HSRP on dual 6509's Issue

Unanswered Question
Dec 2nd, 2008
User Badges:

We are running HSRP on a pair of 6509's on 24 Vlan interfaces. I have a problem that has occurred twice now and I know the quick fix, but I want to see if what the root problem is.


The switch will stop routing certain traffic. For instance, the first time it occurred, we were unable to pull up the ILO board web pages in our server VLAN. All other traffic worked fine & you could get to the said pages if you were on the same VLAN. Removing the HSRP configuration and reapplying it for that one VLAN resolved the issue. Now today we are experiencing a very similar type of issue. When using VPN into the concentrator, users can get to 192.168.1.205 server but not to the 204 or 206. Also, I can ping the 2 VLAN interfaces and the HSRP address, but not telnet to any of them.


Thoughts?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Tue, 12/02/2008 - 12:34
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Nathan,

are any of your HSRP groups referring to secondary ip addresses ?


Are you using different HSRP group number on each Vlan ?

This is a required choice for LAN subinterfaces of a router but actually in a multilayer switch the usage of the same group number on different SVI Vlans is supported and to be preferred for scalability reasons.


also when the problem occurs what is the output of

sh standby vlan x (x the troubled vlan)

are the two devices in agreement about who is Active or are both claiming to be the Active router ?

This could cause problems.


Hope to help

Giuseppe



ralphcarter Tue, 12/02/2008 - 20:56
User Badges:

I would check to see if HSRP failed over during this time because you may be experiencing arp problems.


For Hsrp in a redundant aggregation switch configuration, you may have to modify the arp timeout to be less or equal to mac-address aging timeout.

nrichie Wed, 12/03/2008 - 06:13
User Badges:

Ralph,


There has been no changes to the active HSRP router since the switches were rebooted over a year ago.


TIA,


Nathan

nrichie Wed, 12/03/2008 - 06:12
User Badges:

Giuseppe,


Yes, we are using different group numbers for each VLAN. The output is as follows:


A

Vlan55 - Group 55

Local state is Active, priority 200, may preempt

Preemption delayed for at least 60 secs

Hellotime 1 sec, holdtime 3 sec

Next hello sent in 0.620

Virtual IP address is 192.168.55.1 configured

Active router is local

Standby router is 192.168.55.254 expires in 2.120

Virtual mac address is 0000.0c07.ac37

2 state changes, last state change 1y19w

IP redundancy name is "hsrp-Vl55-55" (default)


B

Vlan55 - Group 55

Local state is Standby, priority 100, may preempt

Preemption delayed for at least 60 secs

Hellotime 1 sec, holdtime 3 sec

Next hello sent in 0.956

Virtual IP address is 192.168.55.1 configured

Active router is 192.168.55.253, priority 200 expires in 2.252

Standby router is local

6 state changes, last state change 1y19w

IP redundancy name is "hsrp-Vl55-55" (default)



francisco_1 Wed, 12/03/2008 - 07:40
User Badges:
  • Gold, 750 points or more

the hsrp peering between the switches looks fine. do you have any logs on the switches to do with hsrp? "sh loggs". also might be useful to debug hsrp events and errors between switches. might be ip conflict as well with a devices on the network.


switch#debug sta

switch#debug standby ?

errors HSRP errors

events HSRP events

packets HSRP packets

terse Display limited range of HSRP errors, events and packets


switch#debug standby



Francisco


Actions

This Discussion