Standby router unknown - Help

Answered Question
Jul 28th, 2009

Hi,

I don't understand why my HSRP configured vlan can't see my other switch which is also configured for HSRP. On my 3750 switch I get the following:

Vlan20 - Group 20

State is Active

5 state changes, last state change 00:22:04

Virtual IP address is 10.44.20.254

Active virtual MAC address is 0000.0c07.ac14

Local virtual MAC address is 0000.0c07.ac14 (v1 default)

Hello time 1 sec, hold time 2 sec

Next hello sent in 0.681 secs

Preemption enabled

Active router is local

Standby router is unknown

Priority 102 (configured 102)

IP redundancy name is "hsrp-Vl20-20" (default)

On my 6509 catos switch I get:

> (enable) show vtp domain

Domain Name Domain Index VTP Version Local Mode Password

-------------------------------- ------------ ----------- ----------- ----------

mg 1 2 server -

Vlan-count Max-vlan-storage Config Revision Notifications

---------- ---------------- --------------- -------------

37 1023 68 disabled

Last Updater V2 Mode Pruning PruneEligible on Vlans

--------------- -------- -------- -------------------------

10.44.4.252 disabled disabled 2-1000

Both switches are joined via an ISL trunk link.

Both switches can ping each other on their respective vlan's.

3750 config:

interface Vlan20

ip address 10.44.20.252 255.255.255.0

ip access-group Bg-In in

ip access-group Bg-Out out

no ip redirects

no ip unreachables

standby 20 ip 10.44.20.254

standby 20 timers 1 2

standby 20 priority 102

standby 20 preempt

end

6509 catos config:

interface Vlan20

ip address 10.44.20.253 255.255.255.0

ip access-group 12 in

ip access-group 11 out

no ip redirects

no ip unreachables

standby 20 ip 10.44.20.254

standby 20 timers 1 2

standby 20 priority 105

standby 20 preempt

end

Any thoughts on this?

Thanks

Dan

I have this problem too.
0 votes
Correct Answer by Giuseppe Larosa about 7 years 4 months ago

Hello Dan,

you have applied ACLs both inbound and outbound.

HSRP uses destination address 224.0.0.2 UDP port 1985 if this is not allowed on inbound ACL you are isolating the two HSRP speakers.

see

http://www.cisco.com/en/US/tech/tk648/tk362/technologies_q_and_a_item09186a00800a9679.shtml

We have seen this happening when configuring receive ACL a security feature on GSR and C7500.

Hope to help

Giuseppe

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Giuseppe Larosa Tue, 07/28/2009 - 08:16

Hello Dan,

you have applied ACLs both inbound and outbound.

HSRP uses destination address 224.0.0.2 UDP port 1985 if this is not allowed on inbound ACL you are isolating the two HSRP speakers.

see

http://www.cisco.com/en/US/tech/tk648/tk362/technologies_q_and_a_item09186a00800a9679.shtml

We have seen this happening when configuring receive ACL a security feature on GSR and C7500.

Hope to help

Giuseppe

Actions

This Discussion