07-28-2009 08:07 AM - edited 03-06-2019 06:59 AM
Hi,
I don't understand why my HSRP configured vlan can't see my other switch which is also configured for HSRP. On my 3750 switch I get the following:
Vlan20 - Group 20
State is Active
5 state changes, last state change 00:22:04
Virtual IP address is 10.44.20.254
Active virtual MAC address is 0000.0c07.ac14
Local virtual MAC address is 0000.0c07.ac14 (v1 default)
Hello time 1 sec, hold time 2 sec
Next hello sent in 0.681 secs
Preemption enabled
Active router is local
Standby router is unknown
Priority 102 (configured 102)
IP redundancy name is "hsrp-Vl20-20" (default)
On my 6509 catos switch I get:
> (enable) show vtp domain
Domain Name Domain Index VTP Version Local Mode Password
-------------------------------- ------------ ----------- ----------- ----------
mg 1 2 server -
Vlan-count Max-vlan-storage Config Revision Notifications
---------- ---------------- --------------- -------------
37 1023 68 disabled
Last Updater V2 Mode Pruning PruneEligible on Vlans
--------------- -------- -------- -------------------------
10.44.4.252 disabled disabled 2-1000
Both switches are joined via an ISL trunk link.
Both switches can ping each other on their respective vlan's.
3750 config:
interface Vlan20
ip address 10.44.20.252 255.255.255.0
ip access-group Bg-In in
ip access-group Bg-Out out
no ip redirects
no ip unreachables
standby 20 ip 10.44.20.254
standby 20 timers 1 2
standby 20 priority 102
standby 20 preempt
end
6509 catos config:
interface Vlan20
ip address 10.44.20.253 255.255.255.0
ip access-group 12 in
ip access-group 11 out
no ip redirects
no ip unreachables
standby 20 ip 10.44.20.254
standby 20 timers 1 2
standby 20 priority 105
standby 20 preempt
end
Any thoughts on this?
Thanks
Dan
Solved! Go to Solution.
07-28-2009 08:16 AM
Hello Dan,
you have applied ACLs both inbound and outbound.
HSRP uses destination address 224.0.0.2 UDP port 1985 if this is not allowed on inbound ACL you are isolating the two HSRP speakers.
see
http://www.cisco.com/en/US/tech/tk648/tk362/technologies_q_and_a_item09186a00800a9679.shtml
We have seen this happening when configuring receive ACL a security feature on GSR and C7500.
Hope to help
Giuseppe
07-28-2009 08:16 AM
Hello Dan,
you have applied ACLs both inbound and outbound.
HSRP uses destination address 224.0.0.2 UDP port 1985 if this is not allowed on inbound ACL you are isolating the two HSRP speakers.
see
http://www.cisco.com/en/US/tech/tk648/tk362/technologies_q_and_a_item09186a00800a9679.shtml
We have seen this happening when configuring receive ACL a security feature on GSR and C7500.
Hope to help
Giuseppe
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide