cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5140
Views
10
Helpful
8
Replies

HSRP Active local, Standby unknown

sumit00011111
Level 1
Level 1

between two switch we have port channel and we have configured HSRP on those 2 switched for multiple SVI on it.

problem is for few VLAN HSRP states are showing correct and for other it shows HSRP Active local, Standby unknown ,could not ping to other switch SVI IP,

 

example Vlan 1001 on both switched, vlan 971 on switch SD02

 

02#sh standby vlan 971
Vlan971 - Group 9
State is Active
8 state changes, last state change 1d00hSwitching
Virtual IP address is 10.48.153.129
Active virtual MAC address is 0000.0c07.ac09 (MAC In Use)
Local virtual MAC address is 0000.0c07.ac09 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 2.480 secs
Preemption enabled
Active router is local
Standby router is unknown
Priority 201 (configured 201)
Group name is "hsrp-Vl971-9" (default)

-------------------------------------------

02#sh run int vlan 1001
interface Vlan1001
description Security
ip address 10.83.87.3 255.255.255.192
no ip redirects
standby 1 ip 10.83.87.1
standby 1 priority 101
standby 1 preempt
end

 

02#sh standby vlan 1001
Vlan1001 - Group 1
State is Active
8 state changes, last state change 1d00h
Virtual IP address is 10.83.87.1
Active virtual MAC address is 0000.0c07.ac01 (MAC In Use)
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.344 secs
Preemption enabled
Active router is local
Standby router is unknown
Priority 101 (configured 101)
Group name is "hsrp-Vl1001-1" (default)

------------------------------------------

02#sh run int vlan 971
interface Vlan971
ip address 10.48.153.131 255.255.255.240
no ip redirects
standby 9 ip 10.48.153.129
standby 9 priority 201
standby 9 preempt
end

 

------------------------------------------

01#sh run int vlan 1001
interface Vlan1001
ip address 10.83.87.2 255.255.255.192
no ip redirects
standby 1 ip 10.83.87.1
standby 1 priority 201
standby 1 preempt
end

01#sh run int vlan 971
interface Vlan971
ip address 10.48.153.130 255.255.255.240
no ip redirects
standby 9 ip 10.48.153.129
standby 9 priority 101
standby 9 preempt
end

 

 

 

------------------------------------

01#sh standby vlan 971
Vlan971 - Group 9
State is Standby
15 state changes, last state change 1d00h
Virtual IP address is 10.48.153.129
Active virtual MAC address is 0000.0c07.ac09 (MAC Not In Use)
Local virtual MAC address is 0000.0c07.ac09 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.808 secs
Preemption enabled
Active router is 10.48.153.131, priority 201 (expires in 8.384 sec)
Standby router is local
Priority 101 (configured 101)
Group name is "hsrp-Vl971-9" (default)

 

01#sh standby vlan 1001
Vlan1001 - Group 1
State is Active
4 state changes, last state change 42w4d
Virtual IP address is 10.83.87.1
Active virtual MAC address is 0000.0c07.ac01 (MAC In Use)
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.792 secs
Preemption enabled
Active router is local
Standby router is unknown
Priority 201 (configured 201)
Group name is "hsrp-Vl1001-1" (default)

 

 

01#ping 10.83.87.3 source 10.83.87.1
% Invalid source address- IP address not on any of our up interfaces

01#ping 10.83.87.3 source 10.83.87.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.83.87.3, timeout is 2 seconds:
Packet sent with a source address of 10.83.87.2
.....
Success rate is 0 percent (0/5)

 

8 Replies 8

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello ,

you should avoid to use Vlans in range 1001-1006 as they were reserved for non ethernet services like Token Ring and FDDI  in very old times.

 

 

Hope to help

Giuseppe

 

Richard Burts
Hall of Fame
Hall of Fame

@Giuseppe Larosa provides an interesting comment about using vlan 1001. I am not sure that using that reserved vlan is the cause of the problem with HSRP. And even if it were the cause of the problem on vlan 1001 it does not explain the problem in vlan 971.

 

There is a very interesting inconsistency about the issue in vlan 971. It seems that 02 does not see 01, but 01 does see 02.

01#sh standby vlan 971
Vlan971 - Group 9
State is Standby
Active router is 10.48.153.131, priority 201 (expires in 8.384 sec)
Standby router is local

 

As a next step in investigating this issue I suggest doing show cdp neighbor on both switches and looking for neighbors in vlan 971. My guess is that one switch does see a neighbor but the other switch does not.

 

HTH

 

Rick

HTH

Rick

Hello Richard,

I have missed some of  the show commands in the original post. Thanks for your correction.

So I focused on Vlan 1001 and the last part of the post assuming Vlan 971 was fine on both devices.

 

From the failed ping attempts we can say that even unicast communication in Vlan 1001 is not working.

 

I would compare the list of allowed Vlans on trunk ports between the two switches using

show interface trunk

 

and looking at section Vlans in STP forwarding state and not pruned.

 

If the switches are connected by non trunk access links I agree show cdp neighbors detail can show us if the two devices agree on Vlan-id of connected access ports.

In this case if there is a mismatch log messages should be present telling about " native Vlan mismatch at port X."

 

Hope to help

Giuseppe

 

Just a brief remark about Vlan 1001: as far as I recall, Vlan 1001 is not reserved, Vlans 1002 - 1005 are ?

 

1002 fddi-default

1003 token-ring-default

1004 fddinet-default

1005 trnet-default

Hello,

 

on a side note, the failed ping is not caused by the missing standby router, but by the fact that the ping is sourced from an IP address that does not exist locally (that is the very nature of the standby IP, it is virtual). I recreated a simple setup with two switches in GNS3, and even with the standby router known, I get the below:

 

S2#sh standby vlan 1001
Vlan1001 - Group 1
State is Active
2 state changes, last state change 00:02:11
Virtual IP address is 10.83.87.1
Active virtual MAC address is 0000.0c07.ac01 (MAC In Use)
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.760 secs
Preemption enabled
Active router is local
Standby router is 10.83.87.3, priority 101 (expires in 8.512 sec)
Priority 201 (configured 201)
Group name is "hsrp-Vl1001-1" (default)


S2#ping 10.83.87.3 source 10.83.87.1
% Invalid source address- IP address not on any of our up interfaces

Hello Georg,

I agree on your explanation about first ping attempt it fails because tries to use HSRP VIP as source.

 

However, there is the following attempt made with the correct source interface that fails for lack of L2 connectivity

 

see from original post:

 

01#ping 10.83.87.3 source 10.83.87.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.83.87.3, timeout is 2 seconds:
Packet sent with a source address of 10.83.87.2
.....
Success rate is 0 percent (0/5)

 

As I have written in my second  post in this thread,  I suspect  the list of allowed Vlans on trunk is different on the two sides of the port channel.

 

Best Regards

Giuseppe

 

Hi,
Both side port channel interface configured as trunk only,

There are other vlan also on both switches HSRP is working fine and I can ping from one one switch to other switch for those vlan IPs but not for VLAN 971,

We have debug the icmp on both switches found that switch 1 sending icmp echo request to switch 2 and switch 2 replying to those request on port channel interface but somehow that response it not showing on switch 1.

Thank you!

Hello,

 

maybe it would help to show the full configs of both switches, we might be able to spot something that causes this behavior...

Review Cisco Networking for a $25 gift card