HSRP explaination needed

Unanswered Question
Dec 29th, 2008

can someone with extensive HSRP experience tell me what this message means?

R1 F1/0 ip address 192.168.1.2/24

R2 E0/1 ip address is 192.168.1.3/24

HSRP ip address is 192.168.1.1

Linux host ip address is 192.168.1.13

Everything is connected to the same switch with VLAN 10.

config on R1 F1/0:

interface FastEthernet1/0

ip address 192.168.1.2 255.255.255.0

load-interval 30

duplex auto

speed auto

standby 10 ip 192.168.1.1

standby 10 priority 110

standby 10 preempt

standby 10 authentication cisco123

standby 10 name group1

Config on R2 E0/1:

interface Ethernet0/1

ip address 192.168.1.3 255.255.255.0

half-duplex

standby 10 ip 192.168.1.1

standby 10 priority 105

standby 10 preempt

standby 10 authentication cisco123

standby 10 name group1

R1#sh stand b

P indicates configured to preempt.

|

Interface Grp Prio P State Active Standby Virtual IP

Fa1/0 10 110 P Active local 192.168.1.3 192.168.1.1

R1#

R2#sh stand b

P indicates configured to preempt.

|

Interface Grp Prio P State Active Standby Virtual IP

Et0/1 10 105 P Standby 192.168.1.2 local 192.168.1.1

R2#

Everything appears to be fine. However, tcpdump on the Linux host reveals the following:

[[email protected]-lab2 root]# tcpdump -nnn -i eth0 net 224.0.0.2 | grep unknown

tcpdump: listening on eth0

21:52:05.800864 192.168.1.3.1985 > 224.0.0.2.1985: HSRPv0-unknown (3) 16: state=initial group=2 [|hsrp] [tos 0xc0] [ttl 1]

21:52:33.909982 192.168.1.3.1985 > 224.0.0.2.1985: HSRPv0-unknown (3) 16: state=initial group=2 [|hsrp] [tos 0xc0] [ttl 1]

21:53:00.741247 192.168.1.3.1985 > 224.0.0.2.1985: HSRPv0-unknown (3) 16: state=initial group=2 [|hsrp] [tos 0xc0] [ttl 1]

21:53:28.682443 192.168.1.3.1985 > 224.0.0.2.1985: HSRPv0-unknown (3) 16: state=initial group=2 [|hsrp] [tos 0xc0] [ttl 1]

21:53:57.985459 192.168.1.3.1985 > 224.0.0.2.1985: HSRPv0-unknown (3) 16: state=initial group=2 [|hsrp] [tos 0xc0] [ttl 1]

21:54:26.639632 192.168.1.3.1985 > 224.0.0.2.1985: HSRPv0-unknown (3) 16: state=initial group=2 [|hsrp] [tos 0xc0] [ttl 1]

21:54:54.208061 192.168.1.3.1985 > 224.0.0.2.1985: HSRPv0-unknown (3) 16: state=initial group=2 [|hsrp] [tos 0xc0] [ttl 1]

22:02:32.895394 192.168.1.2.1985 > 224.0.0.2.1985: HSRPv0-hello 20: state=active group=10 addr=192.168.1.1 [tos 0xc0] [ttl 1]

22:02:32.995694 192.168.1.3.1985 > 224.0.0.2.1985: HSRPv0-hello 20: state=standby group=10 addr=192.168.1.1 [tos 0xc0] [ttl 1]

22:02:35.895322 192.168.1.2.1985 > 224.0.0.2.1985: HSRPv0-hello 20: state=active group=10 addr=192.168.1.1 [tos 0xc0] [ttl 1]

22:02:35.996345 192.168.1.3.1985 > 224.0.0.2.1985: HSRPv0-hello 20: state=standby group=10 addr=192.168.1.1 [tos 0xc0] [ttl 1]

As you can see R2 is sending out HSRP0-unknown. What does this mean? I see this

in both my lab and production environment. Is this something I should be concerned

with? Can someone explain this?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Richard Burts Mon, 12/29/2008 - 21:04

David

While I do not have a good explanation about what would cause this I believe that it is not something to worry about. The messages (and the show standby output) indicate that the configured HSRP is working as expected. I am not clear why R2 would generate these messages. But I notice that they are the initiation messages for group 2. I do not see anything that would cause the router to do anything about group 2, or why R2 would do it and not R1.

I am also puzzled about your output. If your command included this:

net 224.0.0.2 | grep unknown

then how do you get this;

22:02:32.895394 192.168.1.2.1985 > 224.0.0.2.1985: HSRPv0-hello 20: state=active group=10 addr=192.168.1.1 [tos 0xc0] [ttl 1]

22:02:32.995694 192.168.1.3.1985 > 224.0.0.2.1985: HSRPv0-hello 20: state=standby group=10 addr=192.168.1.1 [tos 0xc0] [ttl 1]

22:02:35.895322 192.168.1.2.1985 > 224.0.0.2.1985: HSRPv0-hello 20: state=active group=10 addr=192.168.1.1 [tos 0xc0] [ttl 1]

22:02:35.996345 192.168.1.3.1985 > 224.0.0.2.1985: HSRPv0-hello 20: state=standby group=10 addr=192.168.1.1 [tos 0xc0] [ttl 1]

since it does not include the string unknown?

HTH

Rick

cisco24x7 Tue, 12/30/2008 - 03:57

"The messages (and the show standby output) indicate that the configured HSRP is working as expected."

How can you be sure? Just because it shows

that everything looks correct does not mean

that there are not issues. I see random

packetloss on my network which may or may not

berelated to this but I need to rule this out

as a potential cause.

To anwer your 2nd question, I have two

different tcpdump "tcpdump -nnn -i eth0 net 224.0.0.2" and "tcpdump -nnn -i eth0 net 224.0.0.2 | grep unknown" and combine the

output.

mlund Tue, 12/30/2008 - 05:42

Hi

As Rick already stated, it seems that there is a config like "standby 2 ". Perhaps a config left from earlier, that is not used anymore.

Please share the output of "show running interface Ethernet0/1", taken from R2.

/Mikael

cisco24x7 Tue, 12/30/2008 - 06:55

R2#sh run int e0/1

Building configuration...

Current configuration : 212 bytes

!

interface Ethernet0/1

ip address 192.168.1.3 255.255.255.0

half-duplex

standby 10 ip 192.168.1.3

standby 10 priority 105

standby 10 preempt

standby 10 authentication cisco123

standby 10 name group1

end

R2#

John Blakley Tue, 12/30/2008 - 07:26

I agree with everyone else. It seems as though it's still looking for an old group 2. Maybe you should delete the HSRP config from R2 and recreate. Do you have any other HSRP configs on any of the other interfaces on this router?

HTH,

John

cisco24x7 Tue, 12/30/2008 - 07:44

"Do you have any other HSRP configs on any of the other interfaces on this router?"

NO

I performed the following on R2:

interface E0/1

no stand 10

no ip address

shut

(wait for 60 seconds)

ip address 192.168.1.3 255.255.255.0

standby 10 ip 192.168.1.3

standby 10 priority 105

standby 10 preempt

standby 10 authentication cisco123

standby 10 name group1

no shut

still has the same issue. Reboot ther router

several times with the same result.

John Blakley Tue, 12/30/2008 - 07:48

Are you connected to a layer 3 switch that has hsrp enabled on it? Tcpdump is getting it from somewhere. What happens if you debug hsrp on the router? Do you see the same error messages?

John

cisco24x7 Tue, 12/30/2008 - 07:53

everything is connected to a lay-2 3750 switch.

The switch is operating only in L2 mode. No L3.

tcpdump on the linux is getting it from the

router because this is multicast address.

Therefore, the linux server is definitely

seeing it from R2.

"debug stand events" and "debug stand packets"

shows me exactly what I am seeing on the Linux

box, minus the "HSRPv0-unknown"

cisco24x7 Wed, 12/31/2008 - 07:06

R2#sh debug

HSRP:

HSRP Events debugging is on

HSRP Packets debugging is on

R2#term mon

R2#

Dec 31 15:04:28.514: HSRP: Et0/1 Grp 10 Hello in 192.168.1.2 Active pri 110 vIP 192.168.1.1

R2#

Dec 31 15:04:29.532: HSRP: Et0/1 Grp 10 Hello out 192.168.1.3 Standby pri 105 vIP 192.168.1.1

R2#

Dec 31 15:04:31.511: HSRP: Et0/1 Grp 10 Hello in 192.168.1.2 Active pri 110 vIP 192.168.1.1

R2#

Dec 31 15:04:32.533: HSRP: Et0/1 Grp 10 Hello out 192.168.1.3 Standby pri 105 vIP 192.168.1.1

R2#

Dec 31 15:04:34.512: HSRP: Et0/1 Grp 10 Hello in 192.168.1.2 Active pri 110 vIP 192.168.1.1

R2#

Dec 31 15:04:35.534: HSRP: Et0/1 Grp 10 Hello out 192.168.1.3 Standby pri 105 vIP 192.168.1.1

Dec 31 15:04:35.878: HSRP: Et0/1 Redirect adv out, Passive, active 0 passive 1

R2#

Dec 31 15:04:37.513: HSRP: Et0/1 Grp 10 Hello in 192.168.1.2 Active pri 110 vIP 192.168.1.1

R2#

Dec 31 15:04:38.535: HSRP: Et0/1 Grp 10 Hello out 192.168.1.3 Standby pri 105 vIP 192.168.1.1

R2#

Dec 31 15:04:40.510: HSRP: Et0/1 Grp 10 Hello in 192.168.1.2 Active pri 110 vIP 192.168.1.1

R2#

Dec 31 15:04:41.536: HSRP: Et0/1 Grp 10 Hello out 192.168.1.3 Standby pri 105 vIP 192.168.1.1

R2#

Dec 31 15:04:43.511: HSRP: Et0/1 Grp 10 Hello in 192.168.1.2 Active pri 110 vIP 192.168.1.1

R2#

Giuseppe Larosa Wed, 12/31/2008 - 07:20

Hello David,

what if you add a PC with ethereal or wireshark on another port in the same VLan to compare the results of packet capture ?

Because there is no trace of standby 2 on R2 a third party could help to understand who's right here.

Hope to help

Giuseppe

cisco24x7 Wed, 12/31/2008 - 07:39

Giuseppe,

There are only three devices connected to a

stand-alone L2 switch, R1, R2 and the Linux

server. The switch is a 3550 switch and a

single VLAN 1.

I do not understand of adding another PC with

ethereal. I can accomplish the same on a linux

server using ethereal as well. I can

connect another Linux server and run capture multiple capture/tcpdump

Giuseppe Larosa Wed, 12/31/2008 - 09:23

Hello David,

the suggestion is that adding a third point of view.

you can add a linux box as well I would use a different software just to have some differences

Hope to help

Giuseppe

John Blakley Wed, 12/31/2008 - 10:38

Can you post the debugs from R1? In your R2 post, I don't see where it's trying to find a group 2, but I see it in your tcpdump. You also said that this one system is going into a 3750 that's configured as a L2 switch. So, you have:

linux --> switch --> router

There's nothing in-between?

Richard Burts Wed, 12/31/2008 - 10:53

John

While it might be interesting to see debugs from R1 the tcpdump output clearly shows the source address as being from R2.

David

I am quite puzzled that the tcpdump is reporting these packets but that the debug from R2 does not show R2 sending them. I am beginning to think that some other device (and perhaps some other utility) looking at the traffic might be helpful.

[edit] it is also very puzzling that the mystery packets are for HSRP group 2 but there is no configuration of group 2 on R2.

HTH

Rick

cisco24x7 Wed, 12/31/2008 - 11:34

Trust me when I say that there are only 3

devices connected to the L2 switch. I know

because I removed everything else. Still have

the same issue.

cisco24x7 Wed, 12/31/2008 - 11:35

Think of the switch as a dumb HUB. All three

devices, R1, R2 and linux connect to the same

VLAN 1 on the switch.

cisco24x7 Wed, 12/31/2008 - 17:28

yes, it is still an issue. Any ideas on how

to stop R2 from sending out "unknown" HSRP-v0?

insccisco Wed, 12/31/2008 - 17:32

No, I actually just started playing with HSRP. But if it looks like all is working and this is clearly an unexpected behavior, I would suggest to check at the IOS bug releases, perhaps you're hitting one and by upgrading the IOS will "fix" the issue....

pfillips11 Fri, 01/02/2009 - 06:59

What does show stand show on both R1 and R2?

If R2 is really sending something then it should show the initial HSRP state.

The debugs somehow do not indicate that its sending anything.

crow930us Mon, 01/12/2009 - 23:03

How often do you see these messages? Are they only at startup or do they occur over a certain period of time or after you finish some configuration changes?

21:54:26.639632 192.168.1.3.1985 > 224.0.0.2.1985: HSRPv0-unknown (3) 16: state=initial group=2 [|hsrp] [tos 0xc0] [ttl 1]

The reason I ask is because the initial phase is when HSRP either first comes up on an interface or when there is a configuration change done on an interface. Obviously the HSRPv0-unknown would be there if HSRP is first coming up. The default group for HSRP is 0 and you have a configured HSRP group of 10, so I'm not sure where the group=2 part is coming from.

The last 4 lines of output is where the two devices decide which is going to be the active router and the standby router, which is verified by the priorities assigned on each interface.

I didn't see anyone mention anything about the different states that HSRP goes through when it first starts up. To me the HSRPv0-unknown would be a normal message when the interface is first configured with HSRP or a change on the interface.

Actions

This Discussion