cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
553
Views
0
Helpful
7
Replies

HSRP issue

sachin_mon
Level 1
Level 1

Hi,

We are having two access switches(4507) which in turn is connected to two core switches(4510).

Recently, we tried to add two vlans in the access switches (one for data & one for voice) & configured hsrp.All of a sudden the network went down.

I have attached the logs & vlans which were configured on the switch after which the network started behaving abrubtly.

Any suggestions to resolve this issue would be really appreciated.

Thanks.

Rgds./Sack

7 Replies 7

sachinraja
Level 9
Level 9

Hello Sachin

Looks like its more a coincidence than HSRP being a major culprit !! did you do any other changes apart from adding the HSRP commands ? Add switch / hubs etc ?

Logs clearly indicate that there was a loop in your network. Not sure if HSRP will create layer 2 loops on your network ?? analyze the mac addresses seein the loop (host flapping messages) and see if you can derive something out of it.. the biggest problem is STP issues are a lil tough to troubleshoot after it has been solved :D one has to be online to know the root cause of a STP issue.. I would advice you to re-add the HSRP commands , by taking a downtime and see if it creates an issue again..

Hope this helps.. all the best..

Raj

Raj,

There were no switches/hubs added.

But, there is one thing which I noted as to how the configurations were done by the network admin when the problem occured.

Currently, the access layer switches are doing the intervlan routing.

Steps carried out:

step1:The netadmin created the l2 vlan in core switches(eg:vlan100)

step2: Then, the l3 vlans were created in the access switches (eg:int vlan100) with the HSRP configurations.

Now, there is one thing which was missed by the netadmin & that was he didn't add the newly created vlan in the spanning-tree vlan priorities before proceeding towards creating l3 lan in the access layer switches.

Could that be an issue..?

Rgds./Sachin

Hello Sachin,

From the logs you can see that there is a dup-address being sourced

1. %HSRP-4-DUPADDR: Duplicate address [IP_address] on [chars], sourced by [enet]

The IP address in an HSRP message received on the specified interface is the same as the IP address of the router. Another router might be configured with the same IP address. The most likely cause is a network loop or a misconfigured switch that is causing the router to see its own HSRP Hello messages.

Recommended Action: Check the configurations on all the HSRP routers to ensure that the interface IP addresses are unique. Check that no network loops exist. If port channels are configured check that the switch is correctly configured for port-channels. Enable standby use-bia so that the error message displays the interface MAC address of the sending router. This can be used to determine if the error message is caused by a misconfigured router or a network loop."

Check the mac-address 0000.0c07.ac17 using the show stand command, and you would see this is could be the virtual mac-address of the vlan1.

check the ospf network statement on the core switch/access switch and see if the address 10.68.44.0 is included? may be this should not be there....

Hi Hemant,

Thanks Hemant for the response.

There is one thing which was missed by the netadmin & that was he didn't add the newly created vlan in the spanning-tree vlan priorities before proceeding towards creating vlan interfaces in the access layer switches.

Rgds./Sachin

Don't know why he would define vlan 100 on the core switch if vlan 100 is being routed at the access level , that could be problematic as spanning tree is then included in the link up to the core , don't know why . The dup hsrp messages are caused by a temp loop condition in the net somewhere .

Looks like neither switch has an HSRP priority configured so both are most likely coming up Active. That would be a problem.

Don't know why he would define vlan 100 on the core switch if vlan 100 is being routed at the access level...

Glen:

Ditto! I was thinking the same thing.

Sachin:

Your admin person doesn't seem to know what he/she is doing with regard to this at least.

Having a routed access layer that is performing the inter-vlan routing means that the vlan will not span to the core layer, since you should have L3 uplinks for L3 isolation.

All he needed to do was create the vlan in L2 at the access layer and then create the SVIs for it and apply the HSRP configs accordingly. One router will be the primary and the other the secondary. Simple. This is assuming, of course, that you have an L2 trunk (crosslinks) connecting the 2 access layer switches, otherwise HSRP will not work.

HTH

Victor

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: