HSPR Problem

Unanswered Question
Apr 14th, 2008

have two cisco 4507 Switches one is acting as VTP server and switch 2 is client.

Both switch are trunk and i have confiugred the layer 2 Ether Channel on these two trunks.

I have around 7 vlans on switches and for each vlan i made a SVI and also configure these VLAN as HSRP.

switch 1 all vlan interfaces are active and switch 2 vlans are in standby mode. my active fw is connected

with switch one and failover is connected with switch 2.

user subnet is connected with vlan 7 and physical terminated on switch 1 ports 4/17 to 4/20 and having default gateway

of HSRP IP of VLAN 7, which is 172.28.31.163.

NOw problem is that, when switch one vlan 7 SVI goes down, and user is not able to reach any network.

though the gateway is virutal iP but still user is not able to reach anything.

Switch 1:

interface Vlan2

description ### To PDC-OUT-525-1 ###

ip address 172.28.31.65 255.255.255.248

standby 10 ip 172.28.31.67

standby 10 priority 250

standby 10 preempt

!

interface Vlan3

description ### TO PDC-Int-525-1 ###

ip address 172.28.31.81 255.255.255.248

standby 10 ip 172.28.31.83

standby 10 priority 250

standby 10 preempt

interface Vlan7

description ### To NOC###

ip address 172.28.31.161 255.255.255.224

standby 10 ip 172.28.31.163

standby 10 priority 250

standby 10 preempt

Switch 2:

interface Vlan2

description ### To PDC-OUT-525-2 ###

ip address 172.28.31.66 255.255.255.248

standby 10 ip 172.28.31.67

standby 10 priority 200

standby 10 preempt

!

interface Vlan3

description ### TO PDC-Int-525-2 ###

ip address 172.28.31.82 255.255.255.248

standby 10 ip 172.28.31.83

standby 10 priority 200

standby 10 preempt

interface Vlan7

description ### To NOC###

ip address 172.28.31.162 255.255.255.248

standby 10 ip 172.28.31.163

standby 10 priority 200

standby 10 preempt

please tell me how to provide the redundency and how to configure it and what is missing in my configuration

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
smothuku Mon, 04/14/2008 - 21:25

Hi ,

Whenever switch 1 SVI goes down then it decrements HSRP priority by 10 means priority of Switch 1 will ne 240 which is greater than Switch HSRp priorit i.e 200.

Do below modificatiosn and check the issue.

Switch 1:

interface Vlan2

description ### To PDC-OUT-525-1 ###

ip address 172.28.31.65 255.255.255.248

standby 10 ip 172.28.31.67

standby 10 priority 250

standby 10 preempt

!

interface Vlan3

description ### TO PDC-Int-525-1 ###

ip address 172.28.31.81 255.255.255.248

standby 10 ip 172.28.31.83

standby 10 priority 250

standby 10 preempt

interface Vlan7

description ### To NOC###

ip address 172.28.31.161 255.255.255.224

standby 10 ip 172.28.31.163

standby 10 priority 250

standby 10 preempt

Switch 2:

interface Vlan2

description ### To PDC-OUT-525-2 ###

ip address 172.28.31.66 255.255.255.248

standby 10 ip 172.28.31.67

standby 10 priority 240

standby 10 preempt

!

interface Vlan3

description ### TO PDC-Int-525-2 ###

ip address 172.28.31.82 255.255.255.248

standby 10 ip 172.28.31.83

standby 10 priority 240

standby 10 preempt

interface Vlan7

description ### To NOC###

ip address 172.28.31.162 255.255.255.248

standby 10 ip 172.28.31.163

standby 10 priority 240

standby 10 preempt

Thanks,

Satish

bvsnarayana03 Tue, 04/15/2008 - 00:03

satish has rightly mentioned. When a VLAN goes down then the default value by which the priority of the device decrease is 10. So the adjust the priority values with a difference of 10. however if you are monitoring specific interfaces, then you can change the value by which priority decrease.

Suppose you have configured HSRP for a router & are monitoring a serial interface of router, such that if the router serial interface goes down than the other swith gets control & traffic passes to other router. Then priority can be configured to go down by specific value. Below is the command:

standby 1 track se1/1 50

Where 50 is the value by which priority of the active switch goes down incase router se1/1 fails.

wasiimcisco Wed, 04/16/2008 - 13:23

Thanks for the reply, I will try to change the priority, but right now i tested following thing and it works for me, Instead of shut down SVI i shut down the port on which my firewall was connected.

Dear all, This is how I tested the configuration

My active firewall is connected with switch 1. Failover is connected with Switch 2. Both switch has one default gateway for Internet. same VLAN and same routing on both switches,

My firewalls are using HSRP as default gateway for going outside world,

user subnet is going outside by having default gateway of firewall inside,

from user computer, i start pinging outside world with -t.

Then i shut down the switch one access port in which active firewall was connected, as soon as i did, my failover firewall comes in action, and without getting any drop or brekage, user computer continues to ping outside world.

That means, if physical ports are shut or switch/firewall goes down, user traffic will move to standby switch/firewall.

now please tell me what is wrong with this thing, y this thing will mess up in future,

shall i remove the preempt command from switch 2.

Why HSRP will not work with OSPF, why it is so.

After hearing my testing, few people on another forum saying that this will creat problem for you, this and all that, if my test is successful, then how this will mess up in future.

Actions

This Discussion