09-11-2014 10:01 AM - edited 03-07-2019 08:43 PM
Strange behaviour on two of my 8 HSRP groups.
Active HSRP router doesn't see standby router because it doesn't send him hello messages.
When I go to standby router, and start "debug standby error" I get messages:
"Cannot determine src IP address for Hello"
HSRP is configured on VLAN interface, VLAN interface is up and pingable, no duplicated IP addresses, IP address of VLAN interface and standby IP address are in same subnet. This problem is on Cisco 3750X switch/router.
I have other HSRP groups and they are configured same as these two and working nice.
Tried to delete VLAN interface and create it again but with no success.
Any ideas?
Thanks!
Solved! Go to Solution.
09-12-2014 03:00 AM
Then it is expected behaviour.
Anyways thanks for the update. Glad the issue is solved.
Good you please mark the thread as closed.
Regards
Inayath
09-11-2014 04:36 PM
f the HSRP router cannot uniquely determine the IP address used by the host when it sends the packet that caused the redirect, the redirect message will not be sent. The router uses the destination MAC address in the original packet to make this determination. In certain configurations, such as the use of the standby use-bia interface configuration command specified on an interface, redirects cannot be sent. In this case, the HSRP groups use the interface MAC address as their virtual MAC address. The router now cannot determine if the default gateway of the host is the real IP address or one of the HSRP virtual IP addresses that are active on the interface.
Using HSRP with ICMP redirects is not possible in the Cisco 800 series, Cisco 1000 series, Cisco 1600 series, Cisco 2500 series, Cisco 3000 series, and Cisco 4500 series routers because the Ethernet controller can support only one MAC address.
The IP source address of an ICMP packet must match the gateway address used by the host in the packet that triggered the ICMP packet, otherwise the host will reject the ICMP redirect packet. An HSRP router uses the destination MAC address to determine the gateway IP address of the host. If the HSRP router is using the same MAC address for multiple IP addresses, uniquely determining the gateway IP address of the host is not possible, and the redirect message is not sent.
The following is sample output from the debug standby events icmp EXEC command if HSRP could not uniquely determine the gateway used by the host:
10:43:08: HSRP: ICMP redirect not sent to 10.0.0.4 for dest 10.0.1.2 10:43:08: HSRP: could not uniquely determine IP address for mac 00d0.bbd3.bc22
Workaround:
The Cisco 2500 series, Cisco 3000 series, Cisco 4000 series, and Cisco 4500 routers that use Lance Ethernet hardware do not support multiple Hot Standby groups on a single Ethernet interface. The Cisco 800 series and Cisco 1600 series that use PQUICC Ethernet hardware do not support multiple Hot Standby groups on a single Ethernet interface. You can configure a workaround solution by using the standby use-bia interface configuration command, which uses the burned-in address of the interface as its virtual MAC address, instead of the preassigned MAC address.
HTH
Inayath
09-12-2014 01:33 AM
Problem solved, thanks for help.
There is some kind of bug I believe...
Network where I had a problem is: 192.168.30.0 mask 255.255.254.0
vlan interface on standby router was configured like:
vlan 30
ip address 192.168.30.3 255.255.254.0
standby 30 ip 192.168.31.254
Real and virtual IP are in same subnet, but with this configuration I had message:"Cannot determine src IP address for Hello"
After I changed IP address to 192.168.31.3 255.255.254.0 everything was OK.
09-12-2014 03:00 AM
Then it is expected behaviour.
Anyways thanks for the update. Glad the issue is solved.
Good you please mark the thread as closed.
Regards
Inayath
09-12-2014 03:13 AM
Well, I'm not sure is it expected, because in both cases real IP and virtual IP were in same subnet.
Also, configuration on Active HSRP router is working with no problems:
int vlan 30
ip address 192.168.30.2 255.255.254.0
standby 30 ip 192.168.31.254
09-12-2014 04:55 AM
Hello Nesko
Just wanted to double check if we have done the basic checks right.
Do both the routers have proper reachability for forming the standby group?
Have you checked the ping test from the Active router to standby router.
I understand the debug message but anaylze this can you take a snoop at the interfaces and check. Generally hsrp hello messages are easily traceable in wireshark log. We may get clear idea/clue with snoop output.
Good that issue is resolved but this may not be a bug i suppose.
Raj
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide