     *****

*****     Maa kun anvendes til formaal godkendt af ETS IT administration  *****

*****     Uautoriseret adgang forbudt                                     *****

*****                                                                     *****

*****     May only be used for purposes authorized by ETS IT management   *****

*****     Unauthorized access prohibited                                  *****

*****                                                                     *****

*****                                                                     *****

*****                                                                     *****

*******************************************************************************

*******************************************************************************

*******************************************************************************'

!

ip domain name ets.local

crypto key generate rsa modulus 2048

ip ssh ver 2

line vty 0 4  

access-class SSH-ACCESS in

transport input ssh

login local

line vty 5 15

access-class SSH-ACCESS in

transport input ssh 

login local

exit

!

vlan 2

vlan 3

vlan 4

vlan 5

vlan 6

vlan 90

vlan 91

vlan 999

!

interface vlan 999

 description BLACK-HOLE

!

interface vlan 2

 description Accounting

!

interface vlan 3

 description Sales

!

interface vlan 4

 description Administration

!

interface vlan 5

 description WiFi-Client

!

interface vlan 6

 description IT

!

interface vlan 90

 description Server-Managemnet

!

Interface vlan 91

 description Network-Managemnet

 ip address 10.1.91.1 255.255.255.0

!

interface vlan 100

 description Server

 exit

!

 ip default-gateway 10.1.91.254

!

ip access-list standard SSH-ACCESS

 permit 10.1.6.0 0.0.0.255

 permit 10.1.90.0 0.0.0.255

!

interface GigabitEthernet1/0/1

 description Uplink->CSW01

 switchport mode trunk

 switchport trunk native vlan 91

 no shutdown

!

interface GigabitEthernet1/0/2

 description Uplink->CSW02

 switchport mode trunk

 switchport trunk native vlan 91

no shutdown

!

interface range gigabitEthernet1/0/3-6

 switchport mode access

 switchport access vlan 6

 spanning-tree portfast

!

interface range gigabitEthernet1/0/7-8

 switchport mode access

 switchport access vlan 90

 spanning-tree portfast

!

interface range gigabitEthernet1/0/9-12

 switchport mode access

 switchport access vlan 100

 spanning-tree portfast

!

interface range gigabitEthernet1/0/13-45

 description Disabled-Port

 switchport access vlan 999

 switchport mode access

 switchport port-security maximum 5

 switchport port-security

 switchport port-security violation restrict

 shutdown

 spanning-tree portfast

 spanning-tree bpduguard enable

!

interface GigabitEthernet1/0/46

 description MGMT to ETS-HV01 port 0

 switchport access vlan 90

 switchport mode access

 spanning-tree portfast

 spanning-tree bpduguard enable

!

interface GigabitEthernet1/0/47

 description Uplink to ETS-HV02 port 2

 switchport mode trunk

 no shutdown

!

interface GigabitEthernet1/0/48

 description Uplink to ETS-HV01 port 1

 switchport mode trunk

 no shutdown

the script that is used for access 2

en

conf t

hostname DKARR-ASW02

!

banner motd '*******************************************************************************

*******************************************************************************

*******************************************************************************

*****                                                                     *****

*****                                                                     *****

*****                        Electrotech Solutions                        *****

*****                                                                     *****

*****     Maa kun anvendes til formaal godkendt af ETS IT administration  *****

*****     Uautoriseret adgang forbudt                                     *****

*****                                                                     *****

*****     May only be used for purposes authorized by ETS IT management   *****

*****     Unauthorized access prohibited                                  *****

*****                                                                     *****

*****                                                                     *****

*****                                                                     *****

*******************************************************************************

*******************************************************************************

*******************************************************************************'

!

ip domain name ets.local

crypto key generate rsa modulus 2048

ip ssh ver 2

line vty 0 4  

access-class SSH-ACCESS in

transport input ssh 

login local

line vty 5 15

access-class SSH-ACCESS in

transport input ssh 

login local

exit

!

vlan 2

vlan 3

vlan 4

vlan 5

vlan 6

vlan 90

vlan 91

vlan 999

!

interface vlan 999

 description BLACK-HOLE

!

interface vlan 2

 description Accounting

!

interface vlan 3

 description Sales

!

interface vlan 4

 description Administration

!

interface vlan 5

 description WiFi-Client

!

interface vlan 6

 description IT

!

interface vlan 90

 description Server-Managemnet

!

interface vlan 91

 description Network-Managemnet

 ip address 10.1.91.2 255.255.255.0

!

interface vlan 100

 description Server

 exit

!

ip default-gateway 10.1.91.254

!

ip access-list standard SSH-ACCESS

 permit 10.1.6.0 0.0.0.255

 permit 10.1.90.0 0.0.0.255

!

interface GigabitEthernet1/0/1

 description Uplink->CSW01

 switchport mode trunk

 switchport trunk native vlan 91

!

interface GigabitEthernet1/0/2

 description Uplink->CSW02

 switchport mode trunk

 switchport trunk native vlan 91

!

interface range gigabitEthernet1/0/3-6

 switchport mode access

 switchport access vlan 6

 spanning-tree portfast

!

interface range gigabitEthernet1/0/7-8

 switchport mode access

 switchport access vlan 90

 spanning-tree portfast

!

interface range gigabitEthernet1/0/9-12

 switchport mode access

 switchport access vlan 100

 spanning-tree portfast

!

interface range gigabitEthernet1/0/13-45

 description Disabled-Port

 switchport access vlan 999

 switchport mode access

 switchport port-security maximum 5

 switchport port-security

 switchport port-security violation restrict

 shutdown

 spanning-tree portfast

 spanning-tree bpduguard enable

!

interface GigabitEthernet1/0/46

 description MGMT to ETS-HV02 port 0

 switchport access vlan 90

 switchport mode access

 ip arp inspection trust

 ip dhcp snooping trust

 spanning-tree portfast

 spanning-tree bpduguard enable

!

interface GigabitEthernet1/0/47

 description Uplink to ETS-HV01 port 2

 switchport mode trunk

 no shutdown

!

interface GigabitEthernet1/0/48

 description Uplink to ETS-HV02 port 1

 switchport mode trunk

 no shutdown

12 Replies 12

can you share show track and show ip sla summary when you do test of failover ?

I’ll try and access it remotely and see if I can get the outputs. Thanks

check this point 

 

2023-06-09 20_53_49-Visio Professional.png

I'll replay with the above info after this one.

I posted something that is now gone...

So i'll try and merge it together. After i reset all the switches i was missing the "ip sla schedule 1 life forever start-time now" therefore CORE 1 was active on all vlans. now when i entered the command. CORE 2 became active for 90,91 and 100 and I lost connection to the servers. the werid thing is that form core 1 i can ping 253 but not the VIP 254. but from Core 2 i can ping the VIP 254. I know for a fact the servers can't reach 254 either otherwise I would be able to see them online.

I don't know if i'm trying to do something impossible here if so please tell.

DKARR-CSW01#sh standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Vl2 2 110 P Active local 10.1.2.253 10.1.2.254
Vl3 3 110 P Active local 10.1.3.253 10.1.3.254
Vl4 4 110 P Active local 10.1.4.253 10.1.4.254
Vl5 5 110 P Active local 10.1.5.253 10.1.5.254
Vl6 6 110 P Active local 10.1.6.253 10.1.6.254
Vl60 60 100 Standby 192.168.0.253 local 192.168.0.254
Vl61 61 110 P Active local 192.168.1.253 192.168.1.254
Vl90 90 100 P Standby 10.1.90.253 local 10.1.90.254
Vl91 91 100 P Standby 10.1.91.253 local 10.1.91.254
Vl100 100 100 P Standby 10.1.100.253 local 10.1.100.254
DKARR-CSW01#ping 10.1.91.253
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.91.253, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
DKARR-CSW01#ping 10.1.91.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.91.254, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
DKARR-CSW01#show track
Track 1
IP SLA 1 reachability
Reachability is Up
2 changes, last change 00:14:06
Latest operation return code: OK
Latest RTT (millisecs) 6
Tracked by:
HSRP Vlan2 2
HSRP Vlan3 3
HSRP Vlan4 4
HSRP Vlan5 5
HSRP Vlan6 6
HSRP Vlan61 61
DKARR-CSW01#sh ip sla su
DKARR-CSW01#sh ip sla summary
IPSLAs Latest Operation Summary
Codes: * active, ^ inactive, ~ pending
All Stats are in milliseconds. Stats with u are in microseconds

ID Type Destination Stats Return Last
Code Run
-----------------------------------------------------------------------
*1 icmp-echo 8.8.8.8 RTT=6 OK 2 seconds ago

 

DKARR-CSW02#sh standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Vl2 2 100 P Standby 10.1.2.252 local 10.1.2.254
Vl3 3 100 P Standby 10.1.3.252 local 10.1.3.254
Vl4 4 100 P Standby 10.1.4.252 local 10.1.4.254
Vl5 5 100 P Standby 10.1.5.252 local 10.1.5.254
Vl6 6 100 P Standby 10.1.6.252 local 10.1.6.254
Vl60 60 100 Active local 192.168.0.252 192.168.0.254
Vl61 61 100 P Standby 192.168.1.252 local 192.168.1.254
Vl90 90 110 P Active local 10.1.90.252 10.1.90.254
Vl91 91 110 P Active local 10.1.91.252 10.1.91.254
Vl100 100 110 P Active local 10.1.100.252 10.1.100.254
DKARR-CSW02#sh
DKARR-CSW02#show tr
DKARR-CSW02#show trac
DKARR-CSW02#show track
Track 1
IP SLA 1 reachability
Reachability is Up
2 changes, last change 00:21:24
Latest operation return code: OK
Latest RTT (millisecs) 6
Tracked by:
HSRP Vlan90 90
HSRP Vlan91 91
HSRP Vlan100 100
DKARR-CSW02#show ip sla
DKARR-CSW02#show ip sla su
DKARR-CSW02#show ip sla summary
IPSLAs Latest Operation Summary
Codes: * active, ^ inactive, ~ pending
All Stats are in milliseconds. Stats with u are in microseconds

ID Type Destination Stats Return Last
Code Run
-----------------------------------------------------------------------
*1 icmp-echo 8.8.8.8 RTT=6 OK 1 seconds ago

 

 

Yes it is a layer 2 link on a port channel

CORE 2
STP
VLAN0091
Spanning tree enabled protocol rstp
Root ID Priority 32859
Address 5c3e.06f4.1900
Cost 4
Port 2 (GigabitEthernet1/0/2)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32859 (priority 32768 sys-id-ext 91)
Address c064.e4d1.de00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec

Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi1/0/1 Desg FWD 4 128.1 P2p
Gi1/0/2 Root FWD 4 128.2 P2p
Po1 Altn BLK 3 128.2281 P2p

 

CORE 1
DKARR-CSW01#sh standby
Vlan2 - Group 2
State is Active
2 state changes, last state change 00:53:13
Virtual IP address is 10.1.2.254
Active virtual MAC address is 0000.0c07.ac02 (MAC In Use)
Local virtual MAC address is 0000.0c07.ac02 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.224 secs
Preemption enabled
Active router is local
Standby router is 10.1.2.253, priority 100 (expires in 9.152 sec)
Priority 110 (configured 110)
Track object 1 state Up decrement 20
Group name is "hsrp-Vl2-2" (default)
FLAGS: 0/1
Vlan3 - Group 3
State is Active
2 state changes, last state change 00:53:15
Virtual IP address is 10.1.3.254
Active virtual MAC address is 0000.0c07.ac03 (MAC In Use)
Local virtual MAC address is 0000.0c07.ac03 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.152 secs
Preemption enabled
Active router is local
Standby router is 10.1.3.253, priority 100 (expires in 9.056 sec)
Priority 110 (configured 110)
Track object 1 state Up decrement 20
Group name is "hsrp-Vl3-3" (default)
FLAGS: 0/1
Vlan4 - Group 4
State is Active
2 state changes, last state change 00:53:15
Virtual IP address is 10.1.4.254
Active virtual MAC address is 0000.0c07.ac04 (MAC In Use)
Local virtual MAC address is 0000.0c07.ac04 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.920 secs
Preemption enabled
Active router is local
Standby router is 10.1.4.253, priority 100 (expires in 10.208 sec)
Priority 110 (configured 110)
Track object 1 state Up decrement 20
Group name is "hsrp-Vl4-4" (default)
FLAGS: 0/1
Vlan5 - Group 5
State is Active
2 state changes, last state change 00:53:15
Virtual IP address is 10.1.5.254
Active virtual MAC address is 0000.0c07.ac05 (MAC In Use)
Local virtual MAC address is 0000.0c07.ac05 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.736 secs
Preemption enabled
Active router is local
Standby router is 10.1.5.253, priority 100 (expires in 8.512 sec)
Priority 110 (configured 110)
Track object 1 state Up decrement 20
Group name is "hsrp-Vl5-5" (default)
FLAGS: 0/1
Vlan6 - Group 6
State is Active
2 state changes, last state change 00:53:14
Virtual IP address is 10.1.6.254
Active virtual MAC address is 0000.0c07.ac06 (MAC In Use)
Local virtual MAC address is 0000.0c07.ac06 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.360 secs
Preemption enabled
Active router is local
Standby router is 10.1.6.253, priority 100 (expires in 10.336 sec)
Priority 110 (configured 110)
Track object 1 state Up decrement 20
Group name is "hsrp-Vl6-6" (default)
FLAGS: 0/1
Vlan60 - Group 60
State is Standby
1 state change, last state change 00:53:50
Virtual IP address is 192.168.0.254
Active virtual MAC address is 0000.0c07.ac3c (MAC Not In Use)
Local virtual MAC address is 0000.0c07.ac3c (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.552 secs
Preemption disabled
Active router is 192.168.0.253, priority 100 (expires in 8.496 sec)
Standby router is local
Priority 100 (default 100)
Group name is "hsrp-Vl60-60" (default)
FLAGS: 0/1
Vlan61 - Group 61
State is Active
2 state changes, last state change 00:53:12
Virtual IP address is 192.168.1.254
Active virtual MAC address is 0000.0c07.ac3d (MAC In Use)
Local virtual MAC address is 0000.0c07.ac3d (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.080 secs
Preemption enabled
Active router is local
Standby router is 192.168.1.253, priority 100 (expires in 10.272 sec)
Priority 110 (configured 110)
Track object 1 state Up decrement 20
Group name is "hsrp-Vl61-61" (default)
FLAGS: 0/1
Vlan90 - Group 90
State is Standby
3 state changes, last state change 00:50:27
Virtual IP address is 10.1.90.254
Active virtual MAC address is 0000.0c07.ac5a (MAC Not In Use)
Local virtual MAC address is 0000.0c07.ac5a (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.216 secs
Preemption enabled
Active router is 10.1.90.253, priority 110 (expires in 8.704 sec)
Standby router is local
Priority 100 (default 100)
Group name is "hsrp-Vl90-90" (default)
FLAGS: 0/1
Vlan91 - Group 91
State is Standby
3 state changes, last state change 00:50:28
Virtual IP address is 10.1.91.254
Active virtual MAC address is 0000.0c07.ac5b (MAC Not In Use)
Local virtual MAC address is 0000.0c07.ac5b (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 2.560 secs
Preemption enabled
Active router is 10.1.91.253, priority 110 (expires in 9.888 sec)
Standby router is local
Priority 100 (default 100)
Group name is "hsrp-Vl91-91" (default)
FLAGS: 0/1
Vlan100 - Group 100
State is Standby
3 state changes, last state change 00:50:28
Virtual IP address is 10.1.100.254
Active virtual MAC address is 0000.0c07.ac64 (MAC Not In Use)
Local virtual MAC address is 0000.0c07.ac64 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.512 secs
Preemption enabled
Active router is 10.1.100.253, priority 110 (expires in 10.528 sec)
Standby router is local
Priority 100 (default 100)
Group name is "hsrp-Vl100-100" (default)
FLAGS: 0/1

ASW01

DKARR-ASW01#show mac address
Mac Address Table
-------------------------------------------

Vlan Mac Address Type Ports
---- ----------- -------- -----
All 0100.0ccc.cccc STATIC CPU
All 0100.0ccc.cccd STATIC CPU
All 0180.c200.0000 STATIC CPU
All 0180.c200.0001 STATIC CPU
All 0180.c200.0002 STATIC CPU
All 0180.c200.0003 STATIC CPU
All 0180.c200.0004 STATIC CPU
All 0180.c200.0005 STATIC CPU
All 0180.c200.0006 STATIC CPU
All 0180.c200.0007 STATIC CPU
All 0180.c200.0008 STATIC CPU
All 0180.c200.0009 STATIC CPU
All 0180.c200.000a STATIC CPU
All 0180.c200.000b STATIC CPU
All 0180.c200.000c STATIC CPU
All 0180.c200.000d STATIC CPU
All 0180.c200.000e STATIC CPU
All 0180.c200.000f STATIC CPU
All 0180.c200.0010 STATIC CPU
All 0180.c200.0021 STATIC CPU
All ffff.ffff.ffff STATIC CPU
1 6cdd.30ce.8b01 DYNAMIC Gi1/0/1
2 0000.0c07.ac02 DYNAMIC Gi1/0/1
2 5c3e.06fe.09f7 STATIC Vl2
2 6cdd.30ce.8b01 DYNAMIC Gi1/0/1
2 c064.e4d1.de77 DYNAMIC Gi1/0/1
3 0000.0c07.ac03 DYNAMIC Gi1/0/1
3 5c3e.06fe.09e7 STATIC Vl3
3 6cdd.30ce.8b01 DYNAMIC Gi1/0/1
3 c064.e4d1.de67 DYNAMIC Gi1/0/1
4 0000.0c07.ac04 DYNAMIC Gi1/0/1
4 5c3e.06fe.09d7 STATIC Vl4
4 6cdd.30ce.8b01 DYNAMIC Gi1/0/1
4 c064.e4d1.de57 DYNAMIC Gi1/0/1
5 0000.0c07.ac05 DYNAMIC Gi1/0/1
5 5c3e.06fe.09c7 STATIC Vl5
5 6cdd.30ce.8b01 DYNAMIC Gi1/0/1
5 c064.e4d1.de47 DYNAMIC Gi1/0/1
6 0000.0c07.ac06 DYNAMIC Gi1/0/1
6 5c3e.06fe.09f7 STATIC Vl6
6 6cdd.30ce.8b01 DYNAMIC Gi1/0/1
6 c064.e4d1.de77 DYNAMIC Gi1/0/1
90 0000.0c07.ac5a DYNAMIC Gi1/0/1
90 000c.29ba.8c54 DYNAMIC Gi1/0/1
90 0050.5699.82c6 DYNAMIC Gi1/0/1
90 5c3e.06fe.09e9 STATIC Vl90
90 6c3c.8c18.5510 DYNAMIC Gi1/0/1
90 6c3c.8c18.55d8 DYNAMIC Gi1/0/46
90 6cdd.30ce.8b01 DYNAMIC Gi1/0/1
90 6cdd.30ce.8b69 DYNAMIC Gi1/0/1
90 c064.e4d1.de69 DYNAMIC Gi1/0/1
91 0000.0c07.ac5b DYNAMIC Gi1/0/1
91 5c3e.06fe.09d9 STATIC Vl91
91 6cdd.30ce.8b01 DYNAMIC Gi1/0/1
91 6cdd.30ce.8b59 DYNAMIC Gi1/0/1
91 c064.e4d1.de59 DYNAMIC Gi1/0/1
100 0000.0c07.ac64 DYNAMIC Gi1/0/1
100 000c.2926.ee1b DYNAMIC Gi1/0/48
100 000c.295b.b5fd DYNAMIC Gi1/0/48
100 000c.29a9.116f DYNAMIC Gi1/0/48
100 000c.29d9.b135 DYNAMIC Gi1/0/1
100 0050.5699.f422 DYNAMIC Gi1/0/48
100 5c3e.06fe.09d1 STATIC Vl100
100 6cdd.30ce.8b01 DYNAMIC Gi1/0/1
100 6cdd.30ce.8b51 DYNAMIC Gi1/0/1
100 c064.e4d1.de51 DYNAMIC Gi1/0/1
999 5c3e.06fe.09c3 STATIC Vl999
999 6cdd.30ce.8b01 DYNAMIC Gi1/0/1

CORE 2
DKARR-CSW02#sh standby
Vlan2 - Group 2
State is Standby
4 state changes, last state change 00:59:27
Virtual IP address is 10.1.2.254
Active virtual MAC address is 0000.0c07.ac02 (MAC Not In Use)
Local virtual MAC address is 0000.0c07.ac02 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.624 secs
Preemption enabled
Active router is 10.1.2.252, priority 110 (expires in 9.600 sec)
Standby router is local
Priority 100 (default 100)
Group name is "hsrp-Vl2-2" (default)
Vlan3 - Group 3
State is Standby
4 state changes, last state change 00:59:27
Virtual IP address is 10.1.3.254
Active virtual MAC address is 0000.0c07.ac03 (MAC Not In Use)
Local virtual MAC address is 0000.0c07.ac03 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.784 secs
Preemption enabled
Active router is 10.1.3.252, priority 110 (expires in 9.552 sec)
Standby router is local
Priority 100 (default 100)
Group name is "hsrp-Vl3-3" (default)
Vlan4 - Group 4
State is Standby
4 state changes, last state change 00:59:27
Virtual IP address is 10.1.4.254
Active virtual MAC address is 0000.0c07.ac04 (MAC Not In Use)
Local virtual MAC address is 0000.0c07.ac04 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.848 secs
Preemption enabled
Active router is 10.1.4.252, priority 110 (expires in 10.016 sec)
Standby router is local
Priority 100 (default 100)
Group name is "hsrp-Vl4-4" (default)
Vlan5 - Group 5
State is Standby
4 state changes, last state change 00:59:27
Virtual IP address is 10.1.5.254
Active virtual MAC address is 0000.0c07.ac05 (MAC Not In Use)
Local virtual MAC address is 0000.0c07.ac05 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 2.384 secs
Preemption enabled
Active router is 10.1.5.252, priority 110 (expires in 10.112 sec)
Standby router is local
Priority 100 (default 100)
Group name is "hsrp-Vl5-5" (default)
Vlan6 - Group 6
State is Standby
4 state changes, last state change 00:59:28
Virtual IP address is 10.1.6.254
Active virtual MAC address is 0000.0c07.ac06 (MAC Not In Use)
Local virtual MAC address is 0000.0c07.ac06 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.648 secs
Preemption enabled
Active router is 10.1.6.252, priority 110 (expires in 8.416 sec)
Standby router is local
Priority 100 (default 100)
Group name is "hsrp-Vl6-6" (default)
Vlan60 - Group 60
State is Active
2 state changes, last state change 01:03:42
Virtual IP address is 192.168.0.254
Active virtual MAC address is 0000.0c07.ac3c (MAC In Use)
Local virtual MAC address is 0000.0c07.ac3c (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.640 secs
Preemption disabled
Active router is local
Standby router is 192.168.0.252, priority 100 (expires in 9.872 sec)
Priority 100 (default 100)
Group name is "hsrp-Vl60-60" (default)
Vlan61 - Group 61
State is Standby
4 state changes, last state change 00:59:24
Virtual IP address is 192.168.1.254
Active virtual MAC address is 0000.0c07.ac3d (MAC Not In Use)
Local virtual MAC address is 0000.0c07.ac3d (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.328 secs
Preemption enabled
Active router is 192.168.1.252, priority 110 (expires in 7.840 sec)
Standby router is local
Priority 100 (default 100)
Group name is "hsrp-Vl61-61" (default)
Vlan90 - Group 90
State is Active
5 state changes, last state change 00:57:02
Virtual IP address is 10.1.90.254
Active virtual MAC address is 0000.0c07.ac5a (MAC In Use)
Local virtual MAC address is 0000.0c07.ac5a (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 2.288 secs
Preemption enabled
Active router is local
Standby router is 10.1.90.252, priority 100 (expires in 8.464 sec)
Priority 110 (configured 110)
Track object 1 state Up decrement 20
Group name is "hsrp-Vl90-90" (default)
Vlan91 - Group 91
State is Active
5 state changes, last state change 00:57:03
Virtual IP address is 10.1.91.254
Active virtual MAC address is 0000.0c07.ac5b (MAC In Use)
Local virtual MAC address is 0000.0c07.ac5b (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.880 secs
Preemption enabled
Active router is local
Standby router is 10.1.91.252, priority 100 (expires in 9.696 sec)
Priority 110 (configured 110)
Track object 1 state Up decrement 20
Group name is "hsrp-Vl91-91" (default)
Vlan100 - Group 100
State is Active
5 state changes, last state change 00:57:03
Virtual IP address is 10.1.100.254
Active virtual MAC address is 0000.0c07.ac64 (MAC In Use)
Local virtual MAC address is 0000.0c07.ac64 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 2.896 secs
Preemption enabled
Active router is local
Standby router is 10.1.100.252, priority 100 (expires in 9.936 sec)
Priority 110 (configured 110)
Track object 1 state Up decrement 20
Group name is "hsrp-Vl100-100" (default)

ASW01
DKARR-ASW02#sh mac address
Mac Address Table
-------------------------------------------

Vlan Mac Address Type Ports
---- ----------- -------- -----
All 0100.0ccc.cccc STATIC CPU
All 0100.0ccc.cccd STATIC CPU
All 0180.c200.0000 STATIC CPU
All 0180.c200.0001 STATIC CPU
All 0180.c200.0002 STATIC CPU
All 0180.c200.0003 STATIC CPU
All 0180.c200.0004 STATIC CPU
All 0180.c200.0005 STATIC CPU
All 0180.c200.0006 STATIC CPU
All 0180.c200.0007 STATIC CPU
All 0180.c200.0008 STATIC CPU
All 0180.c200.0009 STATIC CPU
All 0180.c200.000a STATIC CPU
All 0180.c200.000b STATIC CPU
All 0180.c200.000c STATIC CPU
All 0180.c200.000d STATIC CPU
All 0180.c200.000e STATIC CPU
All 0180.c200.000f STATIC CPU
All 0180.c200.0010 STATIC CPU
All 0180.c200.0021 STATIC CPU
All ffff.ffff.ffff STATIC CPU
1 6cdd.30ce.8b02 DYNAMIC Gi1/0/1
1 c064.e4d1.de02 DYNAMIC Gi1/0/2
2 0000.0c07.ac02 DYNAMIC Gi1/0/1
2 5c3e.06f4.1977 STATIC Vl2
2 c064.e4d1.de77 DYNAMIC Gi1/0/2
3 0000.0c07.ac03 DYNAMIC Gi1/0/1
3 5c3e.06f4.1967 STATIC Vl3
3 c064.e4d1.de67 DYNAMIC Gi1/0/2
4 0000.0c07.ac04 DYNAMIC Gi1/0/1
4 5c3e.06f4.1957 STATIC Vl4
4 c064.e4d1.de57 DYNAMIC Gi1/0/2
5 0000.0c07.ac05 DYNAMIC Gi1/0/1
5 5c3e.06f4.1947 STATIC Vl5
5 c064.e4d1.de47 DYNAMIC Gi1/0/2
6 0000.0c07.ac06 DYNAMIC Gi1/0/1
6 5c3e.06f4.1977 STATIC Vl6
6 c064.e4d1.de77 DYNAMIC Gi1/0/2
90 0000.0c07.ac5a DYNAMIC Gi1/0/2
90 000c.29ba.8c54 DYNAMIC Gi1/0/46
90 0050.5699.82c6 DYNAMIC Gi1/0/48
90 5c3e.06f4.1969 STATIC Vl90
90 6c3c.8c18.5510 DYNAMIC Gi1/0/46
90 6c3c.8c18.55d8 DYNAMIC Gi1/0/1
90 6cdd.30ce.8b69 DYNAMIC Gi1/0/1
90 c064.e4d1.de69 DYNAMIC Gi1/0/2
91 0000.0c07.ac5b DYNAMIC Gi1/0/2
91 5c3e.06f4.1959 STATIC Vl91
91 5c3e.06fe.09d9 DYNAMIC Gi1/0/1
91 6cdd.30ce.8b02 DYNAMIC Gi1/0/1
91 6cdd.30ce.8b59 DYNAMIC Gi1/0/1
91 c064.e4d1.de02 DYNAMIC Gi1/0/2
91 c064.e4d1.de59 DYNAMIC Gi1/0/2
100 0000.0c07.ac64 DYNAMIC Gi1/0/2
100 000c.2926.ee1b DYNAMIC Gi1/0/1
100 000c.295b.b5fd DYNAMIC Gi1/0/1
100 000c.29a9.116f DYNAMIC Gi1/0/1
100 000c.29d9.b135 DYNAMIC Gi1/0/48
100 0050.5699.f422 DYNAMIC Gi1/0/1
100 5c3e.06f4.1951 STATIC Vl100
100 6cdd.30ce.8b51 DYNAMIC Gi1/0/1
100 c064.e4d1.de51 DYNAMIC Gi1/0/2
999 5c3e.06f4.1943 STATIC Vl999

As i just saw i was missing a command after resetting all he switches "ip sla schedule 1 life forever start-time now"

this means that all the vlans was active on Core 1 but now when I entered the command VLAN 90,91,100 swaped over and I can no longer reach my servers (As they can't reach the gateway .254). But the active 253 is pingable.

I can also see that core 2 is able to ping the 254.

 

I'm sorry if I'm trying to create a setup that is just no possible...

CORE1

DKARR-CSW01#sh standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Vl2 2 110 P Active local 10.1.2.253 10.1.2.254
Vl3 3 110 P Active local 10.1.3.253 10.1.3.254
Vl4 4 110 P Active local 10.1.4.253 10.1.4.254
Vl5 5 110 P Active local 10.1.5.253 10.1.5.254
Vl6 6 110 P Active local 10.1.6.253 10.1.6.254
Vl60 60 100 Standby 192.168.0.253 local 192.168.0.254
Vl61 61 110 P Active local 192.168.1.253 192.168.1.254
Vl90 90 100 P Standby 10.1.90.253 local 10.1.90.254
Vl91 91 100 P Standby 10.1.91.253 local 10.1.91.254
Vl100 100 100 P Standby 10.1.100.253 local 10.1.100.254
DKARR-CSW01#ping 10.1.91.253
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.91.253, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
DKARR-CSW01#ping 10.1.91.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.91.254, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
DKARR-CSW01#show track
Track 1
IP SLA 1 reachability
Reachability is Up
2 changes, last change 00:14:06
Latest operation return code: OK
Latest RTT (millisecs) 6
Tracked by:
HSRP Vlan2 2
HSRP Vlan3 3
HSRP Vlan4 4
HSRP Vlan5 5
HSRP Vlan6 6
HSRP Vlan61 61
DKARR-CSW01#sh ip sla su
DKARR-CSW01#sh ip sla summary
IPSLAs Latest Operation Summary
Codes: * active, ^ inactive, ~ pending
All Stats are in milliseconds. Stats with u are in microseconds

ID Type Destination Stats Return Last
Code Run
-----------------------------------------------------------------------
*1 icmp-echo 8.8.8.8 RTT=6 OK 2 seconds ago

CORE2

 

DKARR-CSW02#sh standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Vl2 2 100 P Standby 10.1.2.252 local 10.1.2.254
Vl3 3 100 P Standby 10.1.3.252 local 10.1.3.254
Vl4 4 100 P Standby 10.1.4.252 local 10.1.4.254
Vl5 5 100 P Standby 10.1.5.252 local 10.1.5.254
Vl6 6 100 P Standby 10.1.6.252 local 10.1.6.254
Vl60 60 100 Active local 192.168.0.252 192.168.0.254
Vl61 61 100 P Standby 192.168.1.252 local 192.168.1.254
Vl90 90 110 P Active local 10.1.90.252 10.1.90.254
Vl91 91 110 P Active local 10.1.91.252 10.1.91.254
Vl100 100 110 P Active local 10.1.100.252 10.1.100.254
DKARR-CSW02#sh
DKARR-CSW02#show tr
DKARR-CSW02#show trac
DKARR-CSW02#show track
Track 1
IP SLA 1 reachability
Reachability is Up
2 changes, last change 00:21:24
Latest operation return code: OK
Latest RTT (millisecs) 6
Tracked by:
HSRP Vlan90 90
HSRP Vlan91 91
HSRP Vlan100 100
DKARR-CSW02#show ip sla
DKARR-CSW02#show ip sla su
DKARR-CSW02#show ip sla summary
IPSLAs Latest Operation Summary
Codes: * active, ^ inactive, ~ pending
All Stats are in milliseconds. Stats with u are in microseconds

ID Type Destination Stats Return Last
Code Run
-----------------------------------------------------------------------
*1 icmp-echo 8.8.8.8 RTT=6 OK 1 seconds ago

Hi

 This happen for all vlans ?  In which port of the access switch the device is connect ?  I saw you have priority configured in one core but not in the other. You should have priority on both sides.

This happens for only the vlans that swap from standby to active. As for the priority goes, I assume the default value is 100 there for no need to set one. Am I wrong here?

Hello
Your IPSLA is polling an ip address that looks like it can still be reachable via its MGT vlan even though SW1 uplink is lost.
You need to make sure this isnt the case, so when the SW1 primary upstream path is lost ipsla is also lost from SW1 perspective and isn't still reachable via SW2 and a simple local policy route should help.

access-list 100 permit icmp host 10.1.91.253 host 8.8.8.8 echo

route-map ipsla
match ip address 100
set ip next-hop x.x.x.x <ip address of upstream physical nexthop address>
set interface Null0

ip local policy route-map ipsla


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Thanks for taking your time to look at my problem. Correct me if I’m wrong but if the uplink is cut from core 1 it doesn’t know any other routes to 8.8.8.8. There for it should not be reachable. This is also tested and the HSRP is swapping over. Just for some reason the VIPs on the swaped vlans is not reachable from any other the the active HSRP switch itself.

Core have many VLAN and each config with HSRP group 
the cisco recommend to use load sharing by config HSRP group that it active is Core1 and other HSRP group it active is Core2 
BUT 

this I think is imposable with FW connect to Uplink 
so I assume that all HSRP group active is Core1 which you config IP SLA on it, 
here you config IP SLA under only one standby but other is not, so that why some is active and other is standby after IP SLA down (I will talk about this point later)
here we need to config one IP SLA and then make all HSRP group follow the group we config IP SLA under it (no need IP SLA under each group)
command need is 
standby group-number follow group-name

NOW other issue is IP SLA, why we use track IP SLA with destination is 8.8.8.8 ? instead we can use IP SLA track destination to FW IP. 
also we can add
ip route <FW IP> interface <connect Core to FW> permanent
this make L3SW always use this interface as egress for this traffic 

NOTE:- try keep the link interconnect to Core SW as L3 not L2 link

When you say interconnect to core switch are you talking about the link between the to core switches. And why should this be l3? Because of stop?

Review Cisco Networking for a $25 gift card