Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1135
Views
0
Helpful
8
Replies

HSRP - how to determine if hosts are using correct gateway IP

captainbluff
Level 1
Level 1

‎07-17-2013 08:43 AM - last edited on ‎03-25-2019 04:25 PM by Community Manager

Hello,

I have the following scenario:

- I have 2 routers ( Cat6509 ) running HSRP on VLAN14, connected to two layer 2 switch ( Cat6509 ).

- I have no access to the hosts on VLAN14

- Obviously in order for HSRP to work, the hosts will need to use the HSRP VIP address 10.1.1.3, however I have a feeling that they are using the 10.1.1.1 and 10.1.1.2.

What is the best way to prove that the hosts are using the wrong gateway IP?
Is there a debug command that I can perform to determine the source and destination IP or MAC address?

Labels:
0 Helpful
8 Replies 8

mikegrous
Level 3
Level 3

‎07-17-2013 08:57 AM

SPAN the uplink ports. See waht the dest MAC address is. The coorelate that MAC to the ARP table to see if it is sending to .1 .2 or .3

0 Helpful

captainbluff
Level 1
Level 1
In response to mikegrous

‎07-17-2013 11:14 AM

Correct me if I am wrong but SPAN only shows source and destination ports not source and destination MAC?

0 Helpful

JohnTylerPearce
Level 7
Level 7
In response to captainbluff

‎07-17-2013 11:46 AM

If it was configured correctly, they should have 10.1.1.3 as the default gateway.

Can you post the HSRP configuration, as the output of the 'show standby ?

Also, do the clients get the default gateway information via DHCP or is it setup statically?

0 Helpful

captainbluff
Level 1
Level 1
In response to captainbluff

‎07-17-2013 11:50 AM

It's not so much an HSRP  config issue, Cisco TAC has already confirmed it is correct. I need to prove to the customer that their hosts ( which I have no access to ) are using the wrong gateway IP. I want prove this buy using outputs from the router or switch.

0 Helpful

JohnTylerPearce
Level 7
Level 7
In response to captainbluff

‎07-17-2013 12:12 PM

Well, you could span that port, and look at the L2 frame using Wireshark?

0 Helpful

captainbluff
Level 1
Level 1
In response to captainbluff

‎07-17-2013 12:22 PM

That option is currently not available, any other suggestions?

0 Helpful

glen.grant
VIP Alumni
VIP Alumni
In response to captainbluff

‎07-17-2013 07:38 PM

  Look at a few of the clients and do a  ipconfig /all  and see what gateway is assigned to the nic or what the dhcp server is handing out for the gateway .  It is going to send it to whatever gateway is assigned on the client.  Have a couple of the clients look, they won't do that for you ?

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to glen.grant

‎07-17-2013 07:57 PM

Glen

In this thread Joe has told us twice that he does not have access to the hosts on the vlan.

Joe

I would suggest that you run (for a little while) debug arp. Look in its output (terminal monitor or show logg depending on how logging is configured). If you see requests to resolve 10.1.1.1 or 10.1.1.2 coming from client addresses then you have evidence that the clients are not using the HSRP virtual address. If the arp requests are for 10.1.1.3 then they are using the HSRP address.

HTH

Rick

HTH

Rick
0 Helpful
li.common.scroll-to.top