cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
965
Views
5
Helpful
8
Replies

Block HSRP on interfaes

lonelyadmin
Level 1
Level 1

Working with 4500X and 2960X switches. I have HSRP running on all of the L3 interfaces, mostly vlans. Is there a way to not send HSRP broadcasts down every interface and only limit it to interfaces connected to other switches? 

 

Everytime I startup wireshark on a server connected to a switch I have to !(hsrp) or else I get spammed. HSRP doesn't need to be sent to any endpoints like that.

 

EDIT: To clarify, I see HSRP "hello" packets on every interface in the vlan for which the corresponding HSRP group is configured for.

8 Replies 8

....

 

I've read up on that command, never used it before. I don't see how exactly it would help.

hhh.png

Good afternoon - I realise I'm replying to a bit of an old thread here so my apologies up front for that.

 

We're trying to implement this solution, over 4 Nexus 3500s.

 

I can get it to work if I attach the ACL to an interface directly (E1/1 for example) but not if I use port channels. (Po3 made of E1/1-2).

 

Do you know if that behaviour is expected?

You can try to apply the ACL to both physical interfaces in the port channel.

Morning David, thanks for the response!

I've tried that - it comes back and says it can't do it while they're in a port channel.

dc-cen-a(config-if)# int e1/1-2
dc-cen-a(config-if-range)#   ip port access-group DHI in
Cannot apply ACL to an interface that is a port-channel member
dc-cen-a(config-if-range)#

 When I remove them from the group and then add the configuration and then add them back to the group it strips the command:

dc-cen-a# conf t
Enter configuration commands, one per line. End with CNTL/Z.
dc-cen-a(config)# int po3000
dc-cen-a(config-if)#   ip port access-group DHI in
dc-cen-a(config-if)# int e1/1-2
dc-cen-a(config-if-range)#   no channel-group
dc-cen-a(config-if-range)#   ip port access-group DHI in
dc-cen-a(config-if-range)#   channel-group 3000 mode active
dc-cen-a(config-if-range)# end
dc-cen-a# show run int e1/1-2

!Command: show running-config interface Ethernet1/1-2
!Running configuration last done at: Wed Jan  8 23:10:30 2025
!Time: Wed Jan  8 23:10:30 2025

version 9.3(13) Bios:version 5.6.0

interface Ethernet1/1
  description DCI-BENA
  switchport mode trunk
  switchport trunk allowed vlan 10,20,30,40
  channel-group 3000 mode active

interface Ethernet1/2
  description DCI-BENA
  switchport mode trunk
  switchport trunk allowed vlan 10,20,30,40
  channel-group 3000 mode active

dc-cen-a# show run int po3000

!Command: show running-config interface port-channel3000
!Running configuration last done at: Wed Jan  8 23:10:30 2025
!Time: Wed Jan  8 23:10:33 2025

version 9.3(13) Bios:version 5.6.0

interface port-channel3000
  switchport mode trunk
  switchport trunk allowed vlan 10,20,30,40
  ip port access-group DHI in
  spanning-tree port type network
  vpc 3000

dc-cen-a#

Any thoughts?

sorry I though you want to reduce the HSRP message per interface not per VLAN port, please see below method.

Not sure. I would try and open a new thread so the community can help as well.

Review Cisco Networking for a $25 gift card