03-30-2009 06:04 AM - edited 03-06-2019 04:54 AM
Hi guys,
i have two cisco 3845, on both of them are configured :
- vlan100 (see below),
- a trunk ,
- HSRP
the issue is i cannot ping the ip address 172.16.4.1 from router 2 using as source vlan 100 (see below), in the arp table of router 2, no entry for 172.16.4.1, also router 1 is the active one for vlan 100 (see below)
Best Regards,
mustapha.
--------------------------------
router 1:
interface Vlan100
description L3 Vlan
ip address 172.16.4.2 255.255.255.0
no ip redirects
standby 1 ip 172.16.4.1
standby 1 priority 110
standby 1 preempt
standby 1 authentication md5 key-string 7 047A3F2B406E036A2A370D04001B
end
router 2:
interface Vlan100
description L3 Vlan
ip address 172.16.4.3 255.255.255.0
no ip redirects
standby 1 ip 172.16.4.1
standby 1 authentication md5 key-string 7 072E156101465621343C031F163A
end
----------------
Router2#ping 172.16.4.1 source vlan 100
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.4.1, timeout is 2 seconds:
Packet sent with a source address of 172.16.4.3
.....
Success rate is 0 percent (0/5)
--------------------------------
Router2#sh arp | i 172.16.4.1
Internet 172.16.4.184 119 0003.bae5.21fe ARPA Vlan100
Internet 172.16.4.186 12 0003.bae4.e60a ARPA Vlan100
Internet 172.16.4.187 1 0003.bae5.2516 ARPA Vlan100
Internet 172.16.4.188 202 0003.bae4.e60a ARPA Vlan100
Internet 172.16.4.190 119 0003.bae5.251e ARPA Vlan100
Internet 172.16.4.181 6 0003.bae5.21f6 ARPA Vlan100
Internet 172.16.4.168 119 0003.ba07.c9e2 ARPA Vlan100
Internet 172.16.4.161 12 0003.ba6d.1efa ARPA Vlan100
Internet 172.16.4.163 119 0003.ba24.9fe5 ARPA Vlan100
Internet 172.16.4.166 202 0003.ba07.c9e2 ARPA Vlan100
Internet 172.16.4.167 119 0003.ba07.c9e3 ARPA Vlan100
Internet 172.16.4.150 1 0003.ba6c.cfc7 ARPA Vlan100
Internet 172.16.4.11 1 0080.4218.778b ARPA Vlan100
Internet 172.16.4.12 202 0080.4218.778b ARPA Vlan100
Internet 172.16.4.121 1 0080.4217.9177 ARPA Vlan100
03-30-2009 06:29 AM
Post the outputs of a "sh standby brief" and a "sh log".
Are you able to PING other addresses on that vlan from router 2?
Are you sure that the VIP address is not being duplicated somewhere else on the network?
By the way, you dont have to source the PING because R2 will see it as a directly connected host on vlan 100 and use vlan 100 as the source L3 interface anyway.
Victor
03-30-2009 08:25 AM
Hi Victor,
there are servers on the same Vlan and directly connected to Router1 do not respond to ping requests from router2 but those directly connected to Router2 respond to ping requests.
IP address "172.16.4.10" is directly connected to Router1.
Router1#ping 172.16.4.10 source vlan 100
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.4.10, timeout is 2 seconds:
Packet sent with a source address of 172.16.4.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
Router2#ping 172.16.4.10 source vlan 100
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.4.10, timeout is 2 seconds:
Packet sent with a source address of 172.16.4.3
.....
Success rate is 0 percent (0/5)
2/ VIP seems not replicated.
3/ please find output command about "sh standby"
Router1#sh standby vlan 100
Vlan100 - Group 1
State is Active
5 state changes, last state change 2w0d
Virtual IP address is 172.16.4.1
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 1 sec, hold time 3 sec
Next hello sent in 0.960 secs
Authentication MD5, key-string "ATM///DCNhsrp"
Preemption enabled
Active router is local
Standby router is 172.16.4.3, priority 100 (expires in 2.908 sec)
Priority 110 (configured 110)
IP redundancy name is "hsrp-Vl100-1" (default)
Router2#sh standby vlan 100
Vlan100 - Group 1
State is Standby
3 state changes, last state change 2w0d
Virtual IP address is 172.16.4.1
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 1 sec, hold time 3 sec
Next hello sent in 0.852 secs
Authentication MD5, key-string "ATM///DCNhsrp"
Preemption disabled
Active router is 172.16.4.2, priority 110 (expires in 2.904 sec)
Standby router is local
Priority 100 (default 100)
IP redundancy name is "hsrp-Vl100-1" (default)
BR,
mustapha.
03-30-2009 10:44 AM
Mustapha:
It seems that there is a loss of Layer 2 adjacency between router 2 and the hosts hanging off of router 1.
Im assuming that the servers are really connected to switches, one hanging off of router 1 and the other off of router 2.
When you PING a host that the router's route table sees as "directly connected," it sends out an ARP broadcast for that host. The host should respond IF there is layer 2 continuity between the router and the host.
Im wondering if you could post a diagram and the switch configs if they exist.
03-31-2009 04:52 AM
Hi Victor,
after reloading Router2, the problem is fixed, how it can be explained ?
BR,
mustapha.
03-31-2009 05:19 AM
Mustapha:
Without running diagnostics on the router prior to reloading it, it is almost impossible to determine why it behaved in that erratic fashion.
I had a similar problem once and after bouncing the vlan interface, everything suddenly came up -- for a short period of time. It broke again when the network fully converged and the fact that there was another host on the network using the VIP address became evident.
Glad its working.
Clear the logs. Get some baseline information. And keep an eye on it.
HTH
Victor
03-31-2009 05:30 AM
Hi Victor,
the issue was only when ping requests were executed from Vlan interface on Router2 and not from the hosts connected to it.
Thank you for your help.
BR,
mustapha.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide