Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3433
Views
0
Helpful
9
Replies

VRRP State is Backup

Andrew Clark
Level 1
Level 1

‎11-29-2013 08:07 AM - edited ‎03-07-2019 04:51 PM

I am currently running VRRP on my remote locations. The configuration are identical between them all for VRRP. When doing our backup tests we noticed that several of the Routers were not showing VRRP State is Backup on the interfaces that we have configured. The two noticable difference are that the working model is a 2801 running 15.0(1) M4 and the one that does not show up properly is a 2901 running 15.2(2) T1. Is this an IOS visual bug or something else?

Please help! I'm worried that VRRP is only working on these because of the default route.                  

Labels:
0 Helpful
9 Replies 9

Peter Paluch
Cisco Employee
Cisco Employee

‎11-29-2013 08:34 AM

Andrew,

You are saying that the VRRP state on some routers is not shown as Backup. What is shown, then? Can you actually post the output of show vrrp from these routers?

Best regards,

Peter

0 Helpful

Andrew Clark
Level 1
Level 1
In response to Peter Paluch

‎11-29-2013 09:08 AM

The show VRRP command usually shows State is Master if everything is working as it should. Once a failover happens that same command should show that the interfaces are now State is Backup.

When i see state is backup i know for sure that vrrp is working as intended and not using the default route. However when a fail is initialized and the sh vrrp command still says State is Master i fear that it is just defaulting to the static route at that point and not actually using vrrp.

      

GigabitEthernet0/0.1 - Group 1 
  State is Master 
  Virtual IP address is 192.168.133.212
  Virtual MAC address is 0000.5e00.0101
  Advertisement interval is 1.000 sec
  Preemption enabled, delay min 60 secs
  Priority is 250
    Track object 1 state Up decrement 249
  Master Router is 192.168.133.211 (local), priority is 250
  Master Advertisement interval is 1.000 sec
  Master Down interval is 3.023 sec

GigabitEthernet0/0.22 - Group 22
  State is Master 
  Virtual IP address is 10.22.33.254
  Virtual MAC address is 0000.5e00.0116
  Advertisement interval is 1.000 sec
  Preemption enabled, delay min 60 secs
  Priority is 250
    Track object 1 state Up decrement 249
  Master Router is 10.22.33.252 (local), priority is 250
  Master Advertisement interval is 1.000 sec
  Master Down interval is 3.023 sec

GigabitEthernet0/0.111 - Group 111
  State is Master 
  Virtual IP address is 10.111.33.254
  Virtual MAC address is 0000.5e00.016f
  Advertisement interval is 1.000 sec
  Preemption enabled, delay min 60 secs
  Priority is 250
    Track object 1 state Up decrement 249
  Master Router is 10.111.33.252 (local), priority is 250
  Master Advertisement interval is 1.000 sec
  Master Down interval is 3.023 sec

0 Helpful

Peter Paluch
Cisco Employee
Cisco Employee
In response to Andrew Clark

‎11-29-2013 10:37 AM

Andrew,

If I understand you correctly then you are saying that regardless of the situation in your network, the show vrrp still indicates that the router that should be in the Backup state is in fact Master, right?

That is definitely suspicious. Can you perhaps show us the topology in which your VRRP is used, and the way you do the failure so that the switchover is initiated?

Best regards,

Peter

0 Helpful

Andrew Clark
Level 1
Level 1
In response to Peter Paluch

‎11-29-2013 11:35 AM

track 1 interface Serial0/0/0 line-protocol

interface Serial0/0/0

ip address 192.168.250.117 255.255.255.252

ip flow ingress

encapsulation ppp

service-module t1 timeslots 1-24

service-policy output voice-policy-MPLS interface Serial0/0/0
ip address 192.168.250.117 255.255.255.252
ip flow ingress
encapsulation ppp
service-module t1 timeslots 1-24
service-policy output voice-policy-MPLS

I have a track statement that monitors the serial interface. If that interface goes down VRRP should take over and shoot the traffic out of the Netgate which is in our MPLS network.

0 Helpful

Peter Paluch
Cisco Employee
Cisco Employee
In response to Andrew Clark

‎12-01-2013 12:01 PM

Andrew,

Thanks for updating the information. I am confused, though:

  • Your configuration snippet talks about Serial0/0/0. The exhibit, however, shows only Serial0/1/0. Which one is correct?
  • You are tracking the Serial0/0/0 interface in track object 1. I do not see the configuration where you are actually using the state of this tracking object.
  • You are saying that "if the serial interface goes down, VRRP should take over and shoot the traffic out of the Netgate". I am not sure if I understand this. Are you suggesting that if the serial interface goes down, the VRRP running on the Gi0/0 interface of your Cisco router stops being the Master, and VRRP running on the Netgate takes over the Master role?

Can you please clarify these doubts? Thank you!

Best regards,

Peter

0 Helpful

Andrew Clark
Level 1
Level 1
In response to Peter Paluch

‎12-02-2013 07:54 AM

#1 -  I took the topology from another source than the configuration. The serial interface on the config is the correct one from the device i took it off of.

#2 - The track 1 is in the subinterfaces. If the serial goes down the subinterface will decrement based on the timer.

#3 - All of the IP's point to a virtual address. This virtual address will pass traffic along to either interface depending on it's status. If the main route goes down VRRP will use it's secondary route out the netgate. The router at this point is just a gateway passing traffic to the netgate but only when it's serial interface goes to a down/down state.

0 Helpful

Peter Paluch
Cisco Employee
Cisco Employee
In response to Andrew Clark

‎12-02-2013 08:38 AM

Andrew,

Unfortunately, I am getting more and more confused. Can you post the configuration of the interfaces on which the VRRP is configured? After all, we're solving the issue with VRRP but so far, there has not been a single line showing how your VRRP is configured indeed.

However, I am increasingly getting the feeling that something is wrong with the way you are trying to use the VRRP. If the Cisco router is one router that runs VRRP, what is the other router that must also run VRRP? I am sure you know but just for completeness' sake, VRRP is useless on a single router. You need to have at least two routers for the VRRP to operate. Do you have two or more routers in each (V)LAN you're trying to protect that run VRRP? If so, where is the second router that speaks VRRP?

Best regards,

Peter

0 Helpful

Andrew Clark
Level 1
Level 1
In response to Peter Paluch

‎12-02-2013 08:46 AM

The Netgate also is running VRRP and acts as a router, sorry if i was not clear on that part.

Here is a configuation from one of my Cisco routers with the show vrrp and snipets from the running config.

jp_router#sh vrrp
FastEthernet0/0.1 - Group 1 
  State is Master 
  Virtual IP address is 192.168.120.212
  Virtual MAC address is 0000.5e00.0101
  Advertisement interval is 1.000 sec
  Preemption enabled, delay min 60 secs
  Priority is 250
    Track object 1 state Up decrement 249
  Master Router is 192.168.120.211 (local), priority is 250
  Master Advertisement interval is 1.000 sec
  Master Down interval is 3.023 sec

FastEthernet0/0.22 - Group 22
  State is Master 
  Virtual IP address is 10.22.20.254
  Virtual MAC address is 0000.5e00.0116
  Advertisement interval is 1.000 sec
  Preemption enabled, delay min 60 secs
  Priority is 250
    Track object 1 state Up decrement 249
  Master Router is 10.22.20.252 (local), priority is 250
  Master Advertisement interval is 1.000 sec
  Master Down interval is 3.023 sec

FastEthernet0/0.111 - Group 111
  State is Master 
  Virtual IP address is 10.111.20.254
  Virtual MAC address is 0000.5e00.016f
  Advertisement interval is 1.000 sec
  Preemption enabled, delay min 60 secs
  Priority is 250
    Track object 1 state Up decrement 249
  Master Router is 10.111.20.252 (local), priority is 250
  Master Advertisement interval is 1.000 sec
  Master Down interval is 3.023 sec

track 1 interface Serial0/1/0.777 line-protocol

interface Serial0/1/0.777 point-to-point

description PVC to ATT-MPLS

ip address OMITTED

no cdp enable

frame-relay interface-dlci 777 IETF  

  class MPLS interface Serial0/1/0.777 point-to-point
description PVC to ATT-MPLS
ip address OMITTED

no cdp enable
frame-relay interface-dlci 777 IETF  
  class MPLS

0 Helpful

Peter Paluch
Cisco Employee
Cisco Employee
In response to Andrew Clark

‎12-02-2013 01:12 PM

Andrew,

Thank you for the additional information.

So with this configuration, if you shut the Serial0/1/0.777 down and the track object 1 goes down, the VRRP on your Fa0/0 subinterfaces still remains in the Master state?

If yes, can you run the debug vrrp all and post the results? There is a couple of possibilities why the Netgate does not take over: the routers do not hear each other's VRRP Advertisement messages; the Advertisement timers are different; VRRP authentication does not match the neighbor settings. Please allow for over 60 seconds for the switchover to take place. Post the debugs here if possible. Thank you!

Best regards,

Peter

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card