They are Cisco ISR4451.

Stanley Camacho · ‎06-08-2016

Hello everyone,

I have several vlans configured on two routers as sub-interfaces for each of my vlans. I'm able to ping sub-interface IP just fine between both routers except one vlan 240. If i shut the Vlan 240 down on router 2 i have no communication problems and users are able to connect on that Vlan, as soon i bring up that sub-interface on router 2 users are not able to connect on their devices in that Vlan and i cannot ping router 1 or router 2 sub-interface IP on Vlan 240.

I have HSRP configured on my vlans and i cannot even ping the standby IP on either gateway for Vlan 240 when the sub-interface is up.

Any suggestion would be appreciated.

Thanks!

Reza Sharifi · ‎06-08-2016

Hi,

Can you post the configs from both routers?

HTH

Stanley Camacho · ‎06-09-2016

R1 Config

interface GigabitEthernet0/0/0.240
description to lko2 ion VLAN 240
encapsulation dot1Q 240
ip address 10.102.67.2 255.255.255.128
ip helper-address X.X.X.X
ip helper-address X.X.X.X
ip access-group denyFromION in
standby version 2
standby 1 ip 10.102.67.1
standby 1 priority 110
standby 1 preempt
standby 1 authentication md5 key-string 7 xxxxxxxxxxxxxxxxxxxxxxxx timeout 30
ipv6 traffic-filter denyFromIONv6 in
no cdp enable

router eigrp 10
network 10.102.67.0 0.0.0.127

R2 Config

interface GigabitEthernet0/0/0.240
description to lko2 ion VLAN 240
encapsulation dot1Q 240
ip address 10.102.67.3 255.255.255.128
ip helper-address X.X.X.X
ip helper-address X.X.X.X
ip access-group denyFromION in
standby version 2
standby 1 ip 10.102.67.1
standby 1 preempt
standby 1 authentication md5 key-string 7 xxxxxxxxxxxxxxxxxxxxxxxx1D timeout 30
ipv6 traffic-filter denyFromIONv6 in
no cdp enable

router eigrp 10
network 10.102.67.0 0.0.0.127

Reza Sharifi · ‎06-09-2016

Have you tried removing the access list from the interfaces?

Also, what is the output of "sh standby vlan 240"?

Stanley Camacho · ‎06-09-2016

I found that R2 is bouncing between other Vlans as you can see in the "show ip eigrp events" log below. Looks it is trying to install the route on different vlan IPs. How can i resolve this?

2 12:07:34.411 Metric set: 10.102.67.0/25 metric(2816)
4 12:07:34.411 Update sent, RD: 10.102.67.0/25 metric(Infinity)
6 12:07:34.411 Update sent, RD: 10.102.67.0/25 metric(Infinity)
7 12:07:34.411 Route installing: 10.102.67.0/25 10.128.166.129
8 12:07:34.411 Route installed: 10.102.67.0/25 0.0.0.0
9 12:07:34.411 Route installing: 10.102.67.0/25 10.128.166.2
10 12:07:34.411 RDB delete: 10.102.67.0/25 10.128.166.126
11 12:07:34.411 Find FS: 10.102.67.0/25 metric(Infinity)
12 12:07:34.411 Free reply status: 10.102.67.0/25
14 12:07:34.411 Clr handle dest/cnt: 10.102.67.0/25 0
16 12:07:34.411 Rcv reply dest/nh: 10.102.67.0/25 10.128.166.126
18 12:07:34.410 Clr handle dest/cnt: 10.102.67.0/25 1
20 12:07:34.410 Rcv reply dest/nh: 10.102.67.0/25 10.128.166.2
22 12:07:34.410 Clr handle dest/cnt: 10.102.67.0/25 2
24 12:07:34.410 Rcv reply dest/nh: 10.102.67.0/25 10.128.166.129
25 12:07:34.385 Conn rt change: 10.102.67.0/25 GigabitEthernet0/0/0.240
27 12:07:34.385 Rcv update dest/orig: 10.102.67.0/25 Connected
28 12:07:34.385 Conn rt change: 10.102.67.0/25 GigabitEthernet0/0/0.240
29 12:07:34.385 Lost route 1=forceactv: 10.102.67.0/25 0
30 12:07:34.385 Metric set: 10.102.67.0/25 metric(Infinity)
31 12:07:34.385 Active net/peers: 10.102.67.0/25 3
33 12:07:34.385 Find FS: 10.102.67.0/25 metric(0)
34 12:07:34.385 Lost route 1=forceactv: 10.102.67.0/25 1
36 11:53:26.544 Metric set: 10.102.67.0/25 metric(3072)
38 11:53:26.544 Update sent, RD: 10.102.67.0/25 metric(Infinity)
40 11:53:26.544 Update sent, RD: 10.102.67.0/25 metric(Infinity)
41 11:53:26.544 Route installed: 10.102.67.0/25 10.128.166.129
42 11:53:26.544 Route installing: 10.102.67.0/25 10.128.166.129
43 11:53:26.544 Route installed: 10.102.67.0/25 10.128.166.2
44 11:53:26.544 Route installing: 10.102.67.0/25 10.128.166.2
45 11:53:26.544 RDB delete: 10.102.67.0/25 0.0.0.0
46 11:53:26.544 Find FS: 10.102.67.0/25 metric(Infinity)
47 11:53:26.544 Free reply status: 10.102.67.0/25
49 11:53:26.544 Clr handle dest/cnt: 10.102.67.0/25 0
51 11:53:26.544 Rcv reply dest/nh: 10.102.67.0/25 10.128.166.2
53 11:53:26.544 Clr handle dest/cnt: 10.102.67.0/25 1
55 11:53:26.544 Rcv reply dest/nh: 10.102.67.0/25 10.128.166.129
56 11:53:26.543 RDB delete: 10.102.67.0/25 10.128.166.126
58 11:53:26.543 Clr handle dest/cnt: 10.102.67.0/25 2
60 11:53:26.543 Rcv reply dest/nh: 10.102.67.0/25 10.128.166.126
61 11:53:26.496 Metric set: 10.102.67.0/25 metric(Infinity)
62 11:53:26.496 Active net/peers: 10.102.67.0/25 3
64 11:53:26.496 Find FS: 10.102.67.0/25 metric(2816)
66 11:53:26.496 Rcv update dest/orig: 10.102.67.0/25 Connected
67 11:53:26.496 Conn rt down: 10.102.67.0/25 GigabitEthernet0/0/0.240
69 11:52:46.200 Metric set: 10.102.67.0/25 metric(2816)
71 11:52:46.200 Update sent, RD: 10.102.67.0/25 metric(Infinity)
73 11:52:46.200 Update sent, RD: 10.102.67.0/25 metric(Infinity)
74 11:52:46.200 Route installing: 10.102.67.0/25 10.128.166.129
75 11:52:46.200 Route installed: 10.102.67.0/25 0.0.0.0
76 11:52:46.199 Route installing: 10.102.67.0/25 10.128.166.2
77 11:52:46.199 RDB delete: 10.102.67.0/25 10.128.166.126
78 11:52:46.199 Find FS: 10.102.67.0/25 metric(Infinity)
79 11:52:46.199 Free reply status: 10.102.67.0/25
81 11:52:46.199 Clr handle dest/cnt: 10.102.67.0/25 0
83 11:52:46.199 Rcv reply dest/nh: 10.102.67.0/25 10.128.166.126
85 11:52:46.198 Clr handle dest/cnt: 10.102.67.0/25 1
87 11:52:46.198 Rcv reply dest/nh: 10.102.67.0/25 10.128.166.2
89 11:52:46.198 Clr handle dest/cnt: 10.102.67.0/25 2

Stanley Camacho · ‎06-09-2016

I haven't tried removing the ACl yet as i need a CR for that, but it is something i have in mind to do.

R1

GigabitEthernet0/0/0.240 - Group 1 (version 2)
State is Active
4 state changes, last state change 1d22h
Virtual IP address is 10.102.67.1
Active virtual MAC address is 0000.0c9f.f001 (MAC In Use)
Local virtual MAC address is 0000.0c9f.f001 (v2 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.032 secs
Authentication MD5, key-string, timeout 30 secs
Preemption enabled
Active router is local
Standby router is unknown
Priority 110 (configured 110)
Group name is "hsrp-Gi0/0/0.240-1" (default)

R2

GigabitEthernet0/0/0.240 - Group 1 (version 2)
State is Standby
26 state changes, last state change 00:00:02
Virtual IP address is 10.102.67.1
Active virtual MAC address is 0000.0c9f.f001 (MAC Not In Use)
Local virtual MAC address is 0000.0c9f.f001 (v2 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.496 secs
Authentication MD5, key-string, timeout 30 secs
Preemption enabled
Active router is 10.102.67.2, priority 110 (expires in 10.928 sec)
MAC address is 00f2.8b7c.6240
Standby router is local
Priority 100 (default 100)
Group name is "hsrp-Gi0/0/0.240-1" (default)

Reza Sharifi · ‎06-09-2016

From r1

Standby router is unknown

The active route is not able to see the stand-by router.

How are these devices connected to each other?

Also,

from r2

26 state changes, last state change 00:00:02

So, r2 is flapping and trying to become the active device

Can you also disable Preemption on r2 and test?

HTH

Stanley Camacho · ‎06-09-2016

Both routers are connected via a crossover cable.

I disabled preemption and still unable to reach x.x.x.3

Reza Sharifi · ‎06-09-2016

What type of routers are these and what version of IOS are you running?

Do the devices see each other via CDP?

Is EIGRP peered?

Stanley Camacho · ‎06-09-2016

They are Cisco ISR4451.

Both routers are shown in cdp neighbors

EIGRP is peered.

R1

1 10.128.166.130 Gi0/0/1 11 2d01h 1 100 0 3217

R2

0 10.128.166.129 Gi0/0/1 11 2d01h 1 100 0 4553

Reachability Issues