cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2296
Views
0
Helpful
10
Replies

HSRP problem with secondary IP group.

samarjitdas
Level 1
Level 1

Hi I have created two HSRP groups in a single VLAN but HSRP is showing slightly different behavior with second IP subnet than expected. The second group used with secondary IP subnet is taking active router IP address from primary IP subnet.

NTC-MSC-SW-01#sh run int vl60
Building configuration...

Current configuration : 283 bytes
!
interface Vlan60
description <<<CBC>>>
ip address 10.52.116.34 255.255.255.240 secondary
ip address 10.51.18.93 255.255.255.224
standby 60 ip 10.51.18.92
standby 60 priority 110
standby 60 preempt
standby 61 ip 10.52.116.33
standby 61 priority 110
standby 61 preempt
end

NTC-MSC-SW-01#sh standby vlan 60 60
Vlan60 - Group 60
  State is Active
  Virtual IP address is 10.51.18.92
  Active virtual MAC address is 0000.0c07.ac3c
    Local virtual MAC address is 0000.0c07.ac3c (v1 default)
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 0.576 secs
  Preemption enabled
  Active router is local
  Standby router is 10.51.18.94, priority 100 (expires in 8.720 sec)
  Priority 110 (configured 110)
  Group name is "hsrp-Vl60-60" (default)
NTC-MSC-SW-01#sh standby vlan 60 61
Vlan60 - Group 61
  State is Standby
    1 state change, last state change 1d22h
  Virtual IP address is 10.52.116.33
  Active virtual MAC address is 0000.0c07.ac3d
    Local virtual MAC address is 0000.0c07.ac3d (v1 default)
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 1.232 secs
  Preemption enabled
  Active router is 10.51.18.94, priority 120 (expires in 8.912 sec)
  Standby router is local
  Priority 110 (configured 110)
  Group name is "hsrp-Vl60-61" (default)

NTC-MSC-SW-01#sh run int vl60
Building configuration...

Current configuration : 283 bytes
!
interface Vlan60
description <<<CBC>>>
ip address 10.52.116.34 255.255.255.240 secondary
ip address 10.51.18.93 255.255.255.224
standby 60 ip 10.51.18.92
standby 60 priority 110
standby 60 preempt
standby 61 ip 10.52.116.33
standby 61 priority 110
standby 61 preempt
end

NTC-MSC-SW-01#sh standby vlan 60 60
Vlan60 - Group 60
  State is Active
  Virtual IP address is 10.51.18.92
  Active virtual MAC address is 0000.0c07.ac3c
    Local virtual MAC address is 0000.0c07.ac3c (v1 default)
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 0.576 secs
  Preemption enabled
  Active router is local
  Standby router is 10.51.18.94, priority 100 (expires in 8.720 sec)
  Priority 110 (configured 110)
  Group name is "hsrp-Vl60-60" (default)
NTC-MSC-SW-01#sh standby vlan 60 61
Vlan60 - Group 61
  State is Standby
    1 state change, last state change 1d22h
  Virtual IP address is 10.52.116.33
  Active virtual MAC address is 0000.0c07.ac3d
    Local virtual MAC address is 0000.0c07.ac3d (v1 default)
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 1.232 secs
  Preemption enabled
  Active router is 10.51.18.94, priority 120 (expires in 8.912 sec)
  Standby router is local
  Priority 110 (configured 110)
  Group name is "hsrp-Vl60-61" (default)

10 Replies 10

Joseph W. Doherty
Hall of Fame
Hall of Fame

The  Author of this posting offers the information contained  within this  posting without consideration and with the reader's  understanding that  there's no implied or expressed suitability or  fitness for any purpose.  Information provided is for informational  purposes only and should not  be construed as rendering professional  advice of any kind. Usage of this  posting's information is solely at  reader's own risk.

Liability Disclaimer

In   no event shall Author be liable for any damages whatsoever (including,   without limitation, damages for loss of use, data or profit) arising  out  of the use or inability to use the posting's information even if  Author  has been advised of the possibility of such damage.

Posting

Try adding the secondary keyword on both your devices.

e.g.

interface Vlan60

description <<>>

ip address 10.52.116.34 255.255.255.240 secondary

ip address 10.51.18.93 255.255.255.224

standby 60 ip 10.51.18.92

standby 60 priority 110

standby 60 preempt

standby 61 ip 10.52.116.33 secondary

standby 61 priority 110

standby 61 preempt

While tried to add secondary  keyword got the below error reported,

%HSRP-4-DUPVIP3: Vlan60 Grp 61 address 10.52.116.33 is already assigned to, or overlaps with, an address on another interface or application

Hence removed command standby 61 ip 10.52.116.33 totally and then put command standby 61 ip 10.52.116.33 secondary but HSRP pair didn't come up and ramained in learning stage.

Check the link below:

http://www.cisco.com/en/US/products/ps6600/prod_bulletin09186a00800a3d9e.html

According to this, you must configure the keyword 'secondary' on the standby ip for the secondary address range.

regards,

Leo

Hi I have configured as per the cisco doc. Below is the configuration. Can you see any problem with this configuration.If yes, please let me know how to configure two HSRP groups inside a single VLAN.

NTC-MSC-SW-01#sh run int vl60

Building configuration...

Current configuration : 283 bytes

!

interface Vlan60

description <<>>

ip address 10.52.116.34 255.255.255.240 secondary

ip address 10.51.18.93 255.255.255.224

standby 60 ip 10.51.18.92

standby 60 priority 120

standby 60 preempt

standby 61 ip 10.52.116.33

standby 61 priority 110

standby 61 preempt

end

NTC-MSC-SW-02#sh run int vl60

Building configuration...

Current configuration : 293 bytes

!

interface Vlan60

description <<>>

ip address 10.51.18.94 255.255.255.224 secondary

ip address 10.52.116.35 255.255.255.240

standby 60 ip 10.51.18.92 secondary

standby 60 priority 110

standby 60 preempt

standby 61 ip 10.52.116.33

standby 61 priority 120

standby 61 preempt

end

HSRP status in both switches after this configuration:

NTC-MSC-SW-01#sh standby brief

                     P indicates configured to preempt.

                     |

Interface   Grp  Pri P State   Active              Standby         Virtual IP

Vl60        60   120 P Active  local                unknown         10.51.18.92

Vl60        61   110 P Standby 10.52.116.35    local             10.52.116.33

Vl60        60   110 P Learn   10.51.18.93     unknown         unknown

Vl60        61   120 P Active  local           10.51.18.93     10.52.116.33

You messed it up quite a bit.

First of all, the secondary subnet ranges are inconsistent and the same holds true for hsrp.

When 10.52.116 is secondary on one router, it should also be secondary on the other.

Then configure hsrp accordingly and use the 'secondary' keyword on the secondary ip range.

regards,

Leo

I have made the secondary subnet consistent in both the switches but now HSRP pair has not come up for that group.

NTC-MSC-SW-01#sh run int vl60

Building configuration...

Current configuration : 293 bytes

!

interface Vlan60

description <<>>

ip address 10.52.116.34 255.255.255.240 secondary

ip address 10.51.18.93 255.255.255.224

standby 60 ip 10.51.18.92

standby 60 priority 120

standby 60 preempt

standby 61 ip 10.52.116.33 secondary

standby 61 priority 110

standby 61 preempt

NTC-MSC-SW-02#sh run int vl60

Building configuration...

Current configuration : 220 bytes

!

interface Vlan60

ip address 10.52.116.35 255.255.255.240 secondary

ip address 10.51.18.94 255.255.255.224

standby 60 ip 10.51.18.92

standby 60 preempt

standby 61 ip 10.52.116.33 secondary

standby 61 preempt

end

Status in both switches:

Vl60        61   110 P Learn   unknown         unknown         unknown

And group 60 is working correctly now?

Othwerwise I would suspect a connectivity issue.

You may want to check this link on troubleshooting:

http://www.cisco.com/en/US/partner/tech/tk648/tk362/technologies_tech_note09186a0080094a91.shtml#hsrpop

Yes Group 60 is working correctly.

When checking the 'Learn' state here:

http://www.cisco.com/en/US/partner/tech/tk648/tk362/technologies_tech_note09186a0080094afd.shtml#topic13

It says:

Learn The router has not determined the virtual IP address and has not yet seen an authenticated hello message from the active router. In this state, the router still waits to hear from the active router

When the router cannot determine the virtual ip, this may mean the feature is not supported on your hardware or IOS.

Have you verified compliance?

regards,

Leo

As per me when the standby IP address is configured with secondary keyword,the  router can not determine the virtual IP address which I can see from  the behavior of my switch. Immedidately after removing secondary keyword  it jumps to listening.

Review Cisco Networking for a $25 gift card