cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
8590
Views
0
Helpful
8
Replies

HSRP over L3 port-channel, switches do not ping each other

antilope1
Level 1
Level 1

Hello guys, 

I have a L3 port-channel between 2 gigabit ethernet interfaces (one per switch Catalyst 6509), towards two giga interfaces in another two Catalyst 6509 in the other end. The port-channel is configured as follows in one of the ends (the first pair of 6509): 

interface GigabitEthernet3/37
 description Conexion 
 no ip address
 channel-group 8 mode on
!
interface GigabitEthernet3/38
 description Conexion 
 no ip address
 channel-group 8 mode on

For each Catalyst 6509, the port-channel 8 has a HSRP group, 254. In one of the Catalyst (Central-1) the IP assigned is 192.168.254.253/24 and in the other (Central-2), 192.168.254.254/24. Here is the conf for one Catalyst 6509 (Central-1): 

interface Port-channel8
 description CENTRALES
 ip address 192.168.254.253 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 no ip route-cache
 load-interval 30
 standby delay minimum 20 reload 300
 standby preempt delay minimum 120
 standby 254 ip 192.168.254.254
 standby 254 timers 1 3

 

As you can see, HSRP group 254 is defined and it is answering from L3, (from any host or switch, for the 3 IPs), but my doubt is about the HSRP behaviour between both Catalyst. They can't find which one is the master and in fact, they can't ping each other. The status of the group defined for po 8 is: 

CENTRAL-1#sh standby port-channel 8
Port-channel8 - Group 254
  Local state is Active, priority 100
  Hellotime 1 sec, holdtime 3 sec
  Next hello sent in 0.865
  Virtual IP address is 192.168.254.254 configured
  Active router is local
  Standby router is unknown
  Virtual mac address is 0000.0c07.acfe
  5 state changes, last state change 2w3d
  IP redundancy name is "hsrp-Po8-254" (default)

 

CENTRAL-2#sh standby port-channel 8
Port-channel8 - Group 254
  Local state is Active, priority 110
  Hellotime 1 sec, holdtime 3 sec
  Next hello sent in 0.645
  Virtual IP address is 192.168.254.254 configured
  Active router is local
  Standby router is unknown
  Virtual mac address is 0000.0c07.acfe
  5 state changes, last state change 6w1d
  IP redundancy name is "hsrp-Po8-254" (default)

A "sh standby br" shows each switch considers itself the master and does not know the standby. 

The thing is both switches have not an interface to connect L3 from network 192.168.254.0/24 directly. I mean, they only have one interface connected to the other end of the etherchannel, but not between them. Is this the reason why they can't ping each other, and consequently, they can't properly use HSRP group? 

Could you tell me which could be a solution to this issue? I can't guess what can be done since the physical interfaces gi3/37 and gi3/38 exist and I think no any other interface should be configured in this network (192.168.254.0/24). 

 

Thank you very much in advance. 

1 Accepted Solution

Accepted Solutions

Jon Marshall
Hall of Fame
Hall of Fame

HSRP needs L2 adjancency between the switches for it to work.

So if the 6500s that have HSRP configured are using L3 etherchannels (which they are) then it really depends on the rest of the configuration eg.

1) if the HSRP pair are interconnected with a L2 trunk allowing the vlan for 192.168.254.0/24 then it should work.

2) if they don't then it depends on the other end of the connections. If these are also configured as L3 etherchannels then HSRP will not work.

3) if the other ends of the connections were L2 then the ports would need to be in that vlan and there would also need to be an interconnection between those switches which is in that vlan or a trunk which allows those vlans.

It's difficult to say without knowing the full picture.

Jon

View solution in original post

8 Replies 8

Jan Rolny
Level 3
Level 3

Hi,

it seems you have duplicate IP address 192.168.254.254. You have configured HSRP for VIP 192.168.254.254 but you also described that your second 6509 has ip address 192.168.254.254 and this is the problem.

Best regards,

Jan

Hello Jan, 

No, I have mismtached about the IP of both Catalyst:

(Central-1) the IP assigned is 192.168.254.252/24 and in the other (Central-2), 192.168.254.253/24. 

So this is not the cause of the problem. 

Thank you anyway. 

Jon Marshall
Hall of Fame
Hall of Fame

HSRP needs L2 adjancency between the switches for it to work.

So if the 6500s that have HSRP configured are using L3 etherchannels (which they are) then it really depends on the rest of the configuration eg.

1) if the HSRP pair are interconnected with a L2 trunk allowing the vlan for 192.168.254.0/24 then it should work.

2) if they don't then it depends on the other end of the connections. If these are also configured as L3 etherchannels then HSRP will not work.

3) if the other ends of the connections were L2 then the ports would need to be in that vlan and there would also need to be an interconnection between those switches which is in that vlan or a trunk which allows those vlans.

It's difficult to say without knowing the full picture.

Jon

Hello Jon, 

Thank you very much for your answer. For the 3 possibilities, I answer you: 

1) The pair are interconnected with a L2 trunk but the thing is this network, 192.168.254.0/24, is not associated to a vlan, but to a L3 etherchannel, so there is no way to associate it to a VLAN, am I right? 

2) The other end of connections I think is configured at L3 too. 

3) I am pending to know about the other end, but I think it is L3 too. 

Anyway, although you have been very clear, try to imagine just 2 switches connected towards another 2 by one interface per each: 

Central-1: gi3/37 ---> Ext1: gi1/20

Central-2: gi3/38 ---> Ext2: gi1/30

If etherchannel from Central is L3, I do not know how to include this traffic in vlan 2.... 

Well, I keep on thinking. Thank you very much. 

I rewrite last sentence: 

If etherchannel from Central is L3, I do not know how to include this traffic in L2, in a vlan.... because if I created a new vlan for this network, then etherchannel should be L2 too, is it right? And as you say, the other end could not be L3, so with this situation, it does not seem possible to solve the problem, does it? 

It really depends on what you are trying to achieve.

Usually HSRP is for end clients but if there is no vlan associated with that IP subnet then it's really not clear why it is being used ?

Jon

Hi Jon, 

Although a lot of time has passed since my post, I only wanted to answer you about this issue. The problem was that the pair of switches of each end were not a chassis as a whole, so it was not possible to make run an etherchannel from 2 different equipments (with HSRP) to another 2 in the other end (with HSRP too) with a L3 link. 

It would have run with VSS but not in this way. Besides, both ends were with L3 and then HSRP, as you said me, did not match here. 

Anyway, I wanted to thank your answer. 

Thank you. 

If both ends of each link is configured as L3 then i am wondering why you are running HSRP ?

What other devices (apart from the switches) are using that IP subnet ?

If there is no vlan for this IP subnet then, like i say, it's not obvious what these links are meant for.

Jon

Review Cisco Networking for a $25 gift card