Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
535
Views
0
Helpful
5
Replies

HSRP on ADSL

Ladislaus
Level 1
Level 1

‎10-13-2003 03:41 AM - edited ‎03-02-2019 10:58 AM

I have a 3660 and a 2610 which I intend to use in a HSRP group for a redundant default gateway.

The two routers are connected to a 3512 switch which does VLAN and so both routers only have one interface, the one connected to the switch.

There are 3 VLANs. One for my internal network 192.168.2.0/24, one for the DMZ 192.168.1.0/24 and one for the Internet. I have one public IP address, 194.236.7.217 and my default gateway on the Internet is 194.236.7.1.

When using only the 3660 or the 2610 and when set up without HSRP, everything works just fine, I can ping the default gateway and everything.

But when I enable HSRP it all stop working. The routers use the address 192.168.2.253 and 192.168.2.254 respectively and are set to create a virtual router with the address of 192.168.2.1 on the internal network. This works just fine. On the DMZ it works great as well.

But on the external interface towards the internet it does not work fine.

Since I only have one external IP adress I use a few private ones, okay this is not a very nice solution but hey, what choice do I have? Here's the configuration for the external interface

3660:

interface FastEthernet 0/0.25

ip address 192.168.254.1 255.255.255.252

standby 13 ip 194.236.7.217

standby 13 priority 110

2610:

interface Ethernet 0/0.25

ip address 192.168.254.2 255.255.255.252

standby 13 ip 194.236.7.217

standby 13 priority 100

Both routers can ping each other on the external interface, but neither can ping 194.236.7.1. When doing a show standby FastEthernet 0/0.25 everything shows up just fine, and 194.236.7.217 is set as active ip. Though when looking in the arp cache 194.236.7.1 does not show up, so I configured it statically. It made no difference.

What do I do next?

Labels:
0 Helpful
5 Replies 5

mark-obrien
Level 4
Level 4

‎10-13-2003 04:40 AM

The problem is that your standby address is in a different subnet than your interface addresses. You will need three public addresses in order to make HSRP work on your outside network.

Mark

0 Helpful

Ladislaus
Level 1
Level 1
In response to mark-obrien

‎10-13-2003 07:38 AM

okey... uhm, but why? ;)

the way I understood the active router never actually communicates with the standby router through the active adress but via the address assigned to the interface, that is in my case 192.168.254.1 and .2

Anyway, this was actually something which I suspected quite early on. And so I tried using two public IP adresses.

I assigned 194.236.7.218 to the 2610 and 194.236.7.219 to the 3660 and lastly 194.236.7.217 to the virtual router.

This didn't work either.

When I use an IP which does not "belong" to me I cannot ping my default gateway (194.236.7.1). But this should have no impact, should it? The routers ought to just communicate among themselves, right?

I seem to have missed a bit on the inner workings of HSRP.

0 Helpful

thisisshanky
Level 11
Level 11
In response to Ladislaus

‎10-13-2003 07:52 AM

Ladislaus,

Scenario 1:

Reason why you cannot use a different subnet for the virtual IP, is that the router doesnt know how to reach that subnet. When you assign 192.168.254.1 and .2 to the physical interface, the router knows that its ethernet interface is attached to 192.168.254.0 network.

But when you assign 194.236.7.0 network to the virtual IP, it doesnt know that to reach this network, it has to use ethernet interface.

Scenario 2:

What was the status of HSRP, when you configured the virtual Ip and physical IP from the same subnet (194.236.7.218, 217 and 219) ?

Give a show standby and see if one has become active and the other has become standby.

Also see if you can ping from .218 to .219 or vice versa.

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus
0 Helpful

Ladislaus
Level 1
Level 1
In response to thisisshanky

‎10-13-2003 09:31 AM

On the 3660 (which had higher priority) it showed that it was active and had assigned 194.236.7.217 as IP for the virtual router.

I could ping .218 and .219 from each other.

Well, I'm getting another 4 public IP addresses in a week or so, guess I'll be able to solve it then..

0 Helpful

thisisshanky
Level 11
Level 11
In response to Ladislaus

‎10-13-2003 09:47 AM

So what happens, when you try to ping 194.236.7.1.

Is it still not pinging ? Have you configured any accesslist on the 194.236.7.1 device ? What device is it ? Is it under your administration ? Give a show arp on the 3660 and see what mac address you see for the ip address (7.1)

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus
0 Helpful
Customers Also Viewed These Support Documents