12-27-2011 02:45 PM - edited 03-04-2019 02:45 PM
Hi
I have 2 x 2901 in a hsrvp setup.
so I have some wan ports attached to both of these routers and I have 1 port from each router attached 1 a sw (switches in clustered mode). and 1 port attach to each other.
The ports from the router to the switch and each other are part of vlan1 and I have hsrp configured on vlan1
interface Vlan1
description to firewall
ip address a.b.c.252 mask
standby 0 ip a.b.c.254
standby 0 preempt
standby 0 authentication md5 key-string 7 THISISSOMETHIG
standby 0 name internet
interface Vlan1
description to firewall
ip address a.b.c.253 mask
standby 0 ip a.b.c.254
standby 0 preempt
standby 0 authentication md5 key-string 7 THISISSOMETHIG
standby 0 name internet
my problem is when i log into the standby router I can't ping the VIP a.b.c.254
standby seems to be working.
Alex
12-27-2011 05:10 PM
Hi Alex,
Can you set a priority for the master switch and test again?
example:
standby 2 priority 110also the group range is from 1 to 255. Can you try a different group number between 1 and 255?
HTH
12-27-2011 05:16 PM
Hi
I actually have, sorry I cut and pasted from the slave router
primary
interface Vlan1
ip address a.b.c.d.253 255.255.255.0
standby 0 ip a.b.c.d.254
standby 0 priority 105
standby 0 preempt
standby 0 authentication md5 key-string 7 SOMETHING
standby 0 name internet
sho standby
Vlan1 - Group 0
State is Active
1 state change, last state change 38w4d
Virtual IP address is a.b.c.254
Active virtual MAC address is 0000.0c07.ac00
Local virtual MAC address is 0000.0c07.ac00 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 2.544 secs
Authentication MD5, key-string
Preemption enabled
Active router is local
Standby router is a.b.c.252, priority 100 (expires in 10.000 sec)
Priority 105 (configured 105)
Group name is "internet" (cfgd)
backup router
interface Vlan1
ip address a.b.c.252 255.255.255.0
standby 0 ip a.b.c.254
standby 0 preempt
standby 0 authentication md5 key-string 7 SMOETHING
standby 0 name internet
show standby
Vlan1 - Group 0
State is Standby
4 state changes, last state change 1d03h
Virtual IP address is a.b.c.254
Active virtual MAC address is 0000.0c07.ac00
Local virtual MAC address is 0000.0c07.ac00 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 2.448 secs
Authentication MD5, key-string
Preemption enabled
Active router is a.b.c.253, priority 105 (expires in 9.360 sec)
Standby router is local
Priority 100 (default 100)
Group name is "internet" (cfgd)
so ping from primary to .254 work
ping from secondard to 254 times out ....
12-27-2011 06:04 PM
Many things can cause such behaviour...
Let`s try the most common one first.
Check wether both routers are listening to 224.0.0.2 (.102 is its hsrp v2), to do that issue the command "sh ip interface" on both routers.
I would suggest to remove the config and apply again, in case you suspect they are not hearing each other, also you can try to ping the MCAST address to see who responds the icmp echo request.
hope this helps
Please, rate useful posts.
12-27-2011 06:12 PM
sh ip interface
shows me vlan1 on both routers has
224.0.0.2 associated with it
I tried pinging the 224.0.0.2 address and I got replies from the not only the local addresses, but also the wan addresses attached to the router ??
I don't believe that the routers are not hearing the heartbeats.
So i can ping the .254 address from primary router and from another device except from the the secondary router..
but it means any traffic coming in on the secondary can't ping .254
12-27-2011 06:21 PM
What about arp cache on stanby router.
12-27-2011 06:34 PM
i presume you mean
show arp
and see if the mac address is in the table.. it is and its the correct one
same on the primary
12-27-2011 06:49 PM
yes, you presumed correctly.
so, the address a.b.c.254 is bounded to MAC 0000.0c07.ac00
there's a thread, i haven't gone through it all, you can try.
12-27-2011 06:55 PM
Hi
Not sure if that is the same problem I am having.
So except for the standby router. All other devices on the ethernet segment can ping .254 and they can ping the real address of the routers (pri & sec).
pri can ping .254 .253 .252
but sec can only ping .253 .252 (the real addresses of the routers...
Alex
12-27-2011 08:12 PM
Hi Alex,
here's more you can try :
on the standby router.
"sh ip route x.x.x.254" , see if recognises the address.
check the output of
access-list 101 permit icmp any any
debug ip packet detail 101
end
ping x.x.x.254
see if the output gives any clues- see if its getting routed or not,
also, check whether there is any ACL blocking udp 1985,
12-27-2011 08:33 PM
sh ip rou
show me that the router believes it is on vlan1 directly connected (the right info)
Q) dont I have to attach 101 to an interface ? in my case vlan1
and isn't there an implied deny any any at the end of the list
tried it any way
025026: Dec 28 15:23:26 AEDT: IP: s=a.b.c.252 (local), d=a.b.c.254, len 100, local feature
025027: Dec 28 15:23:26 AEDT: ICMP type=8, code=0, Policy Routing(3), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
025028: Dec 28 15:23:26 AEDT: FIBipv4-packet-proc: route packet from (local) src a.b.c.252 dst a.b.c.254
025029: Dec 28 15:23:26 AEDT: FIBfwd-proc: packet routed by adj to Vlan1 a.b.c.254
025030: Dec 28 15:23:26 AEDT: FIBipv4-packet-proc: packet routing succeeded
025031: Dec 28 15:23:26 AEDT: IP: s=a.b.c.252 (local), d=a.b.c.254 (Vlan1), len 100, sending
025032: Dec 28 15:23:26 AEDT: ICMP type=8, code=0
025033: Dec 28 15:23:26 AEDT: IP: s=a.b.c.252 (local), d=a.b.c.254 (Vlan1), len 100, output feature
025034: Dec 28 15:23:26 AEDT: ICMP type=8, code=0, Post-Ingress-NetFlow(62), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
025035: Dec 28 15:23:26 AEDT: IP: s=a.b.c.252 (local), d=a.b.c.254 (Vlan1), len 100, output feature
025036: Dec 28 15:23:26 AEDT: ICMP type=8, code=0, Post-Input-Flexible-NetFlow(73), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
025037: Dec 28 15:23:26 AEDT: IP: s=a.b.c.252 (local), d=a.b.c.254 (Vlan1), len 100, sending full packet
025038: Dec 28 15:23:26 AEDT: ICMP type=8, code=0
025040: Dec 28 15:23:27 AEDT: IP: s=a.b.c.253, d=224.0.0.2, pak 2A16FD60 consumed in input feature , packet consumed, MCI Check(73), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE.
025041: Dec 28 15:23:28 AEDT: IP: s=a.b.c.252 (local), d=a.b.c.254, len 100, local feature
025042: Dec 28 15:23:28 AEDT: ICMP type=8, code=0, Policy Routing(3), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
025043: Dec 28 15:23:28 AEDT: FIBipv4-packet-proc: route packet from (local) src a.b.c.252 dst a.b.c.254
025044: Dec 28 15:23:28 AEDT: FIBfwd-proc: packet routed by adj to Vlan1 a.b.c.254
025045: Dec 28 15:23:28 AEDT: FIBipv4-packet-proc: packet routing succeeded
025046: Dec 28 15:23:28 AEDT: IP: s=a.b.c.252 (local), d=a.b.c.254 (Vlan1), len 100, sending
025047: Dec 28 15:23:28 AEDT: ICMP type=8, code=0
025048: Dec 28 15:23:28 AEDT: IP: s=a.b.c.252 (local), d=a.b.c.254 (Vlan1), len 100, output feature
025049: Dec 28 15:23:28 AEDT: ICMP type=8, code=0, Post-Ingress-NetFlow(62), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
025050: Dec 28 15:23:28 AEDT: IP: s=a.b.c.252 (local), d=a.b.c.254 (Vlan1), len 100, output feature
025051: Dec 28 15:23:28 AEDT: ICMP type=8, code=0, Post-Input-Flexible-NetFlow(73), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
025052: Dec 28 15:23:28 AEDT: IP: s=a.b.c.252 (local), d=a.b.c.254 (Vlan1), len 100, sending full packet
025053: Dec 28 15:23:28 AEDT: ICMP type=8, code=0.
025054: Dec 28 15:23:30 AEDT: IP: s=a.b.c.253, d=224.0.0.2, pak 2A866DF8 consumed in input feature , packet consumed, MCI Check(73), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
025055: Dec 28 15:23:30 AEDT: IP: s=a.b.c.252 (local), d=a.b.c.254, len 100, local feature
025056: Dec 28 15:23:30 AEDT: ICMP type=8, code=0, Policy Routing(3), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
025057: Dec 28 15:23:30 AEDT: FIBipv4-packet-proc: route packet from (local) src a.b.c.252 dst a.b.c.254
025058: Dec 28 15:23:30 AEDT: FIBfwd-proc: packet routed by adj to Vlan1 a.b.c.254
025059: Dec 28 15:23:30 AEDT: FIBipv4-packet-proc: packet routing succeeded
seems to be working (sending packets from the sec, will try from the pri)
i don't see it turn on up the pri, i tried pinging the real address .253 and it showed up...
12-27-2011 09:49 PM
A. yes there is a implicit deny, as we are only interested in seeing the ICMP debug, and we dont need to apply it on any interface, as we are not filtering any incoming or outgoing traffic, but the debug output only.
12-27-2011 10:22 PM
Hi ,
issue the command Clear mac-address table dynamic and check it once.
With Rgds,
M Satish Kumar
12-28-2011 02:29 PM
clear max didn't fix anything but it got me looking at the arp table as well.
standby#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet a.b.c.1 210 d0d0.fd5b.c5bd ARPA Vlan1
Internet a.b.c.2 29 d0d0.fd5b.c5bd ARPA Vlan1
Internet a.b.c.4 192 d0d0.fd5b.c5bd ARPA Vlan1
Internet a.b.c.7 126 d0d0.fd5b.c5bd ARPA Vlan1
Internet a.b.c.9 167 d0d0.fd5b.c5bd ARPA Vlan1
Internet a.b.c.10 155 d0d0.fd5b.c5bd ARPA Vlan1
Internet a.b.c.12 112 d0d0.fd5b.c5bd ARPA Vlan1
Internet a.b.c.13 171 d0d0.fd5b.c5bd ARPA Vlan1
Internet a.b.c.15 174 d0d0.fd5b.c5bd ARPA Vlan1
Internet a.b.c.99 50 d0d0.fd5b.c5bd ARPA Vlan1
Internet a.b.c.127 33 d0d0.fd5b.c5bd ARPA Vlan1
Internet a.b.c.129 193 d0d0.fd5b.c5bd ARPA Vlan1
Internet a.b.c.199 38 d0d0.fd5b.c5bd ARPA Vlan1
Internet a.b.c.250 18 d0d0.fd5b.c5bd ARPA Vlan1
Internet a.b.c.251 35 d0d0.fd99.079b ARPA Vlan1
Internet a.b.c.252 - c471.fe78.4923 ARPA Vlan1
Internet a.b.c.253 0 588d.09bb.9b5b ARPA Vlan1
Internet a.b.c.254 60 0000.0c07.ac00 ARPA Vlan1
standby#show mac-address-table
EHWIC Slot: 0
Destination Address Address Type VLAN Destination Port
------------------- ------------ ---- -----------------
c471.fe78.4923 Self 1 Vlan1
d0d0.fd5b.c5bd Dynamic 1 GigabitEthernet0/0/0
d0d0.fd99.079b Dynamic 1 GigabitEthernet0/0/3
0000.0c07.ac00 Dynamic 1 GigabitEthernet0/0/0
588d.09bb.9b5b Dynamic 1 GigabitEthernet0/0/0
d0d0.fd94.c628 Dynamic 1 GigabitEthernet0/0/0
standby#sh vlan-switch
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi0/0/0, Gi0/0/2, Gi0/0/3
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 1002 1003
so gi0/0/0 is direct attach cable to primary router
so gi0/0/3 is attached to the sw (stacked switch this to one the other router to the other switch)
so gi0/0/2 not connected
it looks all okay...
EDIT -> all this is from the standby router
12-28-2011 12:48 AM
I think you should check the authentication as well and maybe have a delay timer configured with preempt command
Hope it helps
Eugen
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: