Solved: Re: HSRP

eslam.farag · ‎03-09-2019

You apply a new inbound access list to routers, blocking UDP packets to the HSRP group. Which two
effects does this action have on the HSRP group process? (Choose two.)

A. HSRP redundancy works as expected
B. HSRP redundancy fails
C. The active router immediately becomes the standby router.
D. Both the active and standby routers become active.
E. The routers in the group generate duplicate IP address warnings

luis_cordova · ‎03-09-2019

Hi @eslam.farag ,

In my opinion, the answers correspond:

B and D

The routers, when they stop receiving the HSRP messages, the group is undone, leaving the two as active, this also causes the redundancy to be lost.

Remember to mark the correct answers as solved, since that helps other users with similar doubts

Regards

View solution in original post

Georg Pauwen · ‎03-09-2019

Hello,

answers B and D. Out of curiosity I did this in GNS3, here are the results:

R1

!

interface GigabitEthernet0/0
ip address 192.168.1.1 255.255.255.0
standby 1 ip 192.168.1.3
standby 1 priority 110
standby 1 preempt

R2

!

interface GigabitEthernet0/0
ip address 192.168.1.2 255.255.255.0
standby 1 ip 192.168.1.3

R1#show standby

GigabitEthernet0/0 - Group 1
State is Active
2 state changes, last state change 00:14:05
Virtual IP address is 192.168.1.3
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.776 secs
Preemption enabled
Active router is local
Standby router is 192.168.1.2, priority 100 (expires in 9.776 sec)
Priority 110 (configured 110)
Group name is "hsrp-Gi0/0-1" (default)

R2#show standby

R2#sh standby
GigabitEthernet0/0 - Group 1
State is Standby
7 state changes, last state change 00:01:28
Virtual IP address is 192.168.1.3
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.872 secs
Preemption disabled
Active router is 192.168.1.1, priority 110 (expires in 10.656 sec)
Standby router is local
Priority 100 (default 100)
Group name is "hsrp-Gi0/0-1" (default)

After applying the access list:

access-list 101 deny udp host 224.0.0.2 any eq 1985
access-list 101 deny udp host 224.0.0.102 any eq 1985
access-list 101 deny udp any host 224.0.0.2 eq 1985
access-list 101 deny udp any host 224.0.0.102 eq 1985
access-list 101 permit ip any any

R1

!

interface GigabitEthernet0/0
ip address 192.168.1.1 255.255.255.0

ip access-group 101 in
standby 1 ip 192.168.1.3
standby 1 priority 110
standby 1 preempt

R2

!

interface GigabitEthernet0/0
ip address 192.168.1.2 255.255.255.0

ip access-group 101 in
standby 1 ip 192.168.1.3

R1#show standby

GigabitEthernet0/0 - Group 1
State is Active
2 state changes, last state change 00:16:39
Virtual IP address is 192.168.1.3
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.696 secs
Preemption enabled
Active router is local
Standby router is unknown
Priority 110 (configured 110)
Group name is "hsrp-Gi0/0-1" (default)

R2 Console

*Mar 9 18:16:41.248: %HSRP-5-STATECHANGE: GigabitEthernet0/0 Grp 1 state Standby -> Active

R2#show standby

GigabitEthernet0/0 - Group 1
State is Active
8 state changes, last state change 00:00:50
Virtual IP address is 192.168.1.3
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.112 secs
Preemption disabled
Active router is local
Standby router is unknown
Priority 100 (default 100)
Group name is "hsrp-Gi0/0-1" (default)

View solution in original post

Jaderson Pessoa · ‎03-09-2019

ou apply a new inbound access list to routers, blocking UDP packets to the HSRP group. Which two
effects does this action have on the HSRP group process? (Choose two.)

A. HSRP redundancy works as expected
B. HSRP redundancy fails
C. The active router immediately becomes the standby router.
D. Both the active and standby routers become active.
E. The routers in the group generate duplicate IP address warnings

I believe the incoming ACL might be blocking the HSRP packets.

Don't forget they are sent to a multicast (224.0.0.2, if I remember correctly) destination IP address.

Jaderson Pessoa
*** Rate All Helpful Responses ***

luis_cordova · ‎03-09-2019

Hi @eslam.farag ,

In my opinion, the answers correspond:

B and D

The routers, when they stop receiving the HSRP messages, the group is undone, leaving the two as active, this also causes the redundancy to be lost.

Remember to mark the correct answers as solved, since that helps other users with similar doubts

Regards

Georg Pauwen · ‎03-09-2019

Hello,

answers B and D. Out of curiosity I did this in GNS3, here are the results:

R1

!

interface GigabitEthernet0/0
ip address 192.168.1.1 255.255.255.0
standby 1 ip 192.168.1.3
standby 1 priority 110
standby 1 preempt

R2

!

interface GigabitEthernet0/0
ip address 192.168.1.2 255.255.255.0
standby 1 ip 192.168.1.3

R1#show standby

GigabitEthernet0/0 - Group 1
State is Active
2 state changes, last state change 00:14:05
Virtual IP address is 192.168.1.3
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.776 secs
Preemption enabled
Active router is local
Standby router is 192.168.1.2, priority 100 (expires in 9.776 sec)
Priority 110 (configured 110)
Group name is "hsrp-Gi0/0-1" (default)

R2#show standby

R2#sh standby
GigabitEthernet0/0 - Group 1
State is Standby
7 state changes, last state change 00:01:28
Virtual IP address is 192.168.1.3
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.872 secs
Preemption disabled
Active router is 192.168.1.1, priority 110 (expires in 10.656 sec)
Standby router is local
Priority 100 (default 100)
Group name is "hsrp-Gi0/0-1" (default)

After applying the access list:

access-list 101 deny udp host 224.0.0.2 any eq 1985
access-list 101 deny udp host 224.0.0.102 any eq 1985
access-list 101 deny udp any host 224.0.0.2 eq 1985
access-list 101 deny udp any host 224.0.0.102 eq 1985
access-list 101 permit ip any any

R1

!

interface GigabitEthernet0/0
ip address 192.168.1.1 255.255.255.0

ip access-group 101 in
standby 1 ip 192.168.1.3
standby 1 priority 110
standby 1 preempt

R2

!

interface GigabitEthernet0/0
ip address 192.168.1.2 255.255.255.0

ip access-group 101 in
standby 1 ip 192.168.1.3

R1#show standby

GigabitEthernet0/0 - Group 1
State is Active
2 state changes, last state change 00:16:39
Virtual IP address is 192.168.1.3
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.696 secs
Preemption enabled
Active router is local
Standby router is unknown
Priority 110 (configured 110)
Group name is "hsrp-Gi0/0-1" (default)

R2 Console

*Mar 9 18:16:41.248: %HSRP-5-STATECHANGE: GigabitEthernet0/0 Grp 1 state Standby -> Active

R2#show standby

GigabitEthernet0/0 - Group 1
State is Active
8 state changes, last state change 00:00:50
Virtual IP address is 192.168.1.3
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.112 secs
Preemption disabled
Active router is local
Standby router is unknown
Priority 100 (default 100)
Group name is "hsrp-Gi0/0-1" (default)