03-14-2016 12:41 PM - edited 03-08-2019 04:57 AM
We have the typical cisco network running hsrp with 4 Distributions, 2 core routers and edge connected switches through layer 2. Over the weekend we had to shutdown one of the distributions for work on the power. When we brought it back up we had multiple devices unable to talk to the virtual hsrp ip. We have hundreds of devices that are working fine talking to that same ip. The devices are on 2 different vlans (Time servers on one vlan and switches on another). We have rebooted these devices with no change. I can change the devices default gateway to the physical ip address of the hsrp interface and these devices start talking, move gateway back to virtual ip and they start cycling working for 10 minutes then fail for several hours. The switch is passing traffic for the other vlans configured, only the management vlan seems effected. The single distribution was the only device shutdown, the paired distribution stayed up along with these devices that arent working. Any help is appreciated.
03-14-2016 01:00 PM
Can you show us your HSRP configuration please.
On all devices participating in HSRP, can they ping all other devices participating in HSRP? Does "show standby" indicate the same answers on all HSRP members? Is it correctly showing the primary and the same standby on all the members?
03-14-2016 01:55 PM
All HSRP devices can ping other HSRP devices (it only the 2 distributions )
Below are the "show standby" commands:
McAFEE_DISTRIBUTION_01#sh standby vlan 60 all
Vlan60 - Group 1
State is Active
1 state change, last state change 33w0d
Virtual IP address is xxx.xxx.xxx.1
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.824 secs
Preemption enabled
Active router is local
Standby router is xxx.xxx.xxx.3, priority 95 (expires in 8.192 sec)
Priority 105 (configured 105)
Group name is "hsrp-Vl60-1" (default)
STUDENTSVCS_DISTRIBUTION_01#sh standby vlan 60
Vlan60 - Group 1
State is Standby
1 state change, last state change 01:16:16
Virtual IP address is xxx.xxx.xxx.1
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.688 secs
Preemption enabled
Active router is xxx.xxx.xxx.2, priority 105 (expires in 10.064 sec)
Standby router is local
Priority 95 (configured 95)
Group name is "hsrp-Vl60-1" (default)
Below are the interface configs:
McAFEE_DISTRIBUTION_01#sh run int vlan 60
Building configuration...
Current configuration : 198 bytes
!
interface Vlan60
ip address xxx.xxx.xxx.2 255.255.255.0
standby 1 ip xxx.xxx.xxx.1
standby 1 priority 105
standby 1 preempt
end
STUDENTSVCS_DISTRIBUTION_01#sh run int vlan 60
Building configuration...
Current configuration : 177 bytes
!
interface Vlan60
ip address xxx.xxx.xxx.3 255.255.255.0
standby 1 ip xxx.xxx.xxx.1
standby 1 priority 95
standby 1 preempt
end
Also, when I configured the default gateway in the switch that isnt working to the physical ip of the active interface I can ping everything except the virtual ip (xxx.xxx.xxx.1 ) even though I can ping that same virtual ip from the hsrp pairs and all other switches on that network.
Thanks.
03-14-2016 02:11 PM
I see you haven't got "ip redirects" disabled, and HSRP v1 has an issue with this.
Is your kit new enough to support HSRP V2? If so, add this to all the HSRP interface:
interface Vlanxxx
standby version 2
03-14-2016 02:17 PM
Philip
I thank you for your help but before I go changing a configuration that was running fine before the shutdown, could you explain why a shutdown would cause this and how the other 300 or so switches are having no issues?
Thanks again!
03-14-2016 02:25 PM
Personally - I doubt this is actually an HSRP issue. Personally, I'm guessing it is either an issue with ICMP redirects (which don't play nicely with HSRPv1 - and Cisco recommend you don't run them together - and you are running them together), or another different layer 3 device sending a proxy arp.
Here is a general trouble shooting guide, and some info about the redirect issue. I see that it says that as of 12.1(3)T that turning on HSRP now automatically disables re-directs, so something new I learned today!
http://www.cisco.com/c/en/us/support/docs/ip/hot-standby-router-protocol-hsrp/10583-62.html#topic9
03-14-2016 02:13 PM
I guess it is also possible you are having a redirects/proxy arp issue, rather than HSRP itself.
On the HSRP interfaces I would also tend to add:
interface Vlan xxx
no ip proxy-arp
no ip redirects
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide