Re: HSRP on VLAN

samir3187 · ‎10-12-2010

I would like to have redudancy solution as show in the attached diagram.

- 2 Multilayer Cisco Switch 6500

- Access 3560 switches connected dual to primary and secondary.

- Both the core switches are connected router

I had configured HSRP on vlans lets say vlan 10 and vlan 20 on both switches

CORE A

interface vlan 10

description IT

ip address 10.1.10.254 255.255.255.0

standby 10 ip 10.1.10.1 255.255.255.0

standby 10 priority 150

standby 10 preempt standby timers 5 15

interface vlan 20

description FINANCE

ip address 10.1.20.254 255.255.255.0

standby 20 ip 10.1.20.1 255.255.255.0

standby 20 priority 100 (default)

standby 20 preempt standby timers 5 15

CORE B

interface vlan 10

description IT

ip address 10.1.10.253 255.255.255.0

standby 10 ip 10.1.10.1 255.255.255.0

standby 10 priority 150

standby 10 preempt standby timers 5 15

interface vlan 20

description FINANCE

ip address 10.1.20.253 255.255.255.0

standby 20 ip 10.1.20.1 255.255.255.0

standby 20 priority 100 (default)

standby 20 preempt standby timers 5 15

Workstations gateways are configured with stanbdby.

For testing the redudancy I shutdown the vlan 10 interface to make sure Core B works perfect.

CORE B was able to come up in active mode however after doing that I was not able to ping any IP address 10.1.10.1,10.1.10.254 and 10.1.10.253. from the workstation.

Here is the output of sh standby brief

CORE A

Interface Grp Prio P State Active addr Standby addr Group addr

Vl10 10 150 P Init unknown unknown 10.1.10.1

CORE B

Interface Grp Prio P State Active addr Standby addr Group addr

Vl10 10 100 P Active Local unknown 10.1.10.1

I dont what's wrong and is there any misconfiguration on the CORE switches

Please help to resolve this issue.

Much Appreciated

More information can be provided on demand

gatlin007 · ‎10-12-2010

It may be your spanning tree topology isn't complementing your HSRP config. Perhaps spanning tree is blocking the path to the Core B switch from the workstation.

Evaluate each interface in your topology to determine what interfaces are forwarding and what interfaces are blocking. It would be best if the HSRP primary is the spanning tree root for that VLAN. The Core B switch should have the second lowest priority and the access switches should follow. Something like this:

Core A - priority 0

Core B - priority 4096

Access A - priority 8192

Access B - priority 12288

Here's a good link:

http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a0080094797.shtml

Chris

samir3187 · ‎10-12-2010

Hi Cristopher,

Thanks for your reply.

Please have a look to my config. I am annexing configuration of Core A and Core B

and let me know what I have to add to in my ruuning config

Thanks for your help and support

samir3187 · ‎10-13-2010

Now I have got something strange.

A worstation in vlan 10 having following IP config

ip: 10.1.10.2

sm: 255.255.255.0

gw: 10.1.10.1

After shuting the vlan 10 I can ping the default gateway from the worstation. But I am unable to ping to anything in the network.

Please help.

samir3187 · ‎10-13-2010

Please I am really in need of urgent help of our cisco experts. Since we have go live test for switch failover. and this issue not yet reolved

Much appreciated.

gatlin007 · ‎10-13-2010

Samir,

Core Core-A switch should have a spanning tree priority of 0 (zero) if it's the HSRP active router.

spanning-tree vlan 1-27 priority 0

Ensure your access switches have priorities greater than the Core-B switch; greater than 8192.

Chris

samir3187 · ‎10-13-2010

Cristopher,

thank you for your reply

Currently CORE B switch has priority 16384. Do I have to make any change here

And other access switches will have same priority

Please clarify. Thanks

samir3187 · ‎10-13-2010

I have changed the spanning tree on CORE A to zero but still I cannot ping from the worksation.

Core A : sh spanning-tree

VLAN010
Spanning tree enabled protocol ieee
Root ID    Priority    0
             Address     001a.e3f5.44c8
             This bridge is the root
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority    0
             Address     001a.e3f5.44c8
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec
             Aging Time 300

CORE B sh spanning-tree

VLAN010
Spanning tree enabled protocol ieee
Root ID    Priority    0
             Address     001a.e3f5.44c8
             Cost        4
             Port        151 (GigabitEthernet2/23)
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority    32768
             Address     001a.e3f5.54c8
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec
             Aging Time 300

Access Switch : sh spnaning-tree

VLAN010
Spanning tree enabled protocol ieee
Root ID    Priority    0
             Address     001a.e3f5.44c8
             Cost        4
             Port        25 (GigabitEthernet0/25)
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority    32968 (priority 32768 sys-id-ext 200)
             Address     0018.baf2.0500
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec
             Aging Time 300 sec

Thanks

samir3187 · ‎10-13-2010

Hi Cristopher,

I'll appreciate your immediate response.

gatlin007 · ‎10-13-2010

Ensure you have a valid switched path between the workstation and the active HSRP interface by evaluating the spanning tree state of each interface in the path.

From all the switches involved do you have a MAC address entry for the HSRP and physical MAC addresses of the gateways?

Chris

samir3187 · ‎10-13-2010

Sorry Chris. I didn't get your question

samir3187 · ‎10-13-2010

Please can someone help. Its becoming very urgent for me

scottogden_2 · ‎10-13-2010

Your HSRP config looks fine.

Have you double checked your config on the access switches? What vlan is the switchport the workstation is connected to?

Configure an SVI on the access switch within vlan 10 and see if your workstation can ping that?

Do a show arp on the core switch and see if it has an entry in there for the workstation's MAC.

samir3187 · ‎10-13-2010

The worsktation on the access switch is in vlan 10

.To make sure I clear arp-cache and send icmp from the worktations by sending ping packets but mac-address was recorded on the core B.

samir3187 · ‎10-13-2010

Please see the attached running config for access switch. FYI