HSRP (Cisco 7204 VXR) and Enterasys (SecureStack B3)

Unanswered Question
Mar 10th, 2010

Hi To All:

  I have a HSRP configuration on 2-7204VXR Routers, which was working properly using Catalyst 2900 XL Series switches.

I exchange the Cisco Switches for Enterasys SecureStack B3.


RTR1.

interface Ethernet1/2
  ip address 10.15.7.4 255.255.255.0
no ip redirects
ip nat inside
no ip mroute-cache
no logging event link-status
duplex half
no snmp trap link-status
no mop enabled
standby 14 ip 10.15.7.1
standby 14 priority 110
standby 14 preempt
standby 14 track Serial2/0:2 20
end


RTR2

interface Ethernet1/2
  ip address 10.15.7.2 255.255.255.0
no ip redirects
ip nat inside
no ip mroute-cache
no logging event link-status
duplex half
no snmp trap link-status
no mop enabled
standby 14 ip 10.15.7.1
standby 14 preempt
standby 14 track Serial2/2:2
end


The RTR1 is the Primary, tracking the Serial Port. If the Serial fails, it switch to RTR2.

The problem is that when the Serial on RTR1 fails, the HSRP stop working properly. The virtual IP is not accesible continuously.Is like the HSRP is switching between routers back and forth.


In a test I did, on the Enterasys the switch detects the port of the router who owns the Virtual-IP, the Master Router.


I contacted Enterasys and they couldn't help because the HSRP protocol runs on L2, in other words, should work.


Any Idea?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Wed, 03/10/2010 - 10:26

eorta wrote:


In a test I did, on the Enterasys the switch detects the port of the router who owns the Virtual-IP, the Master Router.


I contacted Enterasys and they couldn't help because the HSRP protocol runs on L2, in other words, should work.


Any Idea?


Hmmm, a quick search on google brought up a few issues with interoperability between these devices so i'm not sure Enterasys should be just saying it should just work !


HSRP uses 224.0.0.2 to send messages between the routers, perhaps the Enterasys switch treats multicast packets differently than the Cisco switch.


What was the "sh standby brief" on the routers showing before it tried to fail over ?


As for options -


1) put the Cisco switch back but i'm guessing this isn't an option


2) HSRP is Cisco proprietary. Perhaps try VRRP on the routers which is an Industry standard. If that doesn't work then at least Enterasys should be able to give a bit more help.


Jon

eorta Wed, 03/10/2010 - 11:06

On the Routers I pinged the 224.0.0.2 and it gave me the ports with hsrp configured. I did the same on the Switch and it didn't work. I guess because of the brand difference.


On another environment using two 2621 Routers and another B3 Switch I tryed to replicate the problem. And it didn't happend.

All worked fine. Sht.....


Im thinking to reload or disconnect RTR1 to see what happens!!!


Is there a troubleshoot technique on the routers that I can use, beside the debug, that i may use to acquire more info from the routers?

milan.kulik Thu, 03/11/2010 - 04:33

Hi,


do the routers see each other via HSRP?

sh standby

issued on the primary router should show the secondary router as stanby and vice versa.

You should see something like this on your secondary router:

router#sh stand
FastEthernet0/0.2 - Group 101 (version 2)
  State is Standby
    32 state changes, last state change 3d00h
  Virtual IP address is 10.10.1.1

  Active virtual MAC address is ...

Local virtual MAC address is ....

  Hello time 1 sec, hold time 5 sec
    Next hello sent in 0.996 secs
    Preemption enabled, delay min 10 secs
  Active router is 10.10.1.5, priority 110 (expires in 4.268 sec)
    MAC address is ....


If the routers don't see each othe via HSRP, there might be an L2 problem.


Or a misconfiguration.

I see RTR2:

standby 14 track Serial2/2:2

shouldn't there be some value added like

standby 14 track Serial2/2:2 20

?

HTH,

Milan 


Message was edited by: milan.kulik

eorta Thu, 03/11/2010 - 07:08

Hi:    

    -  Yes from each router they are able to see each oter with the "sho standby "

#sho standby eth1/2

Ethernet1/2 - Group 14
  State is Active
    171 state changes, last state change 00:46:26
  Virtual IP address is 10.15.7.1
  Active virtual MAC address is 0000.0c07.ac0e
    Local virtual MAC address is 0000.0c07.ac0e (default)
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 0.164 secs
  Preemption enabled
  Active router is local
  Standby router is 10.15.7.2, priority 100 (expires in 8.192 sec)
  Priority 110 (configured 110)
    Track interface Serial2/0:2 state Up decrement 20
  IP redundancy name is "hsrp-Et1/2-14" (default)


    -  The RTR2 is the Backup, maybe I don't need to track the Serial on it.


Also at the Switch, when I do the test, I verify the Mac addresses and the switch is able to identify the port of the Active Router.


Today I did another test.

  On RTR1 I shutted down the Serial, so my remote site switch to te backup. Also I disconnected physically the Eth Port from the Switch.

The first test, I loose ping to the Virtual IP, completly. On the second try, the ping to the virtual IP was intermittent.


There most be something with the Switch and the Code version int it, which is 01.02.04.005.


I guess I have to try with Enterasys Support again.

Actions

This Discussion

Related Content