Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
448
Views
5
Helpful
2
Replies

VRRP services not seeing VRRP peers

Go to solution
bnidacoc
Beginner
Beginner

‎08-09-2022 07:41 AM

I haven't recognized what I'm missing yet. I thought I'd work with the open standard vrrp to prepare to use it for future deployments as the FH router. I'm working with two devices at my desk, a 9300L and an IE4010, each running the latest "Gold Star" code (as of a few weeks ago). Both switches believe that each themselves is the vrrp master (local).

Troubleshooting, I can ping each broadcast domain peer and I configured HSRP and each HSRP service sees the peer switch across the broadcast domain and the one configured to have the highest priority is the HSRP "Active" role.  So, I think my broadcast domain is OK.

What am I missing in regards to the vrrp?

 

93000-L#show run int vlan 1
Building configuration...

Current configuration : 226 bytes
!
interface Vlan1
ip address 10.1.1.2 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
standby 1 ip 10.1.1.254
standby 1 preempt
vrrp 1 address-family ipv4
address 10.1.1.1 primary
exit-vrrp
end

93000-L#show vrrp vlan 1

Vlan1 - Group 1 - Address-Family IPv4
State is MASTER
State duration 2 hours 28 mins 43 secs
Virtual IP address is 10.1.1.1
Virtual MAC address is 0000.5E00.0101
Advertisement interval is 1000 msec
Preemption enabled
Priority is 100
Master Router is 10.1.1.2 (local), priority is 100
Master Advertisement interval is 1000 msec (expires in 54 msec)
Master Down interval is unknown
FLAGS: 1/1

93000-L#ping 10.1.1.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2/3 ms
93000-L#show standby vlan 1
Vlan1 - Group 1
State is Active
2 state changes, last state change 00:08:23
Virtual IP address is 10.1.1.254
Active virtual MAC address is 0000.0c07.ac01 (MAC In Use)
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.576 secs
Preemption enabled
Active router is local
Standby router is 10.1.1.3, priority 95 (expires in 10.064 sec)
Priority 100 (default 100)
Group name is "hsrp-Vl1-1" (default)
FLAGS: 0/1
93000-L#
93000-L#show ver
Cisco IOS XE Software, Version 17.06.03
Cisco IOS Software [Bengaluru], Catalyst L3 Switch Software (CAT9K_IOSXE), Version 17.6.3, RELEASE SOFTWARE (fc4)

[SNIP]

93000-L#ping 10.1.1.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2/3 ms
93000-L#show license usage
License Authorization:
Status: Not Applicable

network-advantage (C9300L 48P Network Advantage):
Description: C9300L 48P Network Advantage
Count: 1
Version: 1.0
Status: IN USE
Export status: NOT RESTRICTED
Feature Name: network-advantage
Feature Description: C9300L 48P Network Advantage
Enforcement type: NOT ENFORCED
License type: Perpetual

[SNIP]

 

 

IE-4010#show run int vlan 1
Building configuration...

Current configuration : 203 bytes
!
interface Vlan1
ip address 10.1.1.3 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
standby 1 ip 10.1.1.254
standby 1 priority 95
vrrp 1 ip 10.1.1.1
vrrp 1 priority 95
end

IE-4010#show vrrp interface vlan 1
Vlan1 - Group 1
State is Master
Virtual IP address is 10.1.1.1
Virtual MAC address is 0000.5e00.0101
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 95
Master Router is 10.1.1.3 (local), priority is 95
Master Advertisement interval is 1.000 sec
Master Down interval is 3.628 sec

IE-4010#show standby vlan 1
Vlan1 - Group 1
State is Standby
4 state changes, last state change 00:10:03
Virtual IP address is 10.1.1.254
Active virtual MAC address is 0000.0c07.ac01 (MAC Not In Use)
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 2.624 secs
Preemption disabled
Active router is 10.1.1.2, priority 100 (expires in 9.888 sec)
Standby router is local
Priority 95 (configured 95)
Group name is "hsrp-Vl1-1" (default)
IE-4010#ping 10.1.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms
IE-4010#show ver
Cisco IOS Software, IE4010 Software (IE4010-UNIVERSALK9-M), Version 15.2(8)E1, RELEASE SOFTWARE (fc8)

[SNIP]

IE-4010#show license
Index 1 Feature: ipservices
Period left: Life time
License Type: PermanentRightToUse
License State: Active, In Use
License Priority: High
License Count: Non-Counted

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
David Ruess
VIP Collaborator VIP Collaborator
VIP Collaborator

‎08-11-2022 04:26 PM

Hello,

It could be the VRRP instance/version you are running. The first one with the address family it looks like you may be running v3 VRRP, while the other device with the config on the VLAN interface is still running v2 VRRP (without address-family). You will need make either both of them part of an address-family or both standard VRRP. I say this because Standard v2 VRRP and address-family VRRP v3 use different MAC addresses for their virtual MAC. Same reason you cant use HSRP and HSRPv2. The Virtual MAC addresses need to be the same otherwise they fight for who is supposed to advertise the IP address. Remember the clients receive this Virtual MAC/IP as the default GW. If the devices are sending different ones then there is a mismatch and it wont work.

I was able to lab this up and see for myself as well. Not the same devices as you but functionality is the same.

 

Hope this helps

 

-David

View solution in original post

2 Replies 2

Go to solution
David Ruess
VIP Collaborator VIP Collaborator
VIP Collaborator

‎08-11-2022 04:26 PM

Hello,

It could be the VRRP instance/version you are running. The first one with the address family it looks like you may be running v3 VRRP, while the other device with the config on the VLAN interface is still running v2 VRRP (without address-family). You will need make either both of them part of an address-family or both standard VRRP. I say this because Standard v2 VRRP and address-family VRRP v3 use different MAC addresses for their virtual MAC. Same reason you cant use HSRP and HSRPv2. The Virtual MAC addresses need to be the same otherwise they fight for who is supposed to advertise the IP address. Remember the clients receive this Virtual MAC/IP as the default GW. If the devices are sending different ones then there is a mismatch and it wont work.

I was able to lab this up and see for myself as well. Not the same devices as you but functionality is the same.

 

Hope this helps

 

-David

Go to solution
bnidacoc
Beginner
Beginner
In response to David Ruess

‎08-12-2022 05:45 AM

Thanks David, you are onto it.  

This was my first effort with VRRP, after working solely with HSRP.  I looked at the configuration guides for help as well, the IE4010 guide had one paragraph and four bullet points for VRRP without a reference to a version or commands, https://www.cisco.com/c/en/us/td/docs/switches/lan/cisco_ie4010/software/release/15-2_4_EC/configuration/guide/scg-ie4010_5000/swhsrp.html

Maybe there is an unspoken message from Cisco there.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents