cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2048
Views
0
Helpful
6
Replies

hsrp arp issue

tdanetsco
Level 1
Level 1

Hi guys,

i have two cisco 3845, on both of them are configured :

- vlan100 (see below),

- a trunk ,

- HSRP

the issue is i cannot ping the ip address 172.16.4.1 from router 2 using as source vlan 100 (see below), in the arp table of router 2, no entry for 172.16.4.1, also router 1 is the active one for vlan 100 (see below)

Best Regards,

mustapha.

--------------------------------

router 1:

interface Vlan100

description L3 Vlan

ip address 172.16.4.2 255.255.255.0

no ip redirects

standby 1 ip 172.16.4.1

standby 1 priority 110

standby 1 preempt

standby 1 authentication md5 key-string 7 047A3F2B406E036A2A370D04001B

end

router 2:

interface Vlan100

description L3 Vlan

ip address 172.16.4.3 255.255.255.0

no ip redirects

standby 1 ip 172.16.4.1

standby 1 authentication md5 key-string 7 072E156101465621343C031F163A

end

----------------

Router2#ping 172.16.4.1 source vlan 100

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.4.1, timeout is 2 seconds:

Packet sent with a source address of 172.16.4.3

.....

Success rate is 0 percent (0/5)

--------------------------------

Router2#sh arp | i 172.16.4.1

Internet 172.16.4.184 119 0003.bae5.21fe ARPA Vlan100

Internet 172.16.4.186 12 0003.bae4.e60a ARPA Vlan100

Internet 172.16.4.187 1 0003.bae5.2516 ARPA Vlan100

Internet 172.16.4.188 202 0003.bae4.e60a ARPA Vlan100

Internet 172.16.4.190 119 0003.bae5.251e ARPA Vlan100

Internet 172.16.4.181 6 0003.bae5.21f6 ARPA Vlan100

Internet 172.16.4.168 119 0003.ba07.c9e2 ARPA Vlan100

Internet 172.16.4.161 12 0003.ba6d.1efa ARPA Vlan100

Internet 172.16.4.163 119 0003.ba24.9fe5 ARPA Vlan100

Internet 172.16.4.166 202 0003.ba07.c9e2 ARPA Vlan100

Internet 172.16.4.167 119 0003.ba07.c9e3 ARPA Vlan100

Internet 172.16.4.150 1 0003.ba6c.cfc7 ARPA Vlan100

Internet 172.16.4.11 1 0080.4218.778b ARPA Vlan100

Internet 172.16.4.12 202 0080.4218.778b ARPA Vlan100

Internet 172.16.4.121 1 0080.4217.9177 ARPA Vlan100

6 Replies 6

lamav
Level 8
Level 8

Post the outputs of a "sh standby brief" and a "sh log".

Are you able to PING other addresses on that vlan from router 2?

Are you sure that the VIP address is not being duplicated somewhere else on the network?

By the way, you dont have to source the PING because R2 will see it as a directly connected host on vlan 100 and use vlan 100 as the source L3 interface anyway.

Victor

Hi Victor,

there are servers on the same Vlan and directly connected to Router1 do not respond to ping requests from router2 but those directly connected to Router2 respond to ping requests.

IP address "172.16.4.10" is directly connected to Router1.

Router1#ping 172.16.4.10 source vlan 100

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.4.10, timeout is 2 seconds:

Packet sent with a source address of 172.16.4.2

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

Router2#ping 172.16.4.10 source vlan 100

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.4.10, timeout is 2 seconds:

Packet sent with a source address of 172.16.4.3

.....

Success rate is 0 percent (0/5)

2/ VIP seems not replicated.

3/ please find output command about "sh standby"

Router1#sh standby vlan 100

Vlan100 - Group 1

State is Active

5 state changes, last state change 2w0d

Virtual IP address is 172.16.4.1

Active virtual MAC address is 0000.0c07.ac01

Local virtual MAC address is 0000.0c07.ac01 (v1 default)

Hello time 1 sec, hold time 3 sec

Next hello sent in 0.960 secs

Authentication MD5, key-string "ATM///DCNhsrp"

Preemption enabled

Active router is local

Standby router is 172.16.4.3, priority 100 (expires in 2.908 sec)

Priority 110 (configured 110)

IP redundancy name is "hsrp-Vl100-1" (default)

Router2#sh standby vlan 100

Vlan100 - Group 1

State is Standby

3 state changes, last state change 2w0d

Virtual IP address is 172.16.4.1

Active virtual MAC address is 0000.0c07.ac01

Local virtual MAC address is 0000.0c07.ac01 (v1 default)

Hello time 1 sec, hold time 3 sec

Next hello sent in 0.852 secs

Authentication MD5, key-string "ATM///DCNhsrp"

Preemption disabled

Active router is 172.16.4.2, priority 110 (expires in 2.904 sec)

Standby router is local

Priority 100 (default 100)

IP redundancy name is "hsrp-Vl100-1" (default)

BR,

mustapha.

Mustapha:

It seems that there is a loss of Layer 2 adjacency between router 2 and the hosts hanging off of router 1.

Im assuming that the servers are really connected to switches, one hanging off of router 1 and the other off of router 2.

When you PING a host that the router's route table sees as "directly connected," it sends out an ARP broadcast for that host. The host should respond IF there is layer 2 continuity between the router and the host.

Im wondering if you could post a diagram and the switch configs if they exist.

Hi Victor,

after reloading Router2, the problem is fixed, how it can be explained ?

BR,

mustapha.

Mustapha:

Without running diagnostics on the router prior to reloading it, it is almost impossible to determine why it behaved in that erratic fashion.

I had a similar problem once and after bouncing the vlan interface, everything suddenly came up -- for a short period of time. It broke again when the network fully converged and the fact that there was another host on the network using the VIP address became evident.

Glad its working.

Clear the logs. Get some baseline information. And keep an eye on it.

HTH

Victor

Hi Victor,

the issue was only when ping requests were executed from Vlan interface on Router2 and not from the hosts connected to it.

Thank you for your help.

BR,

mustapha.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco