6500 HSRP failover

Unanswered Question
Oct 8th, 2010

Hi Commnity,

We have two cisco 6500 swtiches. Switch A is a active state of HSRP and Switch B in stanby state, After 2 days we are going have go-live test for Switches failove redudancy.

Please see the sample HSRP confiuration for both switches

SWTICH A

interface Vlan 100
description << RECEPTION>>
ip address 10.1.2.254 255.255.255.0
ip route-cache flow
standby delay minimum 20 reload 25
standby 3 ip 10.1.2.1
standby 3 priority 110
standby 3 preempt delay minimum 380

SWITCH B

interface Vlan3
description << RECEPTION>>
ip address 10.1.2.253 255.255.255.0
ip route-cache flow
standby delay minimum 20 reload 25
standby 3 ip 10.1.2.1
standby 3 priority 95
standby 3 preempt delay minimum 380

SWITCH A# sh stanby brief

Interface   Grp      Prio      P     State        Active addr     Standby addr    Group addr

Vl3            3        110      P     Active       local              10.1.2.253        10.1.2.1

SWITCH B #

Interface   Grp      Prio      P     State        Active addr     Standby addr    Group addr

Vl3            3        95        P     Standby    local               local       10.1.2.1

If there is any misconfiguration, your sugesstion will be highly appreciated.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
Jon Marshall Fri, 10/08/2010 - 10:11

Looks okay to me. Just remember there will be delays in failing over and failing back again because you have delay timers but it shoudl all work fine.

Jon

samirshaikh52 Fri, 10/08/2010 - 10:19

Thanks for your reply.

You mean to say that it will take 380 seconds for standby to cover the failover.

samirshaikh52 Tue, 10/12/2010 - 10:40

Hi

For testing purpose I shut down vlan interface by using the command shut

but stanby switch was not able to take over.


output of sh stanby brief command on stanby switch

Vl19        19  95   P Active   local           unknown         10.1.18.1

output of sh stanby brief command on previously active swithc

Vl19        19  110  P Init     unknown         unknown         10.1.18.1

Please help me Why does it happen ?

jonesm111 Tue, 10/12/2010 - 15:31

You may want to verify the two switches are linked together with layer 3..

samirshaikh52 Wed, 10/13/2010 - 12:31

Yes I have systems to switchport and they are configrured in that vlan ie switcport access vlan 19.

however that vlan is up

The issue I am facing right now is

When I shutdown the vlan 19 and after doing that systems in this vlan cannot ping any other device but i can ping virtual ip

Jon Marshall Wed, 10/13/2010 - 12:36

samirshaikh52 wrote:

Hi

For testing purpose I shut down vlan interface by using the command shut

but stanby switch was not able to take over.


output of sh stanby brief command on stanby switch

Vl19        19  95   P Active   local           unknown         10.1.18.1

output of sh stanby brief command on previously active swithc

Vl19        19  110  P Init     unknown         unknown         10.1.18.1

Please help me Why does it happen ?

This output shows that it has worked ie.

the standby is active for that vlan and you get the "unknown" because you have shutdown the interface on the other switch.

This is exactly what you would expect to see so can you clarify exactly what problems you are having ?

Jon

samirshaikh52 Wed, 10/13/2010 - 12:40

But presently I am facing this issue

After shuting down the vlan interface 19, the systems in this vlan cannot reach other device.However I can ping the vip from the system.

jonesm111 Wed, 10/13/2010 - 13:00

Another thing you may want to check is to make sure that vlan is included in the trunk between both switches and not pruned...

samirshaikh52 Wed, 10/13/2010 - 13:10

I have double checked the vlan is included with the trunk and its not pruned.

jonesm111 Wed, 10/13/2010 - 13:20

The only other things that I can think of is to clear arp on both switches and verify the hosts

have the correct ip settings, especially the mask.

samirshaikh52 Wed, 10/13/2010 - 13:24

I am 100% sure with ip settings on the pc..it is ok

and i have check arp cache.

Really this problem is driving me crazy.

Would you like to see STP config, if anything related to this issue.

Jon Marshall Wed, 10/13/2010 - 13:22

samirshaikh52 wrote:

But presently I am facing this issue

After shuting down the vlan interface 19, the systems in this vlan cannot reach other device.However I can ping the vip from the system.

We need fair bit more info. Can you -

1) provide the config of vlan 19 off both switches

2) provide "sh int trunk" from the 6500 switches and indicate which trunk is the one connecting the 2 6500 switches.

the device you are pinging from -

1) if it is windows can you provide the output of "ipconfig /all"

the switch that this device is connected to -

1) can you provide output of "sh int trunk" indicating which trunk links are connected to the 6500 switches.

I will need all of the above info.

Jon

jonesm111 Wed, 10/13/2010 - 13:36

Clear arp instead of checking could take care of arp poisining

I think I would also try to minimize the hsrp config to just:

standby ip x.x.x.x

otherwise, what Jon says

samirshaikh52 Wed, 10/13/2010 - 13:38

Hi jon,


1. config of vlan 19

interface Vlan19
ip address 10.1.19.254 255.255.255.0
ip route-cache flow
standby 19 ip 10.1.19.1
standby 19 timers 5 15
standby 19 priority 110
standby 19 preempt

2. output of sh int trunk

Core A

Port        Mode    Encapsulation        Status      Native Vlan

Gi2/23    desirable    n-isl                 trunking      1

Port                  Vlans Allowed

Gi2/23               1-29,40,100-103

Port                 Vlans in spanning tree forwarding state and not pruned

Gi2/23              1-29,40,100-103

Core B

Port        Mode    Encapsulation        Status      Native Vlan

Gi2/23    desirable    n-isl                 trunking      1

Port                  Vlans Allowed

Gi2/23               1-29,40,100-103

Port                 Vlans in spanning tree forwarding state and not pruned

Gi2/23              1-29,40,100-103

3. ouput of ipconfig /all


Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) 82567LM-3 Gigabit Network Connec
tion
   Physical Address. . . . . . . . . : 00-23-7D-49-A5-BE
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 10.1.19.10(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.1.19.1
   DNS Servers . . . . . . . . . . . : 10.1.2.2
                                               10.1.2.4
   NetBIOS over Tcpip. . . . . . . . : Enabled

4. sh int trunk

Port      Mode         Encapsulation  Status        Native vlan
Gi1/1     desirable    n-802.1q       trunking      1
Gi1/2     desirable    n-isl          trunking      1
Gi1/3     desirable    n-isl          trunking      1
Gi1/4     desirable    n-isl          trunking      1
Gi1/5     desirable    n-isl          trunking      1
Gi1/6     desirable    n-isl          trunking      1
Gi1/7     desirable    n-isl          trunking      1
Gi1/8     desirable    n-isl          trunking      1
Gi1/9     desirable    n-isl          trunking      1
Gi1/10    desirable    n-isl          trunking      1
Gi1/11    desirable    n-802.1q       trunking      1
Gi1/12    desirable    n-isl          trunking      1
Gi1/13    desirable    n-isl          trunking      1
Gi1/14    desirable    n-isl          trunking      1
Gi1/15    desirable    n-isl          trunking      1
Gi1/16    desirable    n-isl          trunking      1
Gi1/17    desirable    n-isl          trunking      1
Gi1/18    desirable    n-isl          trunking      1
Gi1/19    desirable    n-isl          trunking      1
Gi1/20    desirable    n-isl          trunking      1
Gi1/21    desirable    n-isl          trunking      1
Gi1/22    desirable    n-isl          trunking      1
Gi1/23    desirable    n-isl          trunking      1
Gi1/24    desirable    n-isl          trunking      1
Gi2/1     desirable    n-isl          trunking      1
Gi2/2     desirable    n-isl          trunking      1
Gi2/3     desirable    n-802.1q       trunking      1
Gi2/4     desirable    n-isl          trunking      1
Gi2/5     desirable    n-802.1q       trunking      1
Gi2/6     desirable    n-802.1q       trunking      1
Gi2/23    desirable    n-isl          trunking      1
Gi2/24    desirable    n-802.1q       trunking      1

Port      Vlans allowed on trunk
Gi1/1     1-4094
Gi1/2     1-4094
Gi1/3     1-4094
Gi1/4     1-4094
Gi1/5     1-4094
Gi1/6     1-4094
Gi1/7     1-4094
Gi1/8     1-4094
Gi1/9     1-4094
Gi1/10    1-4094
Gi1/11    1-4094
Gi1/12    1-4094
Gi1/13    1-4094
Gi1/14    1-4094
Gi1/15    1-4094
Gi1/16    1-4094
Gi1/17    1-4094
Gi1/18    1-4094
Gi1/19    1-4094
Gi1/20    1-4094
Gi1/21    1-4094
Gi1/22    1-4094
Gi1/23    1-4094
Gi1/24    1-4094
Gi2/1     1-4094

Port      Vlans allowed on trunk
Gi2/2     1-4094
Gi2/3     1-4094
Gi2/4     1-4094
Gi2/5     1-4094
Gi2/6     1-4094
Gi2/23    1-4094
Gi2/24    1-4094

Port      Vlans allowed and active in management domain
Gi1/1     1-29,40,100-103
Gi1/2     1-29,40,100-103
Gi1/3     1-29,40,100-103
Gi1/4     1-29,40,100-103
Gi1/5     1-29,40,100-103
Gi1/6     1-29,40,100-103
Gi1/7     1-29,40,100-103
Gi1/8     1-29,40,100-103
Gi1/9     1-29,40,100-103
Gi1/10    1-29,40,100-103
Gi1/11    1-29,40,100-103
Gi1/12    1-29,40,100-103
Gi1/13    1-29,40,100-103
Gi1/14    1-29,40,100-103
Gi1/15    1-29,40,100-103
Gi1/16    1-29,40,100-103
Gi1/17    1-29,40,100-103
Gi1/18    1-29,40,100-103
Gi1/19    1-29,40,100-103
Gi1/20    1-29,40,100-103
Gi1/21    1-29,40,100-103
Gi1/22    1-29,40,100-103
Gi1/23    1-29,40,100-103
Gi1/24    1-29,40,100-103
Gi2/1     1-29,40,100-103
Gi2/2     1-29,40,100-103
Gi2/3     1-29,40,100-103
Gi2/4     1-29,40,100-103
Gi2/5     1-29,40,100-103
Gi2/6     1-29,40,100-103
Gi2/23    1-29,40,100-103
Gi2/24    1-29,40,100-103

Port      Vlans in spanning tree forwarding state and not pruned
Gi1/1     1-29,40,100-103
Gi1/2     1-29,40,100-103
Gi1/3     1-29,40,100-103
Gi1/4     1-29,40,100-103
Gi1/5     1-29,40,100-103
Gi1/6     1-29,40,100-103
Gi1/7     1-29,40,100-103
Gi1/8     1-29,40,100-103
Gi1/9     1-29,40,100-103
Gi1/10    1-29,40,100-103
Gi1/11    1-29,40,100-103
Gi1/12    1-29,40,100-103
Gi1/13    1-29,40,100-103
Gi1/14    1-29,40,100-103
Gi1/15    1-29,40,100-103
Gi1/16    1-29,40,100-103
Gi1/17    1-29,40,100-103
Gi1/18    1-29,40,100-103

Port      Vlans in spanning tree forwarding state and not pruned
Gi1/19    1-29,40,100-103
Gi1/20    1-29,40,100-103
Gi1/21    1-29,40,100-103
Gi1/22    1-29,40,100-103
Gi1/23    1-29,40,100-103
Gi1/24    1-29,40,100-103
Gi2/1     1-29,40,100-103
Gi2/2     1-29,40,100-103
Gi2/3     1-29,40,100-103
Gi2/4     1-29,40,100-103
Gi2/5     1-29,40,100-103
Gi2/6     1-29,40,100-103
Gi2/23    1-29,40,100-103
Gi2/24    1-29,40,100-103

Jon Marshall Wed, 10/13/2010 - 13:44

Okay that all looks okay but one thing -

in your previous post of "sh standby brief" after shutting the active interface the VIP is 10.1.18.1

whereas in the most recent output it is 10.1.19.1

Can you clarify ?

Jon

Jon Marshall Wed, 10/13/2010 - 13:53

So have you tested it with both set to 10.1.19.1 ??

The switch that the device is connected to has a lot of trunk links. How it is connected to the core switches and how is it connected to other switches.

More importantly can you run this command on that switch and both 6500 switches -

sh spantree vlan 19

Jon

Jon Marshall Wed, 10/13/2010 - 14:11

Thanks, but i'm confused again.

Your switch shows these links -

Gi1/0/8             Desg FWD 100       128.8    P2p
Gi1/0/16            Desg FWD 19        128.16   P2p
Gi1/0/49            Root FWD 4         128.49   P2p
Gi1/0/50            Altn BLK 4         128.50   P2p

but from previous output where you posted "sh int trunk" (no 4 in the list of outputs) from the access switch none of these ports are present. So what did you post before ? What switch was that ?

You need to make the information consistent or else it is very hard to help you.

From the above outputs which is the connection back to the 6500 - presumably gi1/0/49 ? Can you confirm that is the connection back to the 6500 switch and also can you post "sh int trunk" from this device.

Jon

samirshaikh52 Wed, 10/13/2010 - 14:19

No 4 in the previous post was the complete output of sh int trunk for CORE A


This links was for the access switch.

Gi1/0/8             Desg FWD 100       128.8    P2p
Gi1/0/16            Desg FWD 19        128.16   P2p
Gi1/0/49            Root FWD 4         128.49   P2p
Gi1/0/50            Altn BLK 4         128.50   P2p


Here it is the output of sh int trunk on access switch

Port        Mode             Encapsulation  Status        Native vlan
Gi1/0/49    on               802.1q         trunking      1
Gi1/0/50    on               802.1q         trunking      1

Yes. Gi1/0/49 is the connection port to CORE A

and Gi1//0/50 is the connection to CORE B

Port        Vlans allowed on trunk
Gi1/0/49    1-4094
Gi1/0/50    1-4094

Port        Vlans allowed and active in management domain
Gi1/0/49    1-29,40,100-103
Gi1/0/50    1-29,40,100-103

Port        Vlans in spanning tree forwarding state and not pruned
Gi1/0/49    1-29,40,100-103
Gi1/0/50    none

Jon Marshall Wed, 10/13/2010 - 14:27

Okay, thanks for that.

There is nothing wrong as far as i can see with your config for vlan 19 assuming you have tested using 10.1.9.1 on both switches. So assuming it is not a problem with vlan 19 -

But presently I am facing this issue

After shuting down the vlan interface 19, the systems in this vlan cannot reach other device.However I can ping the vip from the system.

what device are you trying to reach in one of the other vlans ?

So your source device is vlan 19, what are device are you trying to get to ie. what vlan is it in ? We may well have to go through a similiar process for this vlan as well if that's okay with you ?

So firstly, what vlan is the other device in, what switch is it connected to, how is this switch connected to the 6500 switches ?

Jon

samirshaikh52 Wed, 10/13/2010 - 14:32

I am trying to reach a device which is in vlan 2 and it is connected switch located in othe floor.

I have no problem to provide more info.

Big thanks for your efforts

Jon Marshall Wed, 10/13/2010 - 14:36

samirshaikh52 wrote:

I am trying to reach a device which is in vlan 2 and it is connected switch located in othe floor.

I have no problem to provide more info.

Big thanks for your efforts

Okay this switch, is it also connected to 6500 switches ? If so -

1) when you shutdown the active HSRP gateway for vlan 19 so it fails over to the other 6500 where is the active gateway for vlan 2 ie. is it on the switch with the shutdown vlan 19 interface or is it on the switch with the now active vlan 19 interface.

2) Can you post "sh int trunk" from this other switch with vlan 2.

3) can you post "sh spantree vlan 2" from 6500 switches and this other switch.

Note i'm assuming that vlan 2 is also routed on the 6500 switch, if it isn't before providing the above outputs can you confirm where it is routed from.

Jon

samirshaikh52 Wed, 10/13/2010 - 14:46

Yes this switch is also connected to both CORE A and CORE B

1. It is on the switch with shutdown interface vlan 19

2.sh int trunk from the other switch

Port        Mode             Encapsulation  Status        Native vlan
Gi1/0/49    on               802.1q         trunking      1
Gi1/0/50    on               802.1q         trunking      1

Port        Vlans allowed on trunk
Gi1/0/49    1-4094
Gi1/0/50    1-4094

Port        Vlans allowed and active in management domain
Gi1/0/49    1-29,40,100-103
Gi1/0/50    1-29,40,100-103

Port        Vlans in spanning tree forwarding state and not pruned
Gi1/0/49    1-29,40,100-103
Gi1/0/50    none



AND VLAN 2 is routed on CORE A

3. CORE A - sh spanning-tree vlan 2

VLAN0002
  Spanning tree enabled protocol ieee
  Root ID    Priority    8192
             Address     001a.e3f5.4402
             This bridge is the root
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    8192
             Address     001a.e3f5.4402
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 300

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- -------------------------
Gi1/1            Desg FWD 4         128.1    P2p
Gi1/2            Desg FWD 4         128.2    P2p
Gi1/3            Desg FWD 4         128.3    P2p
Gi1/4            Desg FWD 4         128.4    P2p
Gi1/5            Desg FWD 4         128.5    P2p
Gi1/6            Desg FWD 4         128.6    P2p
Gi1/7            Desg FWD 4         128.7    P2p
Gi1/8            Desg FWD 4         128.8    P2p
Gi1/9            Desg FWD 4         128.9    P2p

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- -------------------------

Gi1/10           Desg FWD 4         128.10   P2p
Gi1/11           Desg FWD 4         128.11   P2p
Gi1/12           Desg FWD 4         128.12   P2p
Gi1/13           Desg FWD 4         128.13   P2p
Gi1/14           Desg FWD 4         128.14   P2p
Gi1/15           Desg FWD 4         128.15   P2p
Gi1/16           Desg FWD 4         128.16   P2p
Gi1/17           Desg FWD 4         128.17   P2p
Gi1/18           Desg FWD 4         128.18   P2p
Gi1/19           Desg FWD 4         128.19   P2p
Gi1/20           Desg FWD 4         128.20   P2p
Gi1/21           Desg FWD 4         128.21   P2p
Gi1/22           Desg FWD 4         128.22   P2p
Gi1/23           Desg FWD 4         128.23   P2p
Gi1/24           Desg FWD 4         128.24   P2p
Gi2/1            Desg FWD 4         128.129  P2p
Gi2/2            Desg FWD 4         128.130  P2p
Gi2/3            Desg FWD 4         128.131  P2p
Gi2/4            Desg FWD 4         128.132  P2p
Gi2/6            Desg FWD 4         128.134  P2p
Gi2/7            Desg FWD 4         128.135  P2p
Gi2/8            Desg FWD 4         128.136  P2p
Gi2/23           Desg FWD 4         128.151  P2p

CORE- sh spanning-tree vlan 2

VLAN0002
  Spanning tree enabled protocol ieee
  Root ID    Priority    8192
             Address     001a.e3f5.4402
             Cost        4
             Port        151 (GigabitEthernet2/23)
             Hello Time   2 sec  Max Age 20 sec  Forw

  Bridge ID  Priority    16384
             Address     001a.e3f5.5402
             Hello Time   2 sec  Max Age 20 sec  Forw
             Aging Time 300

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------
Gi1/1            Desg FWD 4         128.1    P2p
Gi1/2            Desg FWD 4         128.2    P2p
Gi1/3            Desg FWD 4         128.3    P2p
Gi1/4            Desg FWD 4         128.4    P2p
Gi1/5            Desg FWD 4         128.5    P2p
Gi1/6            Desg FWD 4         128.6    P2p
Gi1/7            Desg FWD 4         128.7    P2p
Gi1/8            Desg FWD 4         128.8    P2p

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------

Gi1/9            Desg FWD 4         128.9    P2p
Gi1/10           Desg FWD 4         128.10   P2p
Gi1/11           Desg FWD 4         128.11   P2p
Gi1/12           Desg FWD 4         128.12   P2p
Gi1/13           Desg FWD 4         128.13   P2p
Gi1/14           Desg FWD 4         128.14   P2p
Gi1/15           Desg FWD 4         128.15   P2p
Gi1/16           Desg FWD 4         128.16   P2p
Gi1/17           Desg FWD 4         128.17   P2p
Gi1/18           Desg FWD 4         128.18   P2p
Gi1/19           Desg FWD 4         128.19   P2p
Gi1/20           Desg FWD 4         128.20   P2p
Gi1/21           Desg FWD 4         128.21   P2p
Gi1/22           Desg FWD 4         128.22   P2p
Gi1/23           Desg FWD 4         128.23   P2p
Gi1/24           Desg FWD 4         128.24   P2p
Gi2/1            Desg FWD 4         128.129  P2p
Gi2/2            Desg FWD 4         128.130  P2p
Gi2/3            Desg FWD 4         128.131  P2p
Gi2/4            Desg FWD 4         128.132  P2p
Gi2/5            Desg FWD 4         128.133  P2p
Gi2/6            Desg FWD 4         128.134  P2p
Gi2/23           Root FWD 4         128.151  P2p
Gi2/24           Desg FWD 4         128.152  P2p

Jon Marshall Wed, 10/13/2010 - 14:54

Okay, nothing obvious.

When you shutdown the vlan 19 interface and failover you cannot ping a device in vlan 2 from a device in vlan 19.

Can you ping the vlan 2 VIP from the device in vlan 19 when the vlan 19 interface has failed over ?

Also it's getting a bit late here in UK so i'll have to pick this one up tomorrow.

Edit - can you also post the L3 vlan interface configuration from both 6500 switches for -

vlan 19 ( i know you've posted before but please again)

vlan 2

Jon

samirshaikh52 Wed, 10/13/2010 - 15:00

No problem. We will continue tomorrow.

But I'll just let you know after shuting down vlan 19, from the workstation  i can only ping the VIP of vlan 19 and i cannot ping anything other than that.and  not able to reach any other vlan

Again thanks for your support. See you tomorrow. Just give me a reply once you get back.

samirshaikh52 Wed, 10/13/2010 - 15:12

CORE A

interface Vlan19
ip address 10.1.19.254 255.255.255.0
ip route-cache flow
standby 19 ip 10.1.19.1
standby 19 timers 5 15
standby 19 priority 110
standby 19 preempt

config vlan 2

interface Vlan2
ip address 10.1.2.254 255.255.255.0
ip route-cache flow

standby delay minimum 10 reload 25
standby 2 ip 10.1.2.1
standby 2 priority 110
standby 2 preempt delay minimum 380

CORE B

interface Vlan19
ip address 10.1.19.253 255.255.255.0
ip route-cache flow
standby 19 ip 10.1.19.1
standby 19 timers 5 15
standby 19 priority 110
standby 19 preempt

interface Vlan2
  ip address 10.1.2.253 255.255.255.0
  ip route-cache flow

standby delay minimum 10 reload 25
standby 2 ip 10.1.2.1
standby 2 priority 95
standby 2 preempt delay minimum 380

Jon Marshall Thu, 10/14/2010 - 03:29

Okay back again.

So you shut down the vlan 19 interface on core A. So the paht traffic takes from your clients is -

1) the client switch is not blocking (STP) on the uplink to core A. So the device sends a packet to core A with the destination address of 10.1.9.1. Core A then switches this packet (at L2) to core B because that is where the active gateway is for vlan 19.

so that works.

Now to then ping vlan 2 interface (lets not worry about the client just yet) -

1) as above

2) core B routes the packet onto vlan 2 and then switches the packet back across the L2 trunk to core A because that is where the VIP is for vlan 2.

Step 2 seems to be where it is failing. You also confirm you cannot ping any other L3 vlan interfaces.

So, a few quick tests.

1) Instead of ping vlan 2 VIP can you ping the vlan 2 ip address on Core B ie. 10.1.2.253 ?

2) From core B can you ping the device in vlan 19 with a source IP of vlan 2 interface as above. You will need to extended ping on the 6500 to set the source interface.

3) If 2 works can you go onto Core A and try to ping vlan 19 device using source IP of vlan 2 ie. 10.1.2.254

Jon

samirshaikh52 Thu, 10/14/2010 - 03:42

Hi Jon,

Thanks you for reply.

1. Instead of ping vlan 2 VIP can you ping the vlan 2 ip address on Core B ie. 10.1.2.253 ?

Yes, I can ping 10.1.2.253 from device in vlan 19

2.From core B can you ping the device in vlan 19 with a source IP of vlan 2 interface as above. You will need to extended ping on the 6500 to set the source interface

Yes, I can ping the device in vlan 19 from the CORE B

3,If 2 works can you go onto Core A and try to ping vlan 19 device using source IP of vlan 2 ie. 10.1.2.254

Yes I can pint the device

ping 10.1.19.2 source vlan 2

All of them works.

samirshaikh52 Thu, 10/14/2010 - 04:15

The shoking point here is that I can ping device in vlan 19 from any vlan device.

Jon Marshall Thu, 10/14/2010 - 04:25

samirshaikh52 wrote:

The shoking point here is that I can ping device in vlan 19 from any vlan device.

Just to confirm where we are.

With the vlan 19 interface shutdown on Core A you can -

1) ping any device in vlan 19 from any other device ? So you can ping the client device 10.1.9.10 from any other vlan device

2) but you cannot ping any other vlan device from the client 10.1.9.10 ? Is that correct.

When you do this testing is the vlan 19 interface on core A still shutdown ?  If so can you -

1) bring it back up, make sure it has become active and then try to ping a vlan 2 device from 10.1.9.10

2) shut it down, make sure Core B has become active and then try to ping the same vlan 2 device

Jon

samirshaikh52 Thu, 10/14/2010 - 04:38

1) ping any device in vlan 19 from any other device ? So you can ping the client device 10.1.9.10 from any other vlan device

2) but you cannot ping any other vlan device from the client 10.1.9.10 ? Is that correct.


That's absolutely correct.

yes the vlan 19 was shutdown.

1) bring it back up, make sure it has become active and then try to ping a vlan 2 device from 10.1.9.10

After bringing up vlan 19 i can ping immediately to any device from the pc 10.1.19.10

2) shut it down, make sure Core B has become active and then try to ping the same vlan 2 device

After shuting down immedtiately it starts giving request timed out.

Jon Marshall Thu, 10/14/2010 - 04:49

Okay,

Can we go back to a basic config for the vlan 19 HSRP ie.

Core A -

interface Vlan19
ip address 10.1.19.254 255.255.255.0
ip route-cache flow
standby 19 ip 10.1.19.1

standby 19 priority 110
standby 19 preempt

CORE B

interface Vlan19
ip address 10.1.19.253 255.255.255.0
ip route-cache flow
standby 19 ip 10.1.19.1
standby 19 priority 95 <-- note i have changed priority here

standby 19 preempt

then

1) with both interfaces up -   "sh standby brief" from both 6500 switches.

2) with vlan 19 interface shutdown on core A - "sh standby brief" from both switches

3) try and ping from 10.1.9.10 to a device in vlan 2. I'm not expecting it to work but just in case.

Jon

samirshaikh52 Thu, 10/14/2010 - 05:21

1) with both interfaces up -   "sh standby brief" from both 6500 switches.

CORE A

Interface            Grp            Prio            P           State             Active addr         Standby addr    Group addr

Vl19                   19             110            P           Active                 local                10.1.19.253     10.1.19.1

CORE B

Interface            Grp            Prio            P           State             Active addr         Standby addr    Group addr

Vl19                   19             95             P           Standby           10.1.19.254               local             10.1.19.1

2) with vlan 19 interface shutdown on core A - "sh standby brief" from both switches

CORE A

Interface            Grp            Prio            P           State             Active addr         Standby addr    Group addr

Vl19                   19             110            P           Init                unknown                unknown      10.1.19.1

CORE B

Interface            Grp            Prio            P           State             Active addr         Standby addr    Group addr

Vl19                   19             95             P           Active                 local               unknown            10.1.19.1

3) try and ping from 10.1.9.10 to a device in vlan 2. I'm not expecting it to work but just in case.

NO PING

Jon Marshall Thu, 10/14/2010 - 05:40

Okay, this is very weird.

I'm going to reread the whole post so it may take a while.

I think the key thing here is that when core B is active for vlan 19 you cannot ping from 10.9.1.10 any other non-vlan 19 address even a physical IP assigned to another vlan interface on core B ?

But from core B you can ping 10.1.9.10 from any other address assigned to a vlan interface on Core B ?

Do we agree on the above 2 statements ??

Edit - have you tried this with another vlan ie. shutdown vlan 2 active HSRP interface and see if you have the same problems. I appreciate you may not be able to do this as it could disrupt production traffic - just wondered if you have already tried it ?

Jon

samirshaikh52 Thu, 10/14/2010 - 05:45

Hi Jon,

I agreed on both statements.

Edit - have you tried this with another vlan ie. shutdown vlan 2 active HSRP interface and see if you have the same problems. I appreciate you may not be able to do this as it could disrupt production traffic - just wondered if you have already tried it ?

I have tried by creating test vlan but the same issue..

I really appreciate your effort.

Jon Marshall Thu, 10/14/2010 - 06:25

Thanks for confirming.

I have to do something else this afternoon so i'll pick this up later. Based on everything we have covered you may want to repost in LAN Switching and Routing with a link through to this post.

If you do then i would recommend concentrating purely on -

1) the 2 core switches and vlan 19 and the HSRP config.

2) the client 10.1.9.10

3) the fact that you cannot ping any other non vlan 19 address on the same switch ie. Core B but that you can ping 10.1.9.10 from any other IP address on core B switch.

Just keep it short and simple covering the above facts. You may get asked for similiar info ie. STP output, HSRP config etc. but i may have missed somethinmg that someone else will see straight away. I'm happy to continue helping, so i'm not trying to get rid of you, just that if it is getting urgent i won't be around for at least 2 or 3 hours this afternoon.

Jon

samirshaikh52 Thu, 10/14/2010 - 07:02

Hi Jon,

I appreciate your help. You are trying your best.

Please reply once you get back

Thanks

Jon Marshall Thu, 10/14/2010 - 10:53

Just a quick clarification.

We both agreed that 10.1.9.10 cannot ping anything but when looking back to previous posts -

1. Instead of ping vlan 2 VIP can you ping the vlan 2 ip address on Core B ie. 10.1.2.253 ?

Yes, I can ping 10.1.2.253 from device in vlan 19

so it looks like we can ping something from 10.1.9.10 ???

Jon

samirshaikh52 Thu, 10/14/2010 - 13:22

Hi Jon,

Yes I can 10.1.2.253 from vlan 19 device. This is the of core b vlan 2 ip address.

For information. i can ping core B vlan interfaces active ip address.

glen.grant Thu, 10/14/2010 - 08:08

  In your very first post I don't understand this config , you have the same address space in 2 different vlans . They should be in the same L3 vlan on both sides.  You have one side as vlan 100 and the other as vlan 3  .   I would verify you have not done this on other vlans too ...

Please see the sample HSRP confiuration for both switches

SWTICH A

interface Vlan 100
description << RECEPTION>>
ip address 10.1.2.254 255.255.255.0
ip route-cache flow
standby delay minimum 20 reload 25
standby 3 ip 10.1.2.1
standby 3 priority 110
standby 3 preempt delay minimum 380

SWITCH B

interface Vlan3
description << RECEPTION>>
ip address 10.1.2.253 255.255.255.0
ip route-cache flow
standby delay minimum 20 reload 25
standby 3 ip 10.1.2.1
standby 3 priority 95
standby 3 preempt delay minimum 380

samirshaikh52 Thu, 10/14/2010 - 13:24

Hi glen,

Actually it was wrongly posted, currently we are working here vlan 2 and vlan 19.

samirshaikh52 Fri, 10/15/2010 - 13:33

Hi,

I haven't recieved any reply so far from the experts.

Anyway I got it working.

Thanks to Jon and other people who showed there effort towards this issue and I really appreciate that.

Jon Marshall Fri, 10/15/2010 - 13:43

Like Mike, i would be very interested to hear what you did that made it work.

Jon

Actions

Login or Register to take actions

This Discussion

Posted October 8, 2010 at 6:18 AM
Stats:
Replies:53 Avg. Rating:
Views:3682 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard