Re: Standby hsrp router cannot ping virtual ip

kbk989 · ‎03-22-2025

So i have the following topology on eve ng-

Ignore PEdge-1 and 2

So i have hsrp setup on CEdge-1 and 2.

Cedge-1 has higher priority and 2 has lower priority.

Election takes place and hsrp is working as expected here as CEdge-1 is active and Cedge-2 is standby.

The problem is i cant ping the virtual ip which is 11.2.101.1 from the standby which is CEdge-2 for some reason.

Cannot ping it from the vEdge-2 switch as well however i can ping the 11.2.101.49 and .50 ips form the vEdge-2 switch.

Similarly i can ping 11.2.101.50 from CEdge-1 and 11.2.101.49 from CEdge-2.

Configs are as follows-

CEdge-1

CEdge-1#show running-config interface port-channel 1
Building configuration...

Current configuration : 290 bytes
!
interface Port-channel1
description Port-Channel Gi0/2-3
ip address 11.2.101.49 255.255.254.0
no ip redirects
no ip unreachables
no ip proxy-arp
standby 0 ip 11.2.101.1
standby 0 priority 105
standby 0 preempt delay minimum 60
negotiation auto
no mop enabled
no mop sysid
end

CEdge-1#show running-config interface gig
CEdge-1#show running-config interface gigabitEthernet 2
Building configuration...

Current configuration : 213 bytes
!
interface GigabitEthernet2
description toInsideCompany LAN
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
negotiation auto
no mop enabled
no mop sysid
channel-group 1 mode active
end

CEdge-2

CEdge-2#show running-config interface port-channel 1
Building configuration...

Current configuration : 266 bytes
!
interface Port-channel1
description Port-Channel Gi0/2-3
ip address 11.2.101.50 255.255.254.0
no ip redirects
no ip unreachables
no ip proxy-arp
standby 0 ip 11.2.101.1
standby 0 preempt delay minimum 60
negotiation auto
no mop enabled
no mop sysid
end

CEdge-2#show running-config interface gigabitEthernet 3
Building configuration...

Current configuration : 213 bytes
!
interface GigabitEthernet3
description toInsideCompany LAN
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
negotiation auto
no mop enabled
no mop sysid
channel-group 1 mode active
end

vEdge-2

vEdge-2#show running-config interface gigabitEthernet 1/2
Building configuration...

Current configuration : 135 bytes
!
interface GigabitEthernet1/2
switchport access vlan 650
switchport mode access
negotiation auto
channel-group 2 mode active
end

vEdge-2#show running-config interface gigabitEthernet 1/3
Building configuration...

Current configuration : 135 bytes
!
interface GigabitEthernet1/3
switchport access vlan 650
switchport mode access
negotiation auto
channel-group 3 mode active
end

vEdge-2#show running-config int
vEdge-2#show running-config interface port-c
vEdge-2#show running-config interface port-channel 2
Building configuration...

Current configuration : 83 bytes
!
interface Port-channel2
switchport access vlan 650
switchport mode access
end

vEdge-2#show running-config interface port-channel 3
Building configuration...

Current configuration : 83 bytes
!
interface Port-channel3
switchport access vlan 650
switchport mode access
end

Any help here would be appreciated, makes no sense to me that CEdge-2 cannot ping its own HSRP VIP (11.2.101.1)

More configs-

CEdge-1#show standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Po1 0 105 P Active local 11.2.101.50 11.2.101.1

CEdge-2#show standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Po1 0 100 P Standby 11.2.101.49 local 11.2.101.1

Thank You!

sdroy · ‎03-22-2025

This is probably because in standby mode HSRP does not work, and the CEdge-2 does not get a response if it pings the HSRP virtual IP: 11. 2. 101. 1 The standby router will not handle any traffic that gets sent to the virtual IP. It can only do what it is supposed to, and that is take over the active router in case of failure. I recommend you to try to ping the physical IP address of CEdge-1 first (e. g. ISP_TEST). You'll know if the network link goes through this route. Also you must check to make sure that there is proper connection between Edge2 and Edge3. Lots of things, including VLAN consistency, port-channel configuration, and whether HSRP is being debugged.

Shuvodip Roy

balaji.bandi · ‎03-23-2025

Unfortunately, your configuration doesn't make sense to me. Do you happen to have more interfaces to create port channels? What is the value of creating a port channel with one port instead that you can use as a trunk?

I think you should start with a simple default configuration of the interface and test it.

I am sure hsrp members can ping virtual IP; it does not matter whether it is active or on standby.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

kbk989 · ‎03-23-2025

this is a just a test, design doesnt have to make sense im just testing with a simple configuration with one interface pairs on each port channel, of course in real life you would have more interfaces but this is eve ng. And this lab is from a real life example by the way. Also yes hsrp ip should be pingable from both the routers regardless of active, standby and my question is why i cant ping it from the standby router even though the configuration should be correct.

And there is definitely something going on here since i cant ping that vip from the palo firewall as well which is out of the picture below vEdge-2.

kbk989 · ‎03-23-2025

the only thing i can think of why its not working as expected is because of the image being used or its just an emulator thing.

kbk989 · ‎03-23-2025

also i dont know what you meant by trunk interface since none of the configs above show trunk anywhere, they are all access vlan interfaces.

ulineosan · ‎03-23-2025

cant ping the virtual ip which is 11.2.101.1 from the standby

Did you try looking at a debug or packet capture to make sure the ping is as you expect? e.g.:

access-list 101 permit icmp any
debug ip packet 101 detail

kbk989 · ‎03-24-2025

i guess ill try that