Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2413
Views
5
Helpful
6
Replies

Problem with HSRP virtual IP

Randy Ethridge
Level 1
Level 1

‎03-14-2016 12:41 PM - edited ‎03-08-2019 04:57 AM

We have the typical cisco network running hsrp with 4 Distributions, 2 core routers and edge connected switches through layer 2. Over the weekend we had to shutdown one of the distributions for work on the power. When we brought it back up we had multiple devices unable to talk to the virtual hsrp ip. We have hundreds of devices that are working fine talking to that same ip. The devices are on 2 different vlans (Time servers on one vlan and switches on another). We have rebooted these devices with no change. I can change the devices default gateway to the physical ip address of the hsrp interface and these devices start talking, move gateway back to virtual ip and they start cycling working for 10 minutes then fail for several hours. The switch is passing traffic for the other vlans configured, only the management vlan seems effected. The single distribution was the only device shutdown, the paired distribution stayed up along with these devices that arent working. Any help is appreciated.

Labels:
0 Helpful
6 Replies 6

Philip D'Ath
VIP Alumni
VIP Alumni

‎03-14-2016 01:00 PM

Can you show us your HSRP configuration please.

On all devices participating in HSRP, can they ping all other devices participating in HSRP?  Does "show standby" indicate the same answers on all HSRP members?  Is it correctly showing the primary and the same standby on all the members?

0 Helpful

Randy Ethridge
Level 1
Level 1
In response to Philip D'Ath

‎03-14-2016 01:55 PM

All HSRP devices can ping other HSRP devices (it only the 2 distributions )

Below are the "show standby" commands:

McAFEE_DISTRIBUTION_01#sh standby vlan 60 all
Vlan60 - Group 1
  State is Active
    1 state change, last state change 33w0d
  Virtual IP address is xxx.xxx.xxx.1
  Active virtual MAC address is 0000.0c07.ac01
    Local virtual MAC address is 0000.0c07.ac01 (v1 default)
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 1.824 secs
  Preemption enabled
  Active router is local
  Standby router is xxx.xxx.xxx.3, priority 95 (expires in 8.192 sec)
  Priority 105 (configured 105)
  Group name is "hsrp-Vl60-1" (default)

STUDENTSVCS_DISTRIBUTION_01#sh standby vlan 60
Vlan60 - Group 1
  State is Standby
    1 state change, last state change 01:16:16
  Virtual IP address is xxx.xxx.xxx.1
  Active virtual MAC address is 0000.0c07.ac01
    Local virtual MAC address is 0000.0c07.ac01 (v1 default)
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 0.688 secs
  Preemption enabled
  Active router is xxx.xxx.xxx.2, priority 105 (expires in 10.064 sec)
  Standby router is local
  Priority 95 (configured 95)
  Group name is "hsrp-Vl60-1" (default)

Below are the interface configs:

McAFEE_DISTRIBUTION_01#sh run int vlan 60
Building configuration...

Current configuration : 198 bytes
!
interface Vlan60
  ip address xxx.xxx.xxx.2 255.255.255.0
 standby 1 ip xxx.xxx.xxx.1
 standby 1 priority 105
 standby 1 preempt
end

STUDENTSVCS_DISTRIBUTION_01#sh run int vlan 60
Building configuration...

Current configuration : 177 bytes
!
interface Vlan60
  ip address xxx.xxx.xxx.3 255.255.255.0
 standby 1 ip xxx.xxx.xxx.1
 standby 1 priority 95
 standby 1 preempt
end

Also, when I configured the default gateway in the switch that isnt working to the physical ip of the active interface I can ping everything except the virtual ip (xxx.xxx.xxx.1 ) even though I can ping that same virtual ip from the hsrp pairs and all other switches on that network.

Thanks.

0 Helpful

Philip D'Ath
VIP Alumni
VIP Alumni
In response to Randy Ethridge

‎03-14-2016 02:11 PM

I see you haven't got "ip redirects" disabled, and HSRP v1 has an issue with this.

Is your kit new enough to support HSRP V2?  If so, add this to all the HSRP interface:

interface Vlanxxx
  standby version 2

Randy Ethridge
Level 1
Level 1
In response to Philip D'Ath

‎03-14-2016 02:17 PM

Philip

I thank you for your help but before I go changing a configuration that was running fine before the shutdown, could you explain why a shutdown would cause this and how the other 300 or so switches are having no issues?

Thanks again!

0 Helpful

Philip D'Ath
VIP Alumni
VIP Alumni
In response to Randy Ethridge

‎03-14-2016 02:25 PM

Personally - I doubt this is actually an HSRP issue.  Personally, I'm guessing it is either an issue with ICMP redirects (which don't play nicely with HSRPv1 - and Cisco recommend you don't run them together - and you are running them together), or another different layer 3 device sending a proxy arp.

Here is a general trouble shooting guide, and some info about the redirect issue.  I see that it says that as of 12.1(3)T that turning on HSRP now automatically disables re-directs, so something new I learned today!

http://www.cisco.com/c/en/us/support/docs/ip/hot-standby-router-protocol-hsrp/10583-62.html#topic9

0 Helpful

Philip D'Ath
VIP Alumni
VIP Alumni
In response to Randy Ethridge

‎03-14-2016 02:13 PM

I guess it is also possible you are having a redirects/proxy arp issue, rather than HSRP itself.

On the HSRP interfaces I would also tend to add:

interface Vlan xxx
 no ip proxy-arp
 no ip redirects
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card