HSRP issues

Unanswered Question


Can anybody please help me with the hsrp issues please.

I configured HSRP on two 3750 switches with 10 vlans configured on it. I connected both the switches to a L2 switch from where the connection is terminated to Router (outside network). I tried the switchover by shutting down one of the vlan (Vlan 10) interface manually and the standby router became active and the active router went to init mode. Switch over is working fine but the main issue is pcs connected to the vlan 10 are not able to access the outside network.

I checked that ip routing is enabled on both the L3 switches.

If i am not able to access the outside network there is no point of configuring HSRP for redundancy in my network.

I have attached my network layout about how i connected switches in the attachment.

Can anybody please assist me in solving the problem

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Nagendra Kumar ... Mon, 07/07/2008 - 01:34
User Badges:
  • Cisco Employee,


Are you able to reach the outside network from both the switches?..

Can you post the config?



Kevin Dorrell Mon, 07/07/2008 - 01:36
User Badges:
  • Green, 3000 points or more

The PCs should be set up so that they use the shared "standby" address of the HSRP as default gateway, and not the address of the individual L3 switches. (Check that there is no clash: each L3 switch should have its own IP address on VLAN 10, plus a third address that is shared between them ... three addresses in all. If in doubt post the configs of you VLAN 10 interfaces.)

I assume also that each of the L3 switches has routes to the outside world via the outside router.

What routing protocol do you have between the L3 switches and the outside router? You have to consider the failover mechanism on the VLAN that connects the L3 switches to the outside router as well. How does your ouside router know which of the L3 switches has a working VLAN 10 interface?

Kevin Dorrell


HI Kevin,

Thanks for your reply.

Here is the configuration on both the switches

Switch 1

interface Vlan10

description " Extra Vlan "

ip address

standby 10 ip

standby 10 priority 120

standby 10 preempt

Switch 2

interface Vlan10

description " Extra Vlan"

ip address

standby 10 ip

standby 10 priority 110

standby 10 preempt

Static route is configured on both the L3 switches to the outside Router and inter-vlan routing is taking place in the outside router.

ip route

Outside Router is managed by our ISP and it was running BGP

I can reach the outside network from both the L3 switches.

I am assuming the problem could be with STP on the switches which is blocking the connection from secondary L3 switch to outside network. Do you think that can be any problem.

Kevin Dorrell Mon, 07/07/2008 - 02:03
User Badges:
  • Green, 3000 points or more

I'm not sure what you mean about "inter-vlan routing is taking place in the outside router". Doesn't the L3 switch do the inter-VLAN?

Could you tell me a bit more about the configuration of the 10.10.1.x network? I suppose that is a VLAN too. So do you have HSRP running on that? And how is the routing arranged for incoming packets? If the outside router has a packet for, say,, how does it know which L3 switch to send it to?

Kevin Dorrell



In our scenario L3 switch is not performing the intervlan routing it was configured on the outside router. is the default gateway for both the L3 switches. 10.10.1.x is the range for Vlan 1. HSRP is running on that interface as well with the virtual IP

If the outside router needs to send the packet with ip then it should send to the HSRP IP for vlan 10 which is it is then determined by the HSRP to send the packet to active switch

Kevin Dorrell Mon, 07/07/2008 - 03:14
User Badges:
  • Green, 3000 points or more

Sorry, but I am still not there yet. If the L3 switches are carrying several VLAN interfaces, then they will do the inter-VLAN routing rather than sending the packets to the outside router. The L3 switch will see each VLAN as a "connected" network, which is more specific than the default route.

Try a show ip routing on one of the L3 switches and examine the routing table.

Kevin Dorrell


Kevin Dorrell Mon, 07/07/2008 - 03:39
User Badges:
  • Green, 3000 points or more

Sri, what am I thinking ... show ip route


HI Kevin,

when I issue sh ip route on L3 switch it displays that all the vlans are directly connected. However there should be a routing protol implemented in order to allow communication from one vlan to other vlan and that routing is not been configured on the 3750 switches. It is configured on outside router.

Do u think by configuring inter vlan routing on L3 switch could solve the problem.

Kevin Dorrell Mon, 07/07/2008 - 04:59
User Badges:
  • Green, 3000 points or more

If the show ip route tells you that the VLANs are connected, it means that your L3 switches are already doing your inter-VLAN routing. You do not need a routing protocol to route between directly connected networks.

What you could usefully add is a routing protocol on the VLAN that connects between your outside router and your L3 switches. That would tell the outside router which of the L3 switches has connections to the VLAN in question.

For example, most of the time VLAN 10 is accessible from either L3 switch. But if you shut down the SVI on one of the switches, then only the other one can pass traffic from the outside to VLAN 10. The router needs to know this somehow.

So, how is the routing arranged on your outside router?

Kevin Dorrell


Hi All

Can I just ask if the original poster has HSRP configured on just the inside interfaces or is it configured on both the inside and outside interfaces?

If HSRP is only on the inside interfaces, would the fact that a L2 switch is introduced between the L3 switches and the outside router not cause ARP issues, which might account for the connectivity problems being experienced?

If it was me, I would be looking for at least a /29 subnet from the ISP and configure HSRP both towards my insode hosts and the outside ISP router.

Best Regards,


Willem de Groot Tue, 07/08/2008 - 00:24
User Badges:


I have a simular Testnetwork.

What i have is a layer 2 trunk between the Layer 3 switches!

Ip Routing is activated!

Traffic from Vlan 5 to Vlan 10 won't go over the Router, it will be routed at layer 3 switches.

Seems to work fine, only that failover takes to long (may be a problem with my L2 2960G).

(I am working on that).

See my configs!

I have a PC @ Access and one @ router

They can iperf each other.

Let me know if this helps you



This Discussion