Standby router unknown - Help

Answered Question
Jul 28th, 2009
User Badges:

Hi,


I don't understand why my HSRP configured vlan can't see my other switch which is also configured for HSRP. On my 3750 switch I get the following:


Vlan20 - Group 20

State is Active

5 state changes, last state change 00:22:04

Virtual IP address is 10.44.20.254

Active virtual MAC address is 0000.0c07.ac14

Local virtual MAC address is 0000.0c07.ac14 (v1 default)

Hello time 1 sec, hold time 2 sec

Next hello sent in 0.681 secs

Preemption enabled

Active router is local

Standby router is unknown

Priority 102 (configured 102)

IP redundancy name is "hsrp-Vl20-20" (default)


On my 6509 catos switch I get:


> (enable) show vtp domain

Domain Name Domain Index VTP Version Local Mode Password

-------------------------------- ------------ ----------- ----------- ----------

mg 1 2 server -


Vlan-count Max-vlan-storage Config Revision Notifications

---------- ---------------- --------------- -------------

37 1023 68 disabled


Last Updater V2 Mode Pruning PruneEligible on Vlans

--------------- -------- -------- -------------------------

10.44.4.252 disabled disabled 2-1000


Both switches are joined via an ISL trunk link.


Both switches can ping each other on their respective vlan's.


3750 config:


interface Vlan20

ip address 10.44.20.252 255.255.255.0

ip access-group Bg-In in

ip access-group Bg-Out out

no ip redirects

no ip unreachables

standby 20 ip 10.44.20.254

standby 20 timers 1 2

standby 20 priority 102

standby 20 preempt

end


6509 catos config:


interface Vlan20

ip address 10.44.20.253 255.255.255.0

ip access-group 12 in

ip access-group 11 out

no ip redirects

no ip unreachables

standby 20 ip 10.44.20.254

standby 20 timers 1 2

standby 20 priority 105

standby 20 preempt

end


Any thoughts on this?


Thanks

Dan

Correct Answer by Giuseppe Larosa about 7 years 11 months ago

Hello Dan,

you have applied ACLs both inbound and outbound.


HSRP uses destination address 224.0.0.2 UDP port 1985 if this is not allowed on inbound ACL you are isolating the two HSRP speakers.


see

http://www.cisco.com/en/US/tech/tk648/tk362/technologies_q_and_a_item09186a00800a9679.shtml


We have seen this happening when configuring receive ACL a security feature on GSR and C7500.


Hope to help

Giuseppe


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Giuseppe Larosa Tue, 07/28/2009 - 08:16
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Dan,

you have applied ACLs both inbound and outbound.


HSRP uses destination address 224.0.0.2 UDP port 1985 if this is not allowed on inbound ACL you are isolating the two HSRP speakers.


see

http://www.cisco.com/en/US/tech/tk648/tk362/technologies_q_and_a_item09186a00800a9679.shtml


We have seen this happening when configuring receive ACL a security feature on GSR and C7500.


Hope to help

Giuseppe


Actions

This Discussion