already part of the configs. I need to know how to influence spanning-tree when HSRP state changes if possible.

Francisco.

yeah the trunk is allowing vlan 175. when CORE2 becomes the active, from access1 the port towards CORE1 is still in forwarding state and cannot ping any other vlans from access1.

configs

Core1

spanning-tree vlan 175 8192

interface Vlan175

description ServerManagement_Vlan

ip address 192.168.175.253 255.255.255.0

no ip redirects

arp timeout 300

standby 175 ip 192.168.175.254

standby 175 timers 1 3

standby 175 priority 115

standby 175 preempt delay minimum 60

standby 175 authentication secret

Interface Grp Prio P State Active addr Standby addr Group addr

Vl175 175 115 Active local 192.168.175.252 192.168.175.254

Core2

spanning-tree vlan 175 16384

interface Vlan175

description NetworkManagement_Vlan

ip address 192.168.175.252 255.255.255.0

no ip redirects

arp timeout 300

standby 175 ip 192.168.175.254

standby 175 timers 1 3

standby 175 priority 110

standby 175 preempt

standby 175 authentication secret

Interface Grp Prio P State Active addr Standby addr Group addr

Vl175 175 110 Standby 192.168.175.253 local 192.168.175.254

You need to look at your STP when this happens. Which port as blocked and which are active.

I'm assuming the other vlans are connected to both switches and they too are running HSRP ?

I have used this design in so many networks. It shouldn't matter that the HSRP active and STP root don't match, that is what the L2 trunk between the cores is for.

Can you confirm what happens to that L2 trunk when the HSRP gateway switches across.

Jon

HSRP active for the other vlans.

The way i tested it was to shut down the vlan 175 on CORE1 and CORE2 became the active. even though the VLAN 175 is down, the access1 and CORE1 still exchanging BPDU's on gi0/1 from acecss1 so STP still use that port as forwarding and i can still see the vlan 175 mac address on gi0/1 towards CORE1

Yes, that's fine. It still should work. When you say shutdown the vlan you mean shut down the L3 vlan interface on CORE1 ?

Jon

yes

i dont think there is any interaction between STP and HSRP.

Francsico.

When you shut down vlan 175 interface on CORE1 -

1) what address are you trying to ping from access1

2) when you do "sh spanning-tree vlan 175" on both CORE switches what are they showing.

3) what do the arp and mac-address tables show on CORE1/CORE2 and access1

Jon

Jon,

let me collect all the information and i will let you know.

Francisco

Hi,

First you remove the preempt comaand from CS_02. keep it only on CS_01. then check with output.and one more thing there is no connection between HSRP and STP both are work differently.

Just want to add an expereince of mine with HSRP i will try to test it again maybe if can help you.

In HSRP i defined the tracking of an interface. To check i shutdown the interface instead of pulling out the cable. I was not able to ping(i dont remember whether state was changed or not). Then i pulled the cable instead of shuting down the interface. The link was working.So for HSRP shut down that interface has different meaning then pulling out the cable.

You are also testing by shutting down the vlan 175, it doesnot mean that link is down as trunk can carry all vlan(if allowed) so your Gi0/1 is exchanging BPDU if there is still traffic over it.

If it is NOT YOUR PRODUCTION NETWORK u can test by pulling out the cable whether the setup behaves in the same way.

I have 2600 router will try to test the same thing. If i am able to test before you will let you know.

Hi..

Both the STP and HSRP working diferently.Even though the Core-2 is active, the packet has to come to Core-1 and then Core-2.If its not happening , then check all the VLANs are allowed on the trunk between Core-1 and Core-2.Ideally it should work.