Solved: ok, so the result is that

Ryan Fisher · ‎06-19-2015

Hi, I'm trying to extend a vlan across my layer 2 connection to my colocation DC using hsrp. The two different sites are using two different vtp domains, and they are both their respective vtp servers. I'm not sure if that has anything to do with the problems I'm having.

When both vlans are active, any server in the primary site on the extended vlan loses connectivity to all remote sites, including the the colocation DC site. If I shutdown the vlan at the colo, then all servers at the primary site regain connectivity. Sounds like a possible routing thing, but everything is using eigrp so I would've thought that would take care of any changes. While this is happening, the servers at the primary site on the extended vlan are still accessible locally to all other vlans and networks.

Now, from a workstation on a different vlan at the primary site, I can see the hsrp failover happen for that network and work just like it's supposed to. I can tell by running a ping, that when I shutdown the primary site's vlan interface, I can see the ping times increase on the latency that's on that circuit, so I know that the failover happened. And when I bring back up the interface locally, the pings stop for a few seconds then start back up with low latency times so I know it failed back. So it would seem that the operation of hsrp is happening properly.

Here are my configs:

Primary site:

interface Vlan15
ip address 10.200.145.2 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
no ip mroute-cache
standby 0 ip 10.200.145.1
standby 0 priority 105
standby 0 preempt
standby 0 authentication xxxxxx
end

Secondary site

interface Vlan15
ip address 10.200.145.3 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
no ip mroute-cache
standby 0 ip 10.200.145.1
standby 0 priority 85
standby 0 authentication xxxxxx
end

sh standby primary site:

Vlan15 - Group 0
State is Active
17 state changes, last state change 00:28:56
Virtual IP address is 10.200.145.1
Active virtual MAC address is 0000.0c07.ac00
Local virtual MAC address is 0000.0c07.ac00 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 2.176 secs
Authentication text, string "xxxxxx"
Preemption enabled
Active router is local
Standby router is unknown
Priority 105 (configured 105)
Group name is "hsrp-Vl15-0" (default)

sh standby secondary site:

Vlan15 - Group 0
State is Active
11 state changes, last state change 00:01:22
Virtual IP address is 10.200.145.1
Active virtual MAC address is 0000.0c07.ac00
Local virtual MAC address is 0000.0c07.ac00 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 2.224 secs
Authentication text, string "xxxxxx"
Preemption disabled
Active router is local
Standby router is unknown
Priority 85 (configured 85)
Group name is "hsrp-Vl15-0" (default)

Network topology:

Primary site Core 6500 <--> 3750 edge <-- Layer 2 connection --> Secondary CoLo site 3560

<-- Layer 2 connection --> Remote office 3560

I'm abut 100% sure I'm not giving enough information for anyone, so just tell me what you'd want to see and I'll post it. I'm by no means an hsrp expert, but just know enough to make myself dangerous.

Thanks!

Jon Marshall · ‎06-24-2015

Ryan

If po1 is the connection back to the 6500 then it's not that simple because you have WCCP applied to that interface and also other L3 SVIs on the edge switch.

So you are not just routing between sites you are also doing routing between local vlans on the edge switch.

I think what you need to do is -

1) create a new vlan on the 6500 and the edge switch and this vlan is used purely for routing between those two switches.

2) change the port channels on both switches to be trunk links and only allow the new vlan you have created plus the vlan you want to extend on those trunks.

This is important ie. you must only allow the two vlans

3) create an SVI for the new vlan on both switches and use the IP address assigned to the port channel interface on the SVI on each switch respectively.

You also then need to move the WCCP commands on the port channel interface on your edge switch to the SVI you have just created on the edge switch.

What you have then done is basically emulate your current L3 setup but also extended one specific vlan between sites.

As far as I can tell that should work but there are no guarantees as I don't know the full topology.

The alternative is to simply run another connection between the 6500 and the edge switch specifically for the vlan you want to extend although you may not want or be able to do this.

Edit - if you did run another connection you want to make sure no routing updates are exchanged across it ie. you only want this link for HSRP etc so you would need to make the SVIs for this vlan passive on both edge switches.

Jon

View solution in original post

Richard Burts · ‎06-21-2015

You are right about there not being enough information for us to be able to know exactly what the problem is. Based on what you have given us it is obvious that the two HSRP peers are really not seeing each other. The primary evidence of this is found in this line which is in the output of both peers

Standby router is unknown

If both of them do not know who the standby router is then they are not seeing the HSRP packets from each other.

As a first step in investigating this I would like to see whether 10.200.145.2 is able to ping 10.200.145.3. If the ping is successful then I would like to see the output of traceroute from one to the other.

My first guess, based on what we know so far, is that there is an issue in propagation of vlan 15 between the peers. To check on that would you post the output of commands show vlan and show interface trunk from each of the devices in the path between the peers?

HTH

Rick

HTH

Rick

Ryan Fisher · ‎06-21-2015

Thanks very much for the reply. I will definitely work on this tomorrow morning and get this info posted up.

thanks!

Ryan Fisher · ‎06-22-2015

Well, they can't ping each other and that makes sense, I guess.

VCORE-6506#ping 10.200.145.3 source vlan 15

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.200.145.3, timeout is 2 seconds:
Packet sent with a source address of 10.200.145.2
.....
Success rate is 0 percent (0/5)

dr01-3560#ping 10.200.145.2 source vlan 15

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.200.145.2, timeout is 2 seconds:
Packet sent with a source address of 10.200.145.3
.....
Success rate is 0 percent (0/5)

VCORE-6506#sh vlan

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi1/1/3, Gi1/1/13, Gi1/1/15, Gi1/1/16, Gi2/1/13, Gi2/1/15, Gi2/1/16, Gi2/1/23
10 VLAN0010 active
15 test_dr active
40 sling_net active Gi1/1/20
50 VLAN0050 active Gi1/1/21, Gi2/1/21
51 VLAN0051 active
110 VOIPSVR_VL110 active Gi2/1/10, Gi2/1/20
120 SEC_VL120 active
180 vdi_client_net active
185 admin_wkstn_net active
201 USR1_VL201 active Gi1/1/6
205 PRNT1_VL205 active
210 VOIP1_VL210 active
215 AV1_VL215 active
254 DOT1X_guest active
299 lab-net active Gi1/1/1, Gi1/1/8
301 USR13_VL301 active
305 PRNT13_VL305 active
310 VOIP13_VL310 active
315 AV13_VL315 active
401 USR19_VL401 active
405 PRNT19_VL405 active
410 VOIP19_VL410 active
415 AV19_VL415 active
501 Owned_Servers active
502 VENDOR_SERVERS active
503 SAN-REPL-VLAN active
505 vmotion_net active
506 vmware-ft-net active
510 san_repl_net active
511 exch-dag-repl-net active
521 LEGACY-MGMT-VLAN active
522 apc_mgmt_net_old active
523 apc_mgmt_net active
601 USR20_VL601 active
605 PRNT20_VL605 active
610 VOIP20_VL610 active
615 AV20_VL615 active
701 USR21_VL701 active
705 PRNT21_VL705 active
710 VOIP21_VL710 active

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
715 AV21_VL715 active
801 USR22_VL801 active
805 PRNT22_VL805 active
810 VOIP22_VL810 active
815 AV22_VL815 active
901 client_wrls_net active Gi1/1/7
902 WRLS_VL902 active
903 guest_wrls_net active
910 voip_wrls_net active
915 av_wrls_net active
920 esi-network active
995 dev_net active
999 MGMT_VL999 active Gi1/1/22, Gi2/1/9
1002 fddi-default act/unsup
1003 trcrf-default act/unsup
1004 fddinet-default act/unsup
1005 trbrf-default act/unsup

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
10 enet 100010 1500 - - - - - 0 0
15 enet 100015 1500 - - - - - 0 0
40 enet 100040 1500 - - - - - 0 0
50 enet 100050 1500 - - - - - 0 0
51 enet 100051 1500 - - - - - 0 0
110 enet 100110 1500 - - - - - 0 0
120 enet 100120 1500 - - - - - 0 0
180 enet 100180 1500 - - - - - 0 0
185 enet 100185 1500 - - - - - 0 0
201 enet 100201 1500 - - - - - 0 0
205 enet 100205 1500 - - - - - 0 0
210 enet 100210 1500 - - - - - 0 0
215 enet 100215 1500 - - - - - 0 0
254 enet 100254 1500 - - - - - 0 0
299 enet 100299 1500 - - - - - 0 0
301 enet 100301 1500 - - - - - 0 0
305 enet 100305 1500 - - - - - 0 0
310 enet 100310 1500 - - - - - 0 0
315 enet 100315 1500 - - - - - 0 0
401 enet 100401 1500 - - - - - 0 0
405 enet 100405 1500 - - - - - 0 0
410 enet 100410 1500 - - - - - 0 0
415 enet 100415 1500 - - - - - 0 0

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
501 enet 100501 1500 - - - - - 0 0
502 enet 100502 1500 - - - - - 0 0
503 enet 100503 1500 - - - - - 0 0
505 enet 100505 1500 - - - - - 0 0
506 enet 100506 1500 - - - - - 0 0
510 enet 100510 1500 - - - - - 0 0
511 enet 100511 1500 - - - - - 0 0
521 enet 100521 1500 - - - - - 0 0
522 enet 100522 1500 - - - - - 0 0
523 enet 100523 1500 - - - - - 0 0
601 enet 100601 1500 - - - - - 0 0
605 enet 100605 1500 - - - - - 0 0
610 enet 100610 1500 - - - - - 0 0
615 enet 100615 1500 - - - - - 0 0
701 enet 100701 1500 - - - - - 0 0
705 enet 100705 1500 - - - - - 0 0
710 enet 100710 1500 - - - - - 0 0
715 enet 100715 1500 - - - - - 0 0
801 enet 100801 1500 - - - - - 0 0
805 enet 100805 1500 - - - - - 0 0
810 enet 100810 1500 - - - - - 0 0
815 enet 100815 1500 - - - - - 0 0
901 enet 100901 1500 - - - - - 0 0
902 enet 100902 1500 - - - - - 0 0
903 enet 100903 1500 - - - - - 0 0
910 enet 100910 1500 - - - - - 0 0
915 enet 100915 1500 - - - - - 0 0
920 enet 100920 1500 - - - - - 0 0
995 enet 100995 1500 - - - - - 0 0
999 enet 100999 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 trcrf 101003 4472 1005 3276 - - srb 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trbrf 101005 4472 - - 15 ibm - 0 0

VLAN AREHops STEHops Backup CRF
---- ------- ------- ----------
1003 7 7 off

Remote SPAN VLANs
------------------------------------------------------------------------------

Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------

dr01-3560#sh vlan

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi0/51
15 test_dr active
100 client_net active
101 admin_client_net active
110 voip_svr_net active Gi0/15, Gi0/20
195 iscsi_net active Gi0/1, Gi0/2, Gi0/3, Gi0/4, Gi0/5, Gi0/6, Gi0/26, Gi0/27, Gi0/28
205 dr_server_net active Gi0/13, Gi0/14, Gi0/16, Gi0/17, Gi0/18, Gi0/19
501 hsrp_prod_server_net active
521 stby_server_mgmt_net active
920 stby_esi_net active
980 mpls-wan-net active
999 mgmt_net active Gi0/22, Gi0/23, Gi0/24, Gi0/25, Gi0/33, Gi0/34, Gi0/35, Gi0/36, Gi0/37, Gi0/38, Gi0/39, Gi0/40, Gi0/41
Gi0/42, Gi0/43, Gi0/44, Gi0/45, Gi0/46
1002 fddi-default act/unsup
1003 trcrf-default act/unsup
1004 fddinet-default act/unsup
1005 trbrf-default act/unsup

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
15 enet 100015 1500 - - - - - 0 0
100 enet 100100 1500 - - - - - 0 0
101 enet 100101 1500 - - - - - 0 0
110 enet 100110 1500 - - - - - 0 0
195 enet 100195 1500 - - - - - 0 0
205 enet 100205 1500 - - - - - 0 0
501 enet 100501 1500 - - - - - 0 0
521 enet 100521 1500 - - - - - 0 0
920 enet 100920 1500 - - - - - 0 0
980 enet 100980 1500 - - - - - 0 0
999 enet 100999 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 trcrf 101003 4472 1005 3276 - - srb 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trbrf 101005 4472 - - 15 ibm - 0 0

VLAN AREHops STEHops Backup CRF
---- ------- ------- ----------
1003 7 7 off

Remote SPAN VLANs
------------------------------------------------------------------------------

Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------

VCORE-6506#sh int trunk

Port Mode Encapsulation Status Native vlan
Gi1/1/23 on 802.1q trunking 1
Po10 desirable 802.1q trunking 1
Po13 desirable 802.1q trunking 1
Po19 desirable 802.1q trunking 1
Po20 desirable 802.1q trunking 1
Po21 desirable 802.1q trunking 1
Po22 on 802.1q trunking 1
Po99 on 802.1q trunking 1
Po101 on 802.1q trunking 1
Po102 on 802.1q trunking 1
Po103 on 802.1q trunking 1
Po104 on 802.1q trunking 1
Po105 on 802.1q trunking 1
Po106 on 802.1q trunking 1
Po111 on 802.1q trunking 1
Po112 on 802.1q trunking 1
Po190 on 802.1q trunking 1
Po199 on 802.1q trunking 1
Po200 on 802.1q trunking 1

Port Vlans allowed on trunk
Gi1/1/23 1-4094
Po10 1-4094
Po13 1-4094
Po19 1-4094
Po20 1-4094
Po21 1-4094
Po22 1-4094
Po99 901,903,910,915,999
Po101 1-4094
Po102 1-4094
Po103 1-4094
Po104 1-4094
Po105 1-4094
Po106 1-4094
Po111 1-4094
Po112 1-4094
Po190 1-4094
Po199 901,903,910,915,999
Po200 1-4094

Port Vlans allowed and active in management domain

Port Vlans allowed and active in management domain
Gi1/1/23 1,10,15,40,50-51,110,120,180,185,201,205,210,215,254,299,301,305,310,315,401,405,410,415,501-503,505-506,510-511,521-523,601,605,610,615,701,705,710,715,801,805,810,815,901-903,910,915,920,995,999
Po10 1,10,15,40,50-51,110,120,180,185,201,205,210,215,254,299,301,305,310,315,401,405,410,415,501-503,505-506,510-511,521-523,601,605,610,615,701,705,710,715,801,805,810,815,901-903,910,915,920,995,999
Po13 1,10,15,40,50-51,110,120,180,185,201,205,210,215,254,299,301,305,310,315,401,405,410,415,501-503,505-506,510-511,521-523,601,605,610,615,701,705,710,715,801,805,810,815,901-903,910,915,920,995,999
Po19 1,10,15,40,50-51,110,120,180,185,201,205,210,215,254,299,301,305,310,315,401,405,410,415,501-503,505-506,510-511,521-523,601,605,610,615,701,705,710,715,801,805,810,815,901-903,910,915,920,995,999
Po20 1,10,15,40,50-51,110,120,180,185,201,205,210,215,254,299,301,305,310,315,401,405,410,415,501-503,505-506,510-511,521-523,601,605,610,615,701,705,710,715,801,805,810,815,901-903,910,915,920,995,999
Po21 1,10,15,40,50-51,110,120,180,185,201,205,210,215,254,299,301,305,310,315,401,405,410,415,501-503,505-506,510-511,521-523,601,605,610,615,701,705,710,715,801,805,810,815,901-903,910,915,920,995,999
Po22 1,10,15,40,50-51,110,120,180,185,201,205,210,215,254,299,301,305,310,315,401,405,410,415,501-503,505-506,510-511,521-523,601,605,610,615,701,705,710,715,801,805,810,815,901-903,910,915,920,995,999
Po99 901,903,910,915,999
Po101 1,10,15,40,50-51,110,120,180,185,201,205,210,215,254,299,301,305,310,315,401,405,410,415,501-503,505-506,510-511,521-523,601,605,610,615,701,705,710,715,801,805,810,815,901-903,910,915,920,995,999
Po102 1,10,15,40,50-51,110,120,180,185,201,205,210,215,254,299,301,305,310,315,401,405,410,415,501-503,505-506,510-511,521-523,601,605,610,615,701,705,710,715,801,805,810,815,901-903,910,915,920,995,999
Po103 1,10,15,40,50-51,110,120,180,185,201,205,210,215,254,299,301,305,310,315,401,405,410,415,501-503,505-506,510-511,521-523,601,605,610,615,701,705,710,715,801,805,810,815,901-903,910,915,920,995,999
Po104 1,10,15,40,50-51,110,120,180,185,201,205,210,215,254,299,301,305,310,315,401,405,410,415,501-503,505-506,510-511,521-523,601,605,610,615,701,705,710,715,801,805,810,815,901-903,910,915,920,995,999
Po105 1,10,15,40,50-51,110,120,180,185,201,205,210,215,254,299,301,305,310,315,401,405,410,415,501-503,505-506,510-511,521-523,601,605,610,615,701,705,710,715,801,805,810,815,901-903,910,915,920,995,999
Po106 1,10,15,40,50-51,110,120,180,185,201,205,210,215,254,299,301,305,310,315,401,405,410,415,501-503,505-506,510-511,521-523,601,605,610,615,701,705,710,715,801,805,810,815,901-903,910,915,920,995,999
Po111 1,10,15,40,50-51,110,120,180,185,201,205,210,215,254,299,301,305,310,315,401,405,410,415,501-503,505-506,510-511,521-523,601,605,610,615,701,705,710,715,801,805,810,815,901-903,910,915,920,995,999
Po112 1,10,15,40,50-51,110,120,180,185,201,205,210,215,254,299,301,305,310,315,401,405,410,415,501-503,505-506,510-511,521-523,601,605,610,615,701,705,710,715,801,805,810,815,901-903,910,915,920,995,999
Po190 1,10,15,40,50-51,110,120,180,185,201,205,210,215,254,299,301,305,310,315,401,405,410,415,501-503,505-506,510-511,521-523,601,605,610,615,701,705,710,715,801,805,810,815,901-903,910,915,920,995,999
Po199 901,903,910,915,999
Po200 1,10,15,40,50-51,110,120,180,185,201,205,210,215,254,299,301,305,310,315,401,405,410,415,501-503,505-506,510-511,521-523,601,605,610,615,701,705,710,715,801,805,810,815,901-903,910,915,920,995,999

Port Vlans in spanning tree forwarding state and not pruned
Gi1/1/23 1,40,120,521-523,999
Po10 1,201,205,210,215,999
Po13 1,10,15,40,50-51,110,120,180,185,201,205,210,215,254,299,301,305,310,315,401,405,410,415,501-503,505-506,510-511,521-523,601,605,610,615,701,705,710,715,801,805,810,815,901-903,910,915,920,995,999
Po19 1,10,15,40,50-51,110,120,180,185,201,205,210,215,254,299,301,305,310,315,401,405,410,415,501-503,505-506,510-511,521-523,601,605,610,615,701,705,710,715,801,805,810,815,901-903,910,915,920,995,999

Port Vlans in spanning tree forwarding state and not pruned
Po20 1,120,523,601,605,610,615,903,999
Po21 1,523,701,705,710,715,999
Po22 1,523,801,805,810,815,999
Po99 901,903,910,915,999
Po101 1,501,521,999
Po102 1,501,999
Po103 1,510,521,999
Po104 1,110,510,521,999
Po105 1,501,510,521,999
Po106 1,501,510,521,999
Po111 1,10,15,40,50-51,110,120,180,185,201,205,210,215,254,299,301,305,310,315,401,405,410,415,501-503,505-506,510-511,521-523,601,605,610,615,701,705,710,715,801,805,810,815,901-903,910,915,920,995,999
Po112 1,10,15,40,50-51,110,120,180,185,201,205,210,215,254,299,301,305,310,315,401,405,410,415,501-503,505-506,510-511,521-523,601,605,610,615,701,705,710,715,801,805,810,815,901-903,910,915,920,995,999
Po190 1,401,410,501,999
Po199 901,903,910,915,999
Po200 1,185,201,210,999

dr01-3560#sh int trunk

Port Mode Encapsulation Status Native vlan
Gi0/21 on 802.1q trunking 1
Gi0/48 on 802.1q trunking 1
Po10 on 802.1q trunking 1
Po11 on 802.1q trunking 1
Po12 on 802.1q trunking 1

Port Vlans allowed on trunk
Gi0/21 1-4094
Gi0/48 1,980
Po10 1-4094
Po11 1-4094
Po12 1-4094

Port Vlans allowed and active in management domain
Gi0/21 1,15,100-101,110,195,205,501,521,920,980,999
Gi0/48 1,980
Po10 1,15,100-101,110,195,205,501,521,920,980,999
Po11 1,15,100-101,110,195,205,501,521,920,980,999
Po12 1,15,100-101,110,195,205,501,521,920,980,999

Port Vlans in spanning tree forwarding state and not pruned
Gi0/21 1,15,100-101,110,195,205,501,521,920,980,999
Gi0/48 1,980
Po10 1,15,100-101,110,195,205,501,521,920,980,999
Po11 1,15,100-101,110,195,205,501,521,920,980,999
Po12 1,15,100-101,110,195,205,501,521,920,980,999

And this is the edge switch at the primary location that is connecting the two sites with the layer 2 connection:

ED01-3750#sh vlan

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi1/0/8, Gi1/0/9, Gi1/0/11, Gi1/0/13, Gi1/0/14, Gi1/0/15, Gi1/0/16, Gi1/0/17, Gi1/0/18, Gi1/0/19
Gi1/0/20, Gi1/0/21, Gi1/0/22, Gi1/0/23, Gi1/0/25, Gi1/0/26, Gi1/0/27, Gi2/0/2, Gi2/0/8, Gi2/0/9
Gi2/0/10, Gi2/0/11, Gi2/0/12, Gi2/0/13, Gi2/0/19, Gi2/0/20, Gi2/0/21, Gi2/0/22, Gi2/0/23, Gi2/0/25
Gi2/0/26, Gi2/0/27, Gi2/0/28
490 cloudbridge active Gi2/0/16
511 ASA-INSIDE-VLAN active Gi1/0/1, Gi1/0/2, Gi1/0/3, Gi1/0/10, Gi2/0/1, Gi2/0/3
512 Edge-to-PA-inside active Gi1/0/4, Gi2/0/4
513 HA-Links-PA-ASA active Gi1/0/5, Gi1/0/6, Gi1/0/7, Gi2/0/5, Gi2/0/6, Gi2/0/7
777 VLAN0777 active
980 mpls-wan-net active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
490 enet 100490 1500 - - - - - 0 0
511 enet 100511 1500 - - - - - 0 0
512 enet 100512 1500 - - - - - 0 0
513 enet 100513 1500 - - - - - 0 0
777 enet 100777 1500 - - - - - 0 0
980 enet 100980 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0

Remote SPAN VLANs
------------------------------------------------------------------------------

Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------

ED01-3750#sh int tru
ED01-3750#sh int trunk

Port Mode Encapsulation Status Native vlan
Gi1/0/28 on 802.1q trunking 1

Port Vlans allowed on trunk
Gi1/0/28 1,980

Port Vlans allowed and active in management domain
Gi1/0/28 1,980

Port Vlans in spanning tree forwarding state and not pruned
Gi1/0/28 1,980

My guess is what you are looking at is to see if plan 15 is allowed through the trunks to get to the two sites. Looking at the switchport configs, only vlan 1 and 980 are allowed. Am I to guess that may be the problem? Vlan 980 is the network that I'm using to connect all the sites with the layer 2 network.

Here's the config for the two interfaces that connect the layer 2 WAN

Primary Site:

interface GigabitEthernet1/0/28
description xxxxxxx
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,980
switchport mode trunk
switchport nonegotiate
speed nonegotiate

interface Vlan980
description xxxxx
ip address 10.253.220.1 255.255.255.224

Secondary Site:

interface GigabitEthernet0/48
description xxxxxxxx
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,980
switchport mode trunk

interface Vlan980
description xxxxx
ip address 10.253.220.3 255.255.255.224

Thanks for the help!

Richard Burts · ‎06-22-2015

Thanks for the additional information. You are correct that the current problem is that vlan 15 is not allowed on the trunk at the edge switches. Add vlan 15 to the allowed list on the trunk on both edge switches and see if the behavior changes.

HTH

Rick

HTH

Rick

Ryan Fisher · ‎06-22-2015

ok, so the result is that didn't work. I added vlan 15 to the allowed trunk vlans on both switches and they still cannot ping each other.

Another interesting thing, is that I cannot ping the remote address 10.200.145.3 from any network locally. That kind of makes sense from the vlan perspective, because the local vlan 15 doesn't have anything at a .3 address, and I suppose it doesn't know about the .3 address at the remote site. Maybe because the hsrp packets still aren't flowing there.

However, if I shut down the local vlan 15 and force the hsrp to fail over to the remote site, it fails over and I can ping both the .1 virtual gateway and the .3 address from the local site.

Doesn't the fact that the plan fails over to the other site say that the hsrp is working? I mean, they know enough about each other to fail the vlan between the sites. I guess there's something blocking the hsrp packets still, though.

I guess I'm still at a loss as to what this could be. I'd appreciate any other suggestions you may have.

Thanks

Jon Marshall · ‎06-23-2015

Ryan

When you added the vlan to the trunks on both switches did you also add the vlan to the vlan database on the edge switch at your primary site ie. from your outputs that vlan is not in the vlan database on your primary edge switch.

If you didn't add it, can you, and then do a "sh standby brief" on both L3 switches and see what it shows.

Jon

Richard Burts · ‎06-23-2015

Jon makes a good point about being sure that the vlan has been defined and is in the database as well as adding it to the allowed list for the trunk.

It is interesting that you can not ping 10.200.145.3 and it supports my belief that the two sides are not talking to each other. When you shut down the interface HSRP is not working and is not really failing over. I believe that what is happening is that when you shut down the interface that the locally connected route is removed from the routing table. It probably leaves a route in the table to 10.200.145.0 as a remote subnet (or perhaps it is following the default route to get there). What do you see when you do show ip route while the interface is shut down?

The other thing that I would suggest is that while the interface is shut down to do traceroute 10.200.145.3. I suspect that the traceroute will show that you are following some other path to get to 10.200.145.3.

HTH

Rick

HTH

Rick

Ryan Fisher · ‎06-23-2015

Yes, thinking about what you said I would agree that that's probably what's happening with the routing changes.

With adding the vlan 15 on the edge switch, I'm assuming that I would only add the layer 2 vlan, not a layer 3 interface vlan?

thanks for the help!

Richard Burts · ‎06-23-2015

Yes on the edge switch you need the layer 2 vlan but do not need a layer 3 interface for that vlan.

HTH

Rick

HTH

Rick

Ryan Fisher · ‎06-23-2015

Sounds good. I will give that a try in a couple of hours.

Thanks!

Ryan Fisher · ‎06-23-2015

ok, so I created a layer 2 vlan 15 on the edge switch, but it didn't seem to make a difference. still same results as before.

VCORE-6506#sh standby
Vlan15 - Group 0
State is Active
23 state changes, last state change 00:01:47
Virtual IP address is 10.200.145.1
Active virtual MAC address is 0000.0c07.ac00
Local virtual MAC address is 0000.0c07.ac00 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.112 secs
Authentication text, string "xxxx"
Preemption enabled
Active router is local
Standby router is unknown
Priority 105 (configured 105)
Group name is "hsrp-Vl15-0" (default)

dr01-3560#sh standby

Vlan15 - Group 0
State is Active
14 state changes, last state change 17:47:23
Virtual IP address is 10.200.145.1
Active virtual MAC address is 0000.0c07.ac00
Local virtual MAC address is 0000.0c07.ac00 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.936 secs
Authentication text, string "BdLZ71"
Preemption disabled
Active router is local
Standby router is unknown
Priority 85 (configured 85)
Group name is "hsrp-Vl15-0" (default)

Also still cannot ping the remote side from the primary site. The routes are changing because of eigrp seeing the network at the other location which makes sense:

This is when the plan is shut down, route is pointing to edge switch which takes it to the remote site

VCORE-6506(config-if)#do sh ip route | i 10.200.145
D 10.200.145.0/24 [90/3328] via 10.200.253.1, 00:00:36, Port-channel100

Then to the edge:

SDED01-3750#sh ip route | i 10.200.145
D 10.200.145.0/24 [90/3072] via 10.253.220.3, 00:01:07, Vlan980

Which takes it to the remote location

I don't think I'm trying to do something that's too difficult, am I? One thing I'm wondering about is how I mentioned earlier if have the two sites be their own different vtp domains and their own vtp servers. Would this problem occur if both locations were vtp servers on different domains?

Thanks!

Richard Burts · ‎06-23-2015

It might be interesting to see the output of show vlan and show interface trunk from the edge switch.

It is certainly a possibility worth thinking about that the different VTP domains could impact this. Though if vlan 980 is working between the edge switch and the remote then I wonder why vlan 15 is impacted. Perhaps seeing a bit more of the config of the edge switch might shed some light.

HTH

Rick

HTH

Rick

Ryan Fisher · ‎06-23-2015

Ok, I'll probably just post the whole cleansed config of both the edge switch and the remote dr switch when I get a chance. You think I should post the config for the local core switch too? Would that help?

itll be a few hours until I can get that up.

thanks for helping out.

Richard Burts · ‎06-23-2015

For a start I would do the edge switch and the dr. We can look into the core later if it seems it would help.

And I still would like to see the output of show vlan and show interface trunk from the edge switch.

HTH

Rick

HTH

Rick

HSRP Over layer 2 WAN