The Nexus 5548 is part of a pair.  I need to know why HSRP hello packets are being sent out of the routed interface..

What is the source of the hello packet? Should be able to help you narrow down where it's being sent from...

The HSRP hello packets are coming from the Nexus 5548 that's on the end of the point-to-point connection.  There is a Catalyst 3850 on the other end which is receiving the HSRP hello packets.

Understood. Just thinking you could look at the MAC of the hello packet and see where it's being originated from. If there is no HSRP configured on the link then perhaps it's coming from a different interface which is configured for HSRP.

Yes, the HSRP hello packets are sourced from VLAN interfaces on the Nexus which have HSRP configured on them.  The problem is that HSRP hello packets are being sent out of the routed interface which *isn't* configured with HSRP.  Any idea of what's going on here?

Do you have multicast routing configured on the routed interface?

No Multicast configured. 

interface Vlan145
  description Production_145
  no shutdown
  no ip redirects
  ip address 192.168.145.2/24
  ip router ospf 1 area 0.0.0.0
  no ip arp gratuitous hsrp duplicate
  hsrp version 2
  hsrp 145
    preempt
    priority 255
    ip 192.168.145.1

interface Vlan412
  description LAMP
  no shutdown
  no ip redirects
  ip address 192.168.120.2/24
  ip router ospf 1 area 0.0.0.0
  no ip arp gratuitous hsrp duplicate
  hsrp version 2
  hsrp 412
    preempt
    priority 255
    ip 192.168.120.1
  ip dhcp relay address 192.168.145.81 

interface Ethernet1/31
  description AT&T link to 6111
  no switchport
  ip address 10.101.0.18/28
  ip router ospf 1 area 0.0.0.0

I did a monitor capture on the Catalyst 3850 at the other end of the P2P link capturing all IP traffic coming across the link.  I then exported the capture information into Wireshark.

Hello,

can you post the Wireshark capture ?

---

@Georg Pauwen wrote:

Hello,

 

can you post the Wireshark capture ?

---

This forum won't allow me to attach a .pcap file so I have attached a screenshot of the Wireshark output.

Thanks.

Hello Nay-Sayer,

from the configuration you have provided and from the screenshot there is no explanation for the seen HSRPv2 Hello packets because:

they belong to the link local multicast address space 224.0.0.1-255 that cannot be routed by any multicast router.

If the link was a L2 trunk I would look for an error in cabling joining different Vlans /broadcast domains, but to be noted we see Hello messages for two different Vlans not only one.

Are you using a local SPAN session on the C3850 with source port the routed port to the Nexus and a destination port where you have connected a PC (old way) or you are performing directly a form of packet capture on the Cisco C3850?

Hope to help

Giuseppe

Hello Nay-Sayer,

I have seen that you have written you use a monitor capture session

I would do the following:

try to use the old way with local span and a PC capturing traffic. (if you can if it is not a remote site, eventually have a field eng. putting a PC with teamviewer using the WIFI to access the internet and the LAN configured WITHOUT a default gateway )

and/or

add another SVI with HSRP enabled on the Nexus pair and see if you see the hello messages for all three Vlans on the capture.

Hope to help

Giuseppe