02-01-2007 07:46 AM - edited 03-05-2019 02:06 PM
Attached is a topology in one of our offices.
The network was running fine till today where my HSRP failed for a pair of routers and produced the following logs
2/1/2007 10:45 Local1.Warning 172.16.102.31 1407: 19w4d: %HSRP-4-DIFFVIP1: FastEthernet0/0 Grp 1 active routers virtual IP address 169.191.135.1 is different to the locally configured address 172.16.102.30
2/1/2007 10:24 Local7.Error 172.16.102.32 2161: 35w0d: %AMDP2_FE-3-RXOVERFLO: FastEthernet0/0 Rx FIFO Overflow
2/1/2007 10:45 Local7.Info 172.16.102.32 2163: 35w0d: %HSRP-6-STATECHANGE: FastEthernet0/0 Grp 1 state Active -> Speak
2/1/2007 10:45 Local7.Warning 172.16.102.32 2164: 35w0d: %HSRP-4-DIFFVIP1: FastEthernet0/0 Grp 1 active routers virtual
2/1/2007 10:45 Local7.Warning 172.16.102.32 2165: IP address 169.191.135.1 is different to the locally configured
2/1/2007 10:45 Local7.Warning 172.16.102.32 2166: address 172.16.102.30
2/1/2007 10:46 Local7.Warning 172.16.102.32 2167: 35w0d: %HSRP-4-DIFFVIP1: FastEthernet0/0 Grp 1 active routers virtual
2/1/2007 10:46 Local7.Warning 172.16.102.32 2168: IP address 169.191.135.1 is different to the locally configured
2/1/2007 10:46 Local7.Warning 172.16.102.32 2169: address 172.16.102.30
Would like to know whether using the same group number was the culprit.
The reason why i am puzzled is because the network was running fine since its implementation for the past 6 months
Narayan
02-01-2007 09:04 AM
Hi Narayan,
juz go to command lookup tool, which will give you a clear explanation, rather than me juz copying it & pasting it.
just type the error message one by one, it will give clear picture about the probs.
https://www.cisco.com/cgi-bin/Support/OutputInterpreter/home.pl
you need to login
02-01-2007 09:18 AM
Anand,
I had done that. THe network as you see is a total flat network and hence does not invlove any loops and hence i am a little confused.
Narayan
08-12-2016 08:29 AM
I had similar issue but it was glbp and found out that, there interface ip address range was different from the gateway. Immediately I changed the gateway to the right ip it worked.
EDT: %GLBP-4-DIFFVIP1: VlanXXXX Grp XXX active routers virtual -IP address 10.X.X.1 is different to the locally configured address 10.X.X.1
02-01-2007 09:19 AM
I believe you should use different HSRP group numbers for each network. HSRP doesn't like that a VIP is on a different network.
2/1/2007 10:45 Local1.Warning 172.16.102.31 1407: 19w4d: %HSRP-4-DIFFVIP1: FastEthernet0/0 Grp 1 active routers virtual IP address 169.191.135.1 is different to the locally configured address 172.16.102.30
If you sent the HSRP interface configs, that would help.
02-01-2007 11:02 PM
The routers conencting to MPLS are in the 172.16.102.0 subnet - VLAN 1 and the routers connecting to Tigers client is in 169.191.135.0 subnet which is vlan 9.
Here is what i would like to know..
Now HSRP sends it hello packets to the address 224.0.0.2. So does the hello sent by the routers in VLAN 9 ia also received by routers in VLAN 1.
Since the entire setup was working fine, i am still wondering how did this hello leak to the other VLAN. This actually brought the network down.
Here is the relevant HSRP config of the routers
MPLS routers
R1
interface FastEthernet0/0
ip address 172.16.102.32 255.255.254.0
no ip redirects
no ip proxy-arp
speed 100
full-duplex
no cdp enable
standby 1 ip 172.16.102.30
standby 1 priority 100
standby 1 preempt
standby 1 track FastEthernet0/1
interface FastEthernet0/0
ip address 172.16.102.31 255.255.254.0
no ip redirects
no ip proxy-arp
speed 100
full-duplex
no cdp enable
standby 1 ip 172.16.102.30
standby 1 priority 100
standby 1 preempt
standby 1 track FastEthernet0/1
Tiger client routers
interface FastEthernet0/0
ip address 169.191.135.2 255.255.255.0
no ip redirects
no ip proxy-arp
speed 100
full-duplex
no cdp enable
standby 1 ip 169.191.135.1
standby 1 priority 100
standby 1 preempt
standby 1 track serial 0/0
interface FastEthernet0/0
ip address 169.191.135.3 255.255.255.0
no ip redirects
no ip proxy-arp
speed 100
full-duplex
no cdp enable
standby 1 ip 169.191.135.1
standby 1 priority 100
standby 1 preempt
standby 1 track serial 0/0
MPLS routers are connected to switch ports in VLAN1 and tigers routers are connected to VLAN9
Narayan
10-17-2008 07:06 AM
I'm not sure if you have found the issue. We had the same problem in our network. What happened to us is that two ports on different VLANS were connected to a hub.
Both VLANS became unavailable because both layer 3 switches went crazy on deciding who would have the VIP.
Now, since that can happen again very easily I want to find out how to avoid that a connection like this could bring the network down. What I would like is that the ports involved in a situation like this to be blocked.
Could that be possible?
Regards,
-Juan Karlo
10-18-2008 01:17 PM
Hello Juan,
I think that using HSRP authentication with different key in each group/Vlan could help to make each router discard unwanted packets they should be ignored before discussing about the VIP address.
One thing to be checked is that if there are switch ports not hardcoded to be access ports (switchport mode access) they can negotiate a trunk and make to communicate two vlans if they have a native vlan mismatch.
We had a case like this in our DMZ.
Hope to help
Giuseppe
10-21-2008 11:59 AM
Your priority is set to 100 (default) on both interfaces in both groups and you have it set to preempt. While I don't know if this was the cause of your problem, there have been cases where this can cause unpredictable behavior having the priorities the same and there is a problem determining who is active and who is stanby. Raise the priority to 110 on one of the interfaces on each router.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide