Need Help with HSRP on Cisco 2911

thepcguy86 · ‎07-02-2014

I work for a non-for-profit, and we have a Cisco 2911 that is having some major redundancy issues. We have Frontier Fiber over Ethernet and as a backup Frontier DSL. The Frontier Fiber is the primary, and should be working all the time.

The HSRP is switching to the DSL all the time and is never using the fiber connection. I have connected the fiber connection to my MacBook and have verified that there is no connection issue with the Fiber Internet.

I am not even sure where to start to troubleshoot this issue. Can anyone provide some assistance? I am unable to post my configuration on this board, but will be more than happy to share it with anyone who may be able to help as it is dropping our connection multiple times a day.

Eduard Gheorghiu · ‎07-03-2014

Hi,

You do have two routers, right? Otherwise HSRP cannot help. You should share the relevant parts of the config so that other users of this community may benefit from the provided solution.

Thanks, kind regards

Eduard Gheorghiu

thepcguy86 · ‎07-03-2014

This is our configuration as of right now:

version 12.4

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname Lolly-2811

!

boot-start-marker

boot system disk0:/c2800nm-adventerprisek9-mz.124-20.T6.bin

boot system flash:/c2800nm-adventerprisek9-mz.124-20.T6.bin

boot-end-marker

!

logging message-counter syslog

logging buffered 16384

!

no aaa new-model

clock timezone EST -5

clock summer-time SUM recurring

!

dot11 syslog

ip source-route

!

ip cef

!

ip domain name net.lollypop.org

ip name-server 184.9.51.33

no ipv6 cef

!

multilink bundle-name authenticated

!

voice-card 0

no dspfarm

!

archive

log config

hidekeys

!

ip ssh logging events

!

track 10 ip sla 10 reachability

!

track 20 ip sla 20 reachability

!

interface FastEthernet0/0

description Uplink to Frontier Fiber - 184.9.51.32/30

ip address 184.9.51.34 255.255.255.252

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/1

description Lollypop LAN

ip address 172.16.20.2 255.255.255.0

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/2/0

description Uplink to Frontier DSL - 50.122.220.240/29

ip address 50.122.220.242 255.255.255.248

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

router rip

version 2

network 10.0.0.0

network 66.0.0.0

network 172.16.0.0

network 184.9.0.0

network 192.168.50.0

neighbor 172.16.20.1

no auto-summary

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 184.9.51.33 track 10

ip route 0.0.0.0 0.0.0.0 50.122.220.241 20

ip route 4.2.2.1 255.255.255.255 50.122.220.241 permanent

ip route 4.2.2.2 255.255.255.255 184.9.51.33 permanent

ip route 10.0.0.0 255.255.255.0 172.16.20.1

ip route 172.16.45.0 255.255.255.0 192.168.50.101

no ip http server

no ip http secure-server

!

ip dns server

ip nat inside source route-map NAT-PRIMARY interface FastEthernet0/0 overload

ip nat inside source route-map NAT-SECONDARY interface FastEthernet0/2/0 overload

ip nat inside source static tcp 192.168.50.101 1194 66.155.174.30 1194 extendable

ip nat inside source static udp 192.168.50.101 1194 66.155.174.30 1194 extendable

ip nat inside source static tcp 192.168.50.1 443 66.155.174.30 8002 extendable

ip nat inside source static tcp 192.168.50.101 443 66.155.174.30 8004 extendable

ip nat inside source static tcp 192.168.50.101 22 66.155.174.30 8010 extendable

ip nat inside source static tcp 10.0.0.254 143 184.9.51.34 143 extendable

ip nat inside source static tcp 172.16.20.1 443 184.9.51.34 443 extendable

ip nat inside source static tcp 192.168.50.12 554 184.9.51.34 554 extendable

ip nat inside source static tcp 192.168.50.101 1194 184.9.51.34 1194 extendable

ip nat inside source static udp 192.168.50.101 1194 184.9.51.34 1194 extendable

ip nat inside source static udp 10.0.0.254 2080 184.9.51.34 2080 extendable

ip nat inside source static udp 10.0.0.254 2088 184.9.51.34 2088 extendable

ip nat inside source static tcp 10.0.0.254 5060 184.9.51.34 5060 extendable

ip nat inside source static udp 10.0.0.254 5060 184.9.51.34 5060 extendable

ip nat inside source static tcp 192.168.50.1 443 184.9.51.34 8002 extendable

ip nat inside source static tcp 192.168.50.101 443 184.9.51.34 8004 extendable

ip nat inside source static tcp 192.168.50.101 22 184.9.51.34 8010 extendable

ip nat inside source static tcp 192.168.50.12 8080 184.9.51.34 8080 extendable

ip nat inside source static tcp 10.0.0.254 8081 184.9.51.34 8081 extendable

ip nat inside source static udp 10.0.0.254 15000 184.9.51.34 15000 extendable

ip nat inside source static udp 10.0.0.254 15001 184.9.51.34 15001 extendable

ip nat inside source static udp 10.0.0.254 15002 184.9.51.34 15002 extendable

ip nat inside source static udp 10.0.0.254 15003 184.9.51.34 15003 extendable

ip nat inside source static udp 10.0.0.254 15004 184.9.51.34 15004 extendable

ip nat inside source static udp 10.0.0.254 15005 184.9.51.34 15005 extendable

ip nat inside source static udp 10.0.0.254 15006 184.9.51.34 15006 extendable

ip nat inside source static udp 10.0.0.254 15007 184.9.51.34 15007 extendable

ip nat inside source static udp 10.0.0.254 15008 184.9.51.34 15008 extendable

ip nat inside source static udp 10.0.0.254 15009 184.9.51.34 15009 extendable

ip nat inside source static udp 10.0.0.254 15010 184.9.51.34 15010 extendable

ip nat inside source static udp 10.0.0.254 15011 184.9.51.34 15011 extendable

ip nat inside source static tcp 172.16.20.1 50443 184.9.51.34 50443 extendable

!

ip sla 10

icmp-echo 4.2.2.2 source-interface FastEthernet0/0

timeout 10000

frequency 30

ip sla schedule 10 life forever start-time now

ip sla 20

icmp-echo 4.2.2.1 source-interface FastEthernet0/2/0

timeout 2000

frequency 6

ip sla schedule 20 life forever start-time now

logging 192.168.50.150

access-list 101 permit ip 172.16.31.0 0.0.0.255 any

access-list 199 permit ip 172.16.0.0 0.0.255.255 any

access-list 199 permit ip 192.168.50.0 0.0.0.255 any

access-list 199 permit ip 10.0.0.0 0.0.0.255 any

!

route-map NAT-SECONDARY permit 10

match ip address 199

match interface FastEthernet0/2/0

!

route-map NAT-PRIMARY permit 10

match ip address 199

match interface FastEthernet0/0

!

route-map PBR permit 10

match ip address 101 12

set ip next-hop verify-availability 50.122.220.241 1 track 1

!

control-plane

!

line con 0

logging synchronous

login local

line aux 0

privilege level 15

login local

line vty 0 4

exec-timeout 60 0

privilege level 15

login local

transport input ssh

line vty 5 15

exec-timeout 60 0

privilege level 15

login local

transport input ssh

!

scheduler allocate 20000 1000

ntp server 192.168.50.5

ntp server 130.207.244.240

Eduard Gheorghiu · ‎07-03-2014

It looks like a valid config. The main route depends on the result of the IP SLA connectivity test as configured bellow:

ip sla 10
icmp-echo 4.2.2.2 source-interface FastEthernet0/0
timeout 10000
frequency 30

ip route 0.0.0.0 0.0.0.0 184.9.51.33 track 10

track 10 ip sla 10 reachability

You basically send a ping every 30 seconds to 4.2.2.2. Is this reachable from your location?

Please include the outputs for:

show track 10

show ip sla 10 statis

Thanks,

Eduard

thepcguy86 · ‎07-03-2014

We are unable to access the fiber connection, we are only currently working off of the 5M DSL Connection in a building with 150 people.

Lolly-2811#sho track 10

Track 10

IP SLA 10 reachability

Reachability is Down

2 changes, last change 02:19:25

Latest operation return code: Timeout

Tracked by:

STATIC-IP-ROUTING 0

show ip sla 10 statis is not coming up with anything.