cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
16682
Views
10
Helpful
13
Replies

Problem in HSRP - Standby IP can't ping from standby device - Pls help

Dear Experts,

hi...!!!!

I am facing a very strange Problem.

I have configured all the devices as shown in topology and configuration.

Part B is older Network which is working on Static Routing and Part A is newer Network which need to be using Dynamic Routing.I have used OSPF for the same.

HSRP is working ok. But I have found that I can not ping standby ip fron the device where the specified vlan is in standby or otherthan active state.

e.g.

on CORE - 1

Vlan 2 is Active and on rest of COREs this vlan is either in Standby or Listen  state.

In this case I can not ping standby ip i.e. 10.24.100.1 from CORe - 2 , CORE - 3, CORE - 4 where vlan 2 is not active.

Also I have found that HSRP is changing its state continusly after some time.

I have also tried the same by doing all the topology using Dynamic Routing but the result is same.

Please help to resolve this issue.

Or Please suggest what can I do in this topology so that I can resolve or improve the performance.

Please find the attached config and topology for your refference.

Your reply will be very helpful for me.

Pls reply.

Regards,

13 Replies 13

kyukim
Cisco Employee
Cisco Employee

Hi,

1. Mostly, HSRP is providing default gateway redundancy for end devices, like PC or servers, so that end devices points virtual HSRP IP address as their default gateway and end devices can always go out to other subnets even if one router failed.

RFC mentioned as.

HSRP is not intended as a replacement for existing dynamic router discovery mechanisms 
and those protocols should be used instead whenever possible [1]

2. So, you should configure HSRP on Distribution SW for access vlans, not in core.

    Sometimes, I see some customer configure HSRP for routing redundancy but it is not a good practice.

    Routing protocol provides better redundancy for L3 connections.

    For redundancy for CORE and Distributions, you should just rely on OSPF protocol..

Here is a good document for how you should design 3 Tier networks.

http://www1.cisco.com/en/US/docs/solutions/Enterprise/Data_Center/DC_Infra2_5/DCInfra_1.html

KK.

Dear Kyuhwan Kim,

Thanks for the reply.

So what should I do?

I can not change anything in Past B , Dist - 1 and Dist - 2 existing scenario.

Yes I can add any config which will not disturbed existing network.

But I can do anything in Part A , Dist 3 and Dist 4.

Is there any problem in my configuration?

Can guide me step by step migration process for this scenario>

Pls help.

Regards,

VLAN 1, 3 and 4 all have the same HSRP Group ID of "3".  This discrepancy should be evident in the "sh logs".

Same HSRP group id is ok for multiple int although CISCO recommends different group ID for each int.

Q. What is the implication of the use of the same HSRP group ID on multiple interfaces?

A. When you define the same HSRP group ID on multiple interfaces, they all share the same HSRP virtual MAC address. In most modern LAN switches, there are no issues because they maintain a per-VLAN MAC address table. However, if your network contains any third party switches which maintain a system-wide MAC address table regardless of VLAN, you may experience problems.

KK

kyukim
Cisco Employee
Cisco Employee

hi, Sweetu.

I think it is better to remove HSRP in your cores and rely on OSPF.

What is the purpose of running HSRP on vlan2 of all 4 core switches?

On your DIST switches, are you put static route pointing to HSRP Standby address for which destination subnet?

If you post sh run from all cores and all distribution, it is easy for me to understand why you are using HSRP in core.

If you can't, just post sh run | i ip route from dist and core switches.

Also, check sh ip arp vlan2 on CORE SW that can't ping standby IP address to see they learn virtual mac for standby IP address correctly.

KK.

Hi...Kyuhwan Kim,

Thanks for the reply.

I am attaching the sh run, sh ip route and sh standby brief outout in attached .rar file.

I have added standby use-bia in all of the vlan intervaces. yet I am facing the same problem.I am testing all these on GNS3. with 3640 IOS and 16 port Fastethernet module.

You are talking about L3 links on BORE layer. Can you suggest which links should I confgure as L3 links and can you suggest me sample config for atleast one CORE switch?

I have also read the same thing on cisco site. but can't find any sample config for the same.

Reply soon

Regards,

hi, Sweetu.

So, it looks like you are testing in lab with 3640 emulation.

In Core Switches, you should connect them as all L3.

Usually, we do this by configuring interface as L3 interface by "no switchport" and "ip add xxxx"

In you case, 3640's SW module port can't be L3 port, so create several vlans and SVIs.

For example, create vlan 12 for CORE1 and CORE2 connection, put ports that connects SW1 and SW2 into vlan 12 and create int vlan 12 on both SW1 and SW2 and assign ip address like 10.1.12.x/30.

So, all CORE connections are L3 by different SVI and advertise this SVI into OSPF.

CORE1 f0/10--------f0/10 CORE2

core1

Create vlan 10 in vlan database

conf t

int f0/10

sw acc vl 10

int vlan 10

ip add 10.1.12.1 255.255.255.252

router ospf 1

net 10.1.12.1 0.0.0.0 area 0

core2

Create vlan 10 in vlan database

conf t

int f0/10

sw acc vl 10

int vlan 10

ip add 10.1.12.2 255.255.255.252

router ospf 1

net 10.1.12.2 0.0.0.0 area 0

Same for CORE to Distribution connection, create a vlan and assign connected port to this vlan and create interface vlan with IP address for each connection.

CORE-CORE - L3

CORE-DIST - L3

DIST- Access - L2, and create interface vlan for acccess vlan on DIST

KK

Hi Sweetu Patel,

I created your diagram in GNS3 & configured the Core & Dis A switches using your config.

I also experienced the same problem & I found the solution for the problem.

Solution:

Lets take Core switches.

Shut down all the trunk links in Core01, Core03 & Core04.

Then you can see that Core02 switch become the HSRP active & then you can ping the HSRP Virtual IP Address frm Core02 switch.

After start the trunk links in the Core01 switch & you can see that Core01 & Core02 switches speak & Core01 become HSRP active again.

After few secs, you can see that you can ping the HSRP virtual ip address from both Core 01 & Core 02 switches.

Then you can enable the uplinks in Core03 & you can see that you can ping the HSRP Virtual IP Address.

Do the same for Core 04.

You can continue same way for Dist A switches also..

Like that you can fix this problem easily.

I attached the GNS3 lab which I created to fix your problem.

I only configured Core Switches & Dist A switches.

Hope this will help you to fix the problem.

Best Regards,

Dasuntha

Dear Dashuntha,

Thanks for creating LAB on GN3 for my issue.

But I have also checked the same thing nd even it'working. If will shutdown all the vlan interface from all the CORE than enable one by one than also it will work. But the concern is why this was happening?

I have found the solution for the same and is there in the configuration stadby use-bia.

After applying this on all vlan interface that problem is resolved now.

My concern is will be the same issue come on real switches? IF yes than this will not be a good topology for the stable network as to use stand use-bia is not recomended by CISCO.

Than in this case which will the best practice to implement?

Again thanks for sparing your time.

Regards,

Hi KK,

Thanks for the Reply...

I have done the same thing in the post config. I have used Vlan 2 (10.24.100.0/24) instead of vlan 12 ( as you said). Only the difference is :

CORE to CORE ---- Trunk Port - passing only one vlan 2 as no other vlan on core.

CORE to DIST --- Trunk Port - passing only one vlan 2 as no other vlan on core.

Advertised the same in OSPF area 0.

Dist - ACCESS --- Trunk passing all the Vlans created on Dist.

Advertised the same in OSPF with area 101 and vlan 2 area 0.

SO if I am not wrong CORE to CORE  and CORE to DIST are L2 links.

I want to take these link as L3. And It is possible in GNS3 to make it L3 by no switchport command.

My major concern is How can I intergrate Network with STATIC Routing and NEtwork with Dynamic Routing as shown in topology?

Which one is the best practice with max uptime and stability as I am going to implement the same on real network.

Reply Soon.

Regards

Hi,

In CORE, you don't need trunk.

If you read Cisco 3 Tier design doc, we recommend using L3 connection in core.

You don't have to extend your vlan 2 from Dist to Core.

Is there any reason you need to extend your vlan 2 from DIST though CORE?

I never see any design requires extends vlan from DIST to CORE and even running HSRP on CORE.

Always, run and rely on dynamic routing protocol, instead of static routes.

It is better design for quick failover, automatic failover and easy to manage.

Expanding vlan to DIST to CORE will cause complex STP problems.

It is better not to extend your L2 to core unless it is required by business.

KK.

Hi....

Actually We have Created Vlan 2 on CORE and the same has been used as server Farm.

Is there any other option?

Regards.

iandrew63
Level 1
Level 1

Hi All

We have just had a similar problem where we could not ping the virtual IP. But could from the router itself.

It was down to port-security on the ports. We had 2 switches trunked with an HSRP router plugged into each.

We removed port-security off the router port on both switches and it all works fine.

Hope this helps.