Thanks for you response!

topology:

show cdp nei 

 

------------------ show cdp neighbor ------------------

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M - Two-port Mac Relay

Device ID Local Intrfce Holdtme Capability Platform Port ID

ISR-2 Gig 1/0/2 151 R S I ISR4431/K Gig 0/0/0
ISR-2 Gig 2/0/2 152 R S I ISR4431/K Gig 0/0/1
ISR-1 Gig 1/0/1 161 R S I ISR4431/K Gig 0/0/0
ISR-1 Gig 2/0/1 157 R S I ISR4431/K Gig 0/0/1

 

configuration on sw3650 :

!
interface Port-channel1
switchport access vlan 20
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface Port-channel2
switchport access vlan 20
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable

!
interface GigabitEthernet1/0/1
switchport access vlan 20
switchport mode access
channel-group 1 mode active
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/2
switchport access vlan 20
switchport mode access
channel-group 2 mode active
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/1
switchport access vlan 20
switchport mode access
channel-group 1 mode active
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/2
switchport access vlan 20
switchport mode access
channel-group 2 mode active
spanning-tree portfast
spanning-tree bpduguard enable
!

interface Vlan20
ip address 10.1.2.1 255.255.255.0
no ip redirects
no ip proxy-arp

 

ISR-1：
interface GigabitEthernet0/0/0
no ip address
negotiation auto
channel-group 1 mode active
!
interface GigabitEthernet0/0/1
no ip address
negotiation auto
channel-group 1 mode active

interface Port-channel1
ip address 10.1.2.252 255.255.255.0
no ip redirects
no ip proxy-arp
ip nat inside
standby version 2
standby 20 ip 10.1.2.254
standby 20 priority 120
standby 20 preempt
standby 20 track 1 decrement 30
negotiation auto

ISR-2：
interface GigabitEthernet0/0/0
no ip address
negotiation auto
channel-group 1 mode active
!
interface GigabitEthernet0/0/1
no ip address
negotiation auto
channel-group 1 mode active

interface Port-channel1
ip address 10.1.2.253 255.255.255.0
no ip redirects
no ip proxy-arp
ip nat inside
standby version 2
standby 20 ip 10.1.2.254
negotiation auto

 

I can see the ARP information of the ISR interface on the SW3650, and the Arp information of the 3650 SVI interface on the ISR.So I feel very strange, I do n’t know if you have encountered such a problem

Thanks for the additional information. The config seems ok. Can you clarify what is doing the ping that does not work?

 

One thing I did notice in the config, but do not believe it is related to your question. ISR 1 standby is doing track and would drop it priority based on something. ISR 2 standby does not include preempt. So even if ISR 1 drops its priority it will remain the active router for HSRP. For the track to be effective ISR 2 needs to have preempt enabled.

Yes, with regard to preemption, I noticed this problem. The problem I encountered is that I can't ping 10.1.2.252 or 10.1.2.253 from cat3650, and I use the port-channel IP address from ISR to ping Cat3650's Svi20 (10.1.2.1). Unable to achieve, but 10.1.2.252 and 10.1.2.253 can ping each other

Thanks for the additional information. Could you post the output of these commands on the switch

show vlan

show interface status

show arp

In addition to the outputs Richard is asking, can you also provide the output of "sh hsrp ?" (not exactly sure what is the command on the 4Ks) to make sure the 2 ASRs can actually see each other? 

HTH

HI Reza,

The HSRP running well now,and 10.1.2.252 can ping 10.1.2.253.

sorry for late reply

------------------ show vlan ------------------

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi1/0/3,Gi1/0/4,Gi1/0/5,Gi1/0/6,Gi1/0/7, Gi1/0/8, Gi1/0/9, Gi1/0/10, Gi1/0/11, Gi1/0/12, Gi1/0/13, Gi1/0/14, Gi1/0/15, Gi1/0/16, Gi1/0/17, Gi1/0/18, Gi1/0/19, Gi1/0/20, Gi1/0/21
Gi1/0/22, Gi1/0/23, Gi2/0/3,Gi2/0/4,Gi2/0/5,Gi2/0/6,Gi2/0/7, Gi2/0/8, Gi2/0/9, Gi2/0/10, Gi2/0/11, Gi2/0/12, Gi2/0/13, Gi2/0/14, Gi2/0/15, Gi2/0/16, Gi2/0/17, Gi2/0/18, Gi2/0/19
Gi2/0/20, Gi2/0/21, Gi2/0/22, Gi2/0/23
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
6 To_FW active Gi1/0/24, Gi2/0/24
20 ISR_HSRP active Po1, Po2

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0
6 enet 102008 1500 - - - - - 0 0
20 enet 102080 1500 - - - - - 0 0

Remote SPAN VLANs
------------------------------------------------------------------------------


Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------


------------------ show interfaces status ------------------

Port Name Status Vlan Duplex Speed Type
Gi1/0/1 connected 20 a-full a-1000 10/100/1000BaseTX
Gi1/0/2 connected 20 a-full a-1000 10/100/1000BaseTX
....
Gi2/0/1 connected 20 a-full a-1000 10/100/1000BaseTX
Gi2/0/2 connected 20 a-full a-1000 10/100/1000BaseTX
....

Po1 connected 20 a-full a-1000
Po2 connected 20 a-full a-1000



Cat3650#sho ip arp | in 10.1.2
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.1.2.1 - 00a5.bfbd.cc02 ARPA Vlan20
Internet 10.1.2.252 12 00a5.bf3d.5780 ARPA Vlan20
Internet 10.1.2.253 13 00a5.cf3d.bb80 ARPA Vlan20
Internet 10.1.2.254 8 00a5.cf3d.6b70 ARPA Vlan20

Thank you for the outputs. I find it very strange that the switch arp table has entries for the ISR physical interfaces and for the virtual interface, but the switch is not able to ping the ISR. As I look at the arp entries I notice that the mac address for the HSRP virtual address is very similar to the mac address of the physical interfaces and is not at all like the mac address that HSRP version 2 should be using. This makes me wonder if we are dealing with some issue for support of Etherchannel on the ISR routers.

Hi,

for testing, can you simply use one 2 physical interfaces and not use Portchannel at all and see if things improve? We are just trying to eliminate the Portchannel as the culprit.

HTH

Not sure if this is possible, because it involves changes

Sorry for that,I see it is normal, it may be that I have occupied another MAC address before, and accidentally replaced it with the VIP MAC address.

Cat3650#sho ip arp | in 10.1.2
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.1.2.1 - 00a5.bfbd.cc02 ARPA Vlan20
Internet 10.1.2.252 7 00a5.bf3d.5780 ARPA Vlan20
Internet 10.1.2.253 15 00a5.cf3d.bb80 ARPA Vlan20
Internet 10.1.2.254 11 0000.0c9f.f064 ARPA Vlan20