hsrp on switch

Unanswered Question
Sep 28th, 2007
User Badges:

Hi,



We tried to configure HSRP on 2 3750.


hsrp works, when 1 cable is disconnected, pc continues to reach its gateway.


Our problem is that intervlan routing doesn't work.


ping to all vlan ip address form a pc on one of the vlan responds but it can't ping pc on other vlan.


SW1


interface Vlan1

ip address 192.168.2.1 255.255.255.0

standby 1 ip 192.168.2.254

standby 1 priority 102

standby 1 preempt

!

interface Vlan3

ip address 192.168.3.1 255.255.255.0

standby 1 ip 192.168.3.254

standby 1 priority 103

standby 1 preempt






SW2


interface Vlan2

ip address 192.168.2.2 255.255.255.0

standby 1 ip 192.168.2.254

standby 1 priority 202

standby 1 preempt

!

interface Vlan3

ip address 192.168.3.2 255.255.255.0

standby 1 ip 192.168.3.254

standby 1 priority 203

standby 1 preempt




Another question, about the link between the 2 switch 3750, should it be a trunk or can we let the port as it is, without switchport mode ?



What about the vtp mode on the 2 switch? one server and one client or both server?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
glen.grant Fri, 09/28/2007 - 03:09
User Badges:
  • Purple, 4500 points or more

Did you create the layer2 vlan ??? Do a show vlan and the vlans 2 and 3 should show active with ports assigned to it, if not then you did not create the layer 2 vlan. Also obviously make sure ip routing is turned on .

harinirina Fri, 09/28/2007 - 03:33
User Badges:


Here's the show vlan output :



2 VLAN0002 active

3 VLAN0003 active



about ip routing, it's on.

harinirina Mon, 10/01/2007 - 07:57
User Badges:

Hi all,



On switch, it's really vlan 2 but not vlan 1.I changed ip address when posting and didn't notice i also changed vlan 2 to 1.



Sorry Glen, i was sure i've turned on ip routing on all switches.


After verification, i noticed that i forgot turned it on on one of the switch.




About interswitch link, what switchport mode should it be ? a trunk or i don't need put any config on it ?



paul.matthews Fri, 09/28/2007 - 03:48
User Badges:
  • Silver, 250 points or more

First off, if your post is accurate you have a mismatch in addressing and VLAN on switch 1 vlan 1 has 192.168.2.0/24, but that address is on VLAN2 in switch 2. That alone could be the cause of your problem.


The HSRP bit is a little moot with my answer to the second bit.


When joining two 3750s use the stackwise cable and stack them. You get MUCH better bandwidth, the failover seems quicker than I see HSRP failover, spanning tree is simpler...


Back to HSRP and routing.


In the first instance, forget the second switch, use just one.


From a PC on VLAN1 ping 192.168.2.1, 2.254 and 3.2 and see what happens.



Kevin Dorrell Fri, 09/28/2007 - 03:49
User Badges:
  • Green, 3000 points or more

Which Vlan is 192.168.2.0/24? You have it on Vlan2 on one switch, and Vlan1 on the other.


Kevin Dorrell

Luxembourg


[Edit] Paul: I'll have to be quicker off the mark, won't I. ;-)

tpacjer Fri, 09/28/2007 - 10:51
User Badges:

SW1


interface Vlan2

ip address 192.168.2.1 255.255.255.0

no ip redirects

standby 2 ip 192.168.2.254

standby 2 priority 105 preempt

!

interface Vlan3

ip address 192.168.3.1 255.255.255.0

no ip redirects

standby 3 ip 192.168.3.254

standby 3 priority 105 preempt






SW2


interface Vlan2

ip address 192.168.2.2 255.255.255.0

no ip redirects

standby 2 ip 192.168.2.254

standby 2 priority 110 preempt

!

interface Vlan3

ip address 192.168.3.2 255.255.255.0

no ip redirects

standby 3 ip 192.168.3.254

standby 3 priority 110 preempt



also not sure if you noticed but you had vlan1 withe the 192.268.2.x


this config will get hsrp to start working on vlan 2 and 3





harinirina Tue, 10/02/2007 - 06:59
User Badges:

Hi,


When an interface configured with "no switchport" try to ping a pc in one vlan, there's no reply.


I also try to create new vlan without standby, got same result.



it can ping the real ip address of other vlans but not the virtual ip address, which is the gateway of pcs in vlan.



How to do if i need to reach pcs in vlans from a "no switchport" interface ?

paul.matthews Tue, 10/02/2007 - 08:02
User Badges:
  • Silver, 250 points or more

A no switchport is a layer 3 interface, to ping through it you need to allocate another IP network to the port


int vlan2

ip address

no sh

int vlan3

ip address

no sh

int range fas 0/1 - 10

switchport

switch mode acce

switch acce vlan 2


int range fas 0/11 - 20

switchport

switch mode acce

switch acce vlan 3


will mean plug a PC in one of 1-10 with an address in that VLAN, and a PC in one of 11-20 and they should ping each other


int fas 0/21

switch acce vlan 2

no switch


and plug a PC into there, with an address in VLAN 2 and it won't work. to make it work you would need to


int fas 0/21

ip add


to set that up as an L3 interface with an address. The PC would need an address in that same subnet, and it should work.


Please note at all points, the PC must have an appropriate default gateway.


Paul.





harinirina Fri, 10/05/2007 - 01:11
User Badges:

Hi Paul,



Thanks for your reply.


I know all what you said but my problem is that i use hsrp on switch.


When there's no config on interfaces between 2 3750 (no "switchport mode" , no "no switchport" ), i can have :


Sw_A#sh standby

Vlan2 - Group 2

State is Active


Sw_B#sh standby

Vlan2 - Group 2

State is Init (interface down)



but i can't ping pc beyond the router ( the structure's PC1 --- Router --- 3750 --- LAN ).



And when interfaces between 2 3750 are on a trunk mode , i can ping PC1 but switchB is always active as long as there's cable connected to it.


I tried to disconnect all cables to switchB except the cable between the 2 3750, SwitchB remains active but there's no route to the outside.


Is there a way to avoid that situation ?



paul.matthews Fri, 10/05/2007 - 02:16
User Badges:
  • Silver, 250 points or more

I think we perhaps need to go back to the start!


Can you please upload the configs of the switches, a "sh int (interface) switch" of the trunk from each end, a sh stand from each switch (and the router if you are using that in HSRP as well) and a sh ip ro from both switches and the router.


Please also add a resonable diagram (including addresses) showing what you are trying to ping from where - it does not have to be anything fancy.


Thanks,

Paul.

harinirina Fri, 10/05/2007 - 07:59
User Badges:

Hi Paul,



Here attached the diagram of our lab (hsrp_lab.jpg) , the config on routers and switches (conf_hsrp.txt).


We ping from a PC in vlan2 to a pc on internet. On the diagram , it's from PC VLAN 2 to PC NET.




we've tested the following case of cable failure :


- cable between 2950 and SwitchA is disconnected

- cable between 2950 and SwitchB is disconnected

- cable marked with X in the attached diagram are disconneted



we have the same show output in the 2 first cases and also when all cables are connected.


In all cases, SwitchB is active and SwitchA standby.



I attached here the detail of show output (sh_output_hsrp.txt) when there's no cable failure and when there's.




Attachment: 
Anonymous (not verified) Fri, 01/25/2008 - 14:58
User Badges:


Anonymous (not verified) Fri, 01/25/2008 - 14:58
User Badges:


Actions

This Discussion