cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2471
Views
5
Helpful
6
Replies

issue multicast HSRP cat 6504-sup720 -> cat 3560

chireadorin
Level 1
Level 1

Hi,

   I am not a beginner on cisco networking, but today I had an issue with HSRP.

The scenario is like this:  cat 6504 with 2xsup720 redundant  connected to 3560.

I have configured HSRP between G3/1 cat 6504 - > G0/11 cat 3560:

6504:

vlan 100

int vlan 100

ip address 5.5.100.2 255.255.255.0

standby 1 ip 5.5.100.1

int g3/1

switchport mode access

switchport access vlan 100

----

3560:

vlan 100

int vlan 100

ip address 5.5.100.3 255.255.255.0

standby 1 ip 5.5.100.1

int g0/11

switchport mode access

switchport access vlan 100

---

Between them thru vlan 100:

I have icmp conectivity

I have eigrp adj

ARP/CEF entries are valid.

When issuing sh ip int vlan 100 on both , I can see the same configuration (including 224.0.0.2 for HSRP and 224.0.0.10 for EIGRP)

When prio = 100 on both routers, 3560 is favored to be active router because of higher ip address.

on 6504: debug standby

I can see packets inbound and outbound vlan 100 for 224.0.0.2 udp 1985  and sh standby brief:

Active = local

Standby = unknown

Also 6504 displays debug messages that he receives multicast from 3560 and sends multicast to 3560.

On 3560 debug standby:

Active = local

Standby = unknown

But 3560 sees only outgoing multicast to 6504. It doesn't see incoming multicast HSRP hellos, but EIGP adj is up and no issues.

--

Scenario 2:

I moved prio = 90 on 6504. It should accept to be standby.

On 6504:

Active = 3560

Standby = local

On 3560:

Active = 3560

Standby = Unknown

--

I tried access interface, routed interface, trunk interface, access port channel, trunk port channel, routed port channel, no firewall on the line, there are no access-lists, no special configurations because the configuration was erased before.

The link between them doesn't go thru a switch.

When I ping 224.0.0.2 on both routers they reply.

I tried the same scenario many times and more complex. I even tried today on dynamips 2x cisco 7200 and it worked flawless.

I am wondering if this is a bug or the cisco 6504 with sup 720 MSFC3/PFC3A needs a special command. The ios is loaded in native mode in RP and SP and is the latest ios.

I tried to check on VRRP/GLBP but 3560 doesn't know those two.

Next step I will try to connect a router to replace 6504 and then 3560 to check which is not working properly.

So the issue is that the multicast 224.0.0.2 (all routers) is not seen by 3560, but is send and seen in/out on 6504_sup720.

For the moment I couldn't provide configs/logs.

6 Replies 6

chireadorin
Level 1
Level 1

I will reply this post, even if I found out that the 3560 is not performing correctly.

Vlan 100 is the HSRP vlan. 5.5.100.1 is HSRP, 5.5.100.2 - 6504 ; 5.5.100.3 - 3560

rack2-6504-E#sh run int vl100
Building configuration...

Current configuration : 145 bytes
!
interface Vlan100
ip address 5.5.100.2 255.255.255.0
ip flow ingress
standby 1 ip 5.5.100.1
standby 1 priority 160
standby 1 preempt
end

rack2-6504-E#sh standby b
                     P indicates configured to preempt.
                     |
Interface   Grp Prio P State    Active          Standby         Virtual IP
Vl100       1   160  P Active   local           unknown         5.5.100.1

rack2-6504-E#sh ip eigrp ne
IP-EIGRP neighbors for process 1
H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq
                                            (sec)         (ms)       Cnt Num
2   5.5.100.3               Vl100             13 02:36:16    3   200  0  25

rack2-6504-E#sh ip int vl100
Vlan100 is up, line protocol is up
  Internet address is 5.5.100.2/24
  Broadcast address is 255.255.255.255
  Address determined by non-volatile memory
  MTU is 1500 bytes
  Helper address is not set
  Directed broadcast forwarding is disabled
  Multicast reserved groups joined: 224.0.0.2 224.0.0.10
  Outgoing access list is not set
  Inbound  access list is not set
  Proxy ARP is enabled
  Local Proxy ARP is disabled
  Security level is default
  Split horizon is enabled
  ICMP redirects are always sent
  ICMP unreachables are always sent
  ICMP mask replies are never sent
  IP fast switching is enabled
  IP Flow switching is disabled
  IP CEF switching is enabled
  IP CEF switching turbo vector
  IP Null turbo vector
  IP multicast fast switching is enabled
  IP multicast distributed fast switching is disabled
  IP route-cache flags are Fast, CEF
  Router Discovery is disabled
  IP output packet accounting is disabled
  IP access violation accounting is disabled
  TCP/IP header compression is disabled
  RTP/IP header compression is disabled
  Probe proxy name replies are disabled
  Policy routing is disabled
  Network address translation is disabled
  BGP Policy Mapping is disabled
  Input features: Ingress-NetFlow
  Output features: IP Post Routing Processing, Post-Ingress-NetFlow, HW Shortcut Installation
  Post encapsulation features: MTU Processing, IP Protocol Output Counter, IP Sendself Check, HW Shortcut Installation
  Sampled Netflow is disabled
  IP Routed Flow creation is enabled in netflow table
  IP Bridged Flow creation is disabled in netflow table
  WCCP Redirect outbound is disabled
  WCCP Redirect inbound is disabled
  WCCP Redirect exclude is disabled
  IP multicast multilayer switching is disabled

rack2-6504-E# ping 224.0.0.2 rep 1

Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 224.0.0.2, timeout is 2 seconds:

Reply to request 0 from rack3_sw1_3560 (5.5.100.3), 4 ms

rack2-6504-E#
03:07:00: HSRP: Vl100 Grp 1 Hello  in  5.5.100.3 Active  pri 150 vIP 5.5.100.1
03:07:00: HSRP: Vl100 Grp 1 Active: h/Hello rcvd from lower pri Active router (150/5.5.100.3)
03:07:00: HSRP: Vl100 Grp 1 Coup   out 5.5.100.2 Active  pri 160 vIP 5.5.100.1
03:07:00: HSRP: Vl100 Grp 1 Hello  out 5.5.100.2 Active  pri 160 vIP 5.5.100.1
03:07:00: HSRP: Vl100 Added ARP 5.5.100.1 mac 0000.0c07.ac01
rack2-6504-E#
03:07:02: HSRP: Vl100 Grp 1 Hello  in  5.5.100.3 Active  pri 150 vIP 5.5.100.1
03:07:02: HSRP: Vl100 Grp 1 Active: h/Hello rcvd from lower pri Active router (150/5.5.100.3)
03:07:02: HSRP: Vl100 Grp 1 Coup   out 5.5.100.2 Active  pri 160 vIP 5.5.100.1
03:07:02: HSRP: Vl100 Grp 1 Hello  out 5.5.100.2 Active  pri 160 vIP 5.5.100.1
03:07:02: HSRP: Vl100 Added ARP 5.5.100.1 mac 0000.0c07.ac01

03:09:08: IP: s=5.5.100.2 (local), d=224.0.0.2 (Vlan100), len 48, sending full packet
03:09:08: HSRP: Vl100 Grp 1 Hello  out 5.5.100.2 Active  pri 160 vIP 5.5.100.1
03:09:08: IP: s=5.5.100.2 (local), d=224.0.0.2 (Vlan100), len 48, sending broad/multicast
03:09:08: IP: s=5.5.100.2 (local), d=224.0.0.2 (Vlan100), len 48, post-encap feature
rack2-6504-E#, MTU Processing(4), rtype 0, forus FALSE, sendself FALSE, mtu 0
03:09:08: IP: s=5.5.100.2 (local), d=224.0.0.2 (Vlan100), len 48, post-encap feature, IP Protocol Output Counter(5), rtype 0, forus FALSE, sendself FALSE, mtu 0
03:09:08: IP: s=5.5.100.2 (local), d=224.0.0.2 (Vlan100), len 48, post-encap feature, IP Sendself Check(8), rtype 0, forus FALSE, sendself FALSE, mtu 0
03:09:08: IP: s=5.5.100.2 (local), d=224.0.0.2 (Vlan100), len 48, post-encap feature, HW Shortcut Installation(15), rtype 0, forus
rack2-6504-E# FALSE, sendself FALSE, mtu 0
03:09:08: IP: s=5.5.100.2 (local), d=224.0.0.2 (Vlan100), len 48, sending full packet
03:09:08: HSRP: Vl100 Added ARP 5.5.100.1 mac 0000.0c07.ac01
03:09:10: IP: s=5.5.100.3 (Vlan100), d=224.0.0.2, len 48, input feature, Ingress-NetFlow(14), rtype 0, forus FALSE, sendself FALSE, mtu 0
03:09:10: IP: s=5.5.100.3 (Vlan100), d=224.0.0.2, len 48, rcvd 0
03:09:10: HSRP: Vl100 Grp 1 Hello  in  5.5.100.3 Active  pri 150 vIP 5.5.100.1
03:09:10: HSRP: Vl100 Grp 1 Active: h/Hello rc
rack2-6504-E#vd from lower pri Active router (150/5.5.100.3)
03:09:10: HSRP: Vl100 Grp 1 Coup   out 5.5.100.2 Active  pri 160 vIP 5.5.100.1
03:09:10: IP: s=5.5.100.2 (local), d=224.0.0.2 (Vlan100), len 48, sending broad/multicast
03:09:10: IP: s=5.5.100.2 (local), d=224.0.0.2 (Vlan100), len 48, post-encap feature, MTU Processing(4), rtype 0, forus FALSE, sendself FALSE, mtu 0
03:09:10: IP: s=5.5.100.2 (local), d=224.0.0.2 (Vlan100), len 48, post-encap feature, IP Protocol Output Counter(5), rtype 0, forus FALSE, se
rack2-6504-E#ndself FALSE, mtu 0
03:09:10: IP: s=5.5.100.2 (local), d=224.0.0.2 (Vlan100), len 48, post-encap feature, IP Sendself Check(8), rtype 0, forus FALSE, sendself FALSE, mtu 0
03:09:10: IP: s=5.5.100.2 (local), d=224.0.0.2 (Vlan100), len 48, post-encap feature, HW Shortcut Installation(15), rtype 0, forus FALSE, sendself FALSE, mtu 0
03:09:10: IP: s=5.5.100.2 (local), d=224.0.0.2 (Vlan100), len 48, sending full packet
03:09:10: HSRP: Vl100 Grp 1 Hello  out 5.5.100.2 Active  pri 160 vIP 5.5.100.1

rack2-6504-E#sh standby
Vlan100 - Group 1
  State is Active
    13 state changes, last state change 00:01:56
  Virtual IP address is 5.5.100.1
  Active virtual MAC address is 0000.0c07.ac01
    Local virtual MAC address is 0000.0c07.ac01 (v1 default)
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 0.720 secs
  Preemption enabled
  Active router is local
  Standby router is unknown
  Priority 160 (configured 160)
  IP redundancy name is "hsrp-Vl100-1" (default)

--

rack3-sw1_3560#sh run int vl100
Building configuration...

Current configuration : 128 bytes
!
interface Vlan100
ip address 5.5.100.3 255.255.255.0
standby 1 ip 5.5.100.1
standby 1 priority 150
standby 1 preempt
end

rack3-sw1_3560#sh standby b
                     P indicates configured to preempt.
                     |
Interface   Grp  Pri P State   Active          Standby         Virtual IP
Vl100       1    150 P Active  local           unknown         5.5.100.1

rack3-sw1_3560#sh ip eigrp ne
EIGRP-IPv4 Neighbors for AS(1)
H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq
                                            (sec)         (ms)       Cnt Num
2   5.5.100.2               Vl100             13 02:36:00    1   200  0  48

rack3-sw1_3560#sh ip int vl100
Vlan100 is up, line protocol is up
  Internet address is 5.5.100.3/24
  Broadcast address is 255.255.255.255
  Address determined by non-volatile memory
  MTU is 1500 bytes
  Helper address is not set
  Directed broadcast forwarding is disabled
  Multicast reserved groups joined: 224.0.0.10 224.0.0.2
  Outgoing access list is not set
  Inbound  access list is not set
  Proxy ARP is enabled
  Local Proxy ARP is disabled
  Security level is default
  Split horizon is enabled
  ICMP redirects are always sent
  ICMP unreachables are always sent
  ICMP mask replies are never sent
  IP fast switching is enabled
  IP CEF switching is enabled
  IP CEF switching turbo vector
  IP Null turbo vector
  IP multicast fast switching is enabled
  IP multicast distributed fast switching is disabled
  IP route-cache flags are Fast, CEF
  Router Discovery is disabled
  IP output packet accounting is disabled
  IP access violation accounting is disabled
  TCP/IP header compression is disabled
  RTP/IP header compression is disabled
  Probe proxy name replies are disabled
  Policy routing is disabled
  Network address translation is disabled
  BGP Policy Mapping is disabled
  Input features: MCI Check
  Output features: Check hwidb
  WCCP Redirect outbound is disabled
  WCCP Redirect inbound is disabled
  WCCP Redirect exclude is disabled

rack3-sw1_3560#ping 224.0.0.2 rep 1

Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 224.0.0.2, timeout is 2 seconds:

Reply to request 0 from 5.5.100.2, 1 ms


rack3-sw1_3560#
*Mar  1 02:41:19.908: HSRP: Vl100 Grp 1 Hello  out 5.5.100.3 Active  pri 150 vIP 5.5.100.1
rack3-sw1_3560#
*Mar  1 02:41:22.382: HSRP: Vl100 Grp 1 Hello  out 5.5.100.3 Active  pri 150 vIP 5.5.100.1
rack3-sw1_3560#
*Mar  1 02:41:24.865: HSRP: Vl100 Grp 1 Hello  out 5.5.100.3 Active  pri 150 vIP 5.5.100.1
rack3-sw1_3560#
*Mar  1 02:41:27.768: HSRP: Vl100 Grp 1 Hello  out 5.5.100.3 Active  pri 150 vIP 5.5.100.1

rack3-sw1_3560#
*Mar  1 02:42:41.789: HSRP: Vl100 Grp 1 Hello  out 5.5.100.3 Active  pri 150 vIP 5.5.100.1
*Mar  1 02:42:41.789: IP: s=5.5.100.3 (local), d=224.0.0.2 (Vlan100), len 48, local feature, RCLI(7), rtype 0, forus FALSE, sendself FALSE, mtu 0
*Mar  1 02:42:41.789: IP: s=5.5.100.3 (local), d=224.0.0.2 (Vlan100), len 48, local feature, Local Clustering(8), rtype 0, forus FALSE, sendself FALSE, mtu 0
*Mar  1 02:42:41.789: IP: s=5.5.100.3 (local), d=224.0.0.2 (Vlan100), len 48, sending broad/multicast
*Mar  1 02:42:41.789: IP: s=5.5.100.3 (local), d=224.0.0.2 (Vlan100), len 48, sending full packetpak 51D4980 consumed in input feature
rack3-sw1_3560#, packet consumed, MCI Check(63), rtype 0, forus FALSE, sendself FALSE, mtu 0pak 439E6C0 consumed in input feature , packet consumed, MCI Check(63), rtype 0, forus FALSE, sendself FALSE, mtu 0

rack3-sw1_3560#sh standby
Vlan100 - Group 1
  State is Active
    5 state changes, last state change 01:43:07
  Virtual IP address is 5.5.100.1
  Active virtual MAC address is 0000.0c07.ac01
    Local virtual MAC address is 0000.0c07.ac01 (v1 default)
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 0.400 secs
  Preemption enabled
  Active router is local
  Standby router is unknown
  Priority 150 (configured 150)
  Group name is "hsrp-Vl100-1" (default)

---

I lowered prio of 6504:

rack2-6504-E#sh standby b
                     P indicates configured to preempt.
                     |
Interface   Grp Prio P State    Active          Standby         Virtual IP
Vl100       1   120  P Standby  5.5.100.3       local           5.5.100.1

rack3-sw1_3560#sh standby b
                     P indicates configured to preempt.
                     |
Interface   Grp  Pri P State   Active          Standby         Virtual IP
Vl100       1    150 P Active  local           unknown         5.5.100.1

rack2-6504-E#sh ver
Cisco IOS Software, s72033_rp Software (s72033_rp-ADVENTERPRISEK9_WAN-M), Version 12.2(33)SXH7, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Thu 11-Mar-10 21:51 by prod_rel_team

ROM: System Bootstrap, Version 12.2(17r)S4, RELEASE SOFTWARE (fc1)

rack2-6504-E uptime is 3 hours, 18 minutes
Uptime for this control processor is 3 hours, 18 minutes
Time since rack2-6504-E switched to active is 3 hours, 17 minutes
System returned to ROM by reload at 09:27:08 UTC Fri Jun 4 2010 (SP by reload)
System image file is "sup-bootdisk:s72033-adventerprisek9_wan-mz.122-33.SXH7.bin"


This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco WS-C6504-E (R7000) processor (revision 2.0) with 458720K/65536K bytes of memory.
Processor board ID FOX11310AB8
SR71000 CPU at 600Mhz, Implementation 0x504, Rev 1.2, 512KB L2 Cache
Last reset from s/w reset
3 Virtual Ethernet interfaces
52 Gigabit Ethernet interfaces
1917K bytes of non-volatile configuration memory.
8192K bytes of packet buffer memory.

65536K bytes of Flash internal SIMM (Sector size 512K).
Configuration register is 0x2102

==

rack3-sw1_3560#sh ver
Cisco IOS Software, C3560 Software (C3560-IPSERVICESK9-M), Version 12.2(53)SE2, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Wed 21-Apr-10 05:33 by prod_rel_team
Image text-base: 0x01000000, data-base: 0x02E00000

ROM: Bootstrap program is C3560 boot loader
BOOTLDR: C3560 Boot Loader (C3560-HBOOT-M) Version 12.2(44)SE5, RELEASE SOFTWARE (fc1)

rack3-sw1_3560 uptime is 2 hours, 52 minutes
System returned to ROM by power-on
System image file is "flash:c3560-ipservicesk9-mz.122-53.SE2.bin"


This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco WS-C3560G-24PS (PowerPC405) processor (revision F0) with 131072K bytes of memory.
Processor board ID FOC1136Y00A
Last reset from power-on
3 Virtual Ethernet interfaces
28 Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.

512K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address       : 00:1D:A1:36:5E:80
Motherboard assembly number     : 73-10213-04
Power supply part number        : 341-0108-03
Motherboard serial number       : FOC113535T8
Power supply serial number      : DCA1131A0DK
Model revision number           : F0
Motherboard revision number     : B0
Model number                    : WS-C3560G-24PS-S
System serial number            : FOC1136Y00A
Top Assembly Part Number        : 800-26847-01
Top Assembly Revision Number    : B0
Version ID                      : V05
CLEI Code Number                : CNMW100ARC
Hardware Board Revision Number  : 0x09


Switch Ports Model              SW Version            SW Image
------ ----- -----              ----------            ----------
*    1 28    WS-C3560G-24PS     12.2(53)SE2           C3560-IPSERVICESK9-M


Configuration register is 0xF

--

I captured all traffic on VL100, connected into a port on VL100 on 3560 and I can see all in/out from each other, but looks like 3560 doesn't recognize the Hello pkts of the other one. Pings, eigrp and all stuff works flawless.

I even connected GNS3 router with bridged interface to that port on VL100 on 3560 and GNS3 router sees 6504 and 3560, but 3560 doesn't see this one too.

In the packet captures of the hellos there were no difference but the source ip and other small things. See attach.

I also rebooted the routers.

Can someone tell me what could be the issue?

Mohamed Sobair
Level 7
Level 7

Hi,

Can you confirm that UDP port 1958 which HSRP uses is not blocked on vlan 100 on both switches 3560 and 6500.

Mohamed

Hi,

  I have checked (again ) and there is no access-list to block VL100ip / UDP / 1985 on none interface on both routers.

I did the following test.

On 3560 I created access list to debug and filter UDP 1985 .

Here the acl 125 is bound to VL100. The state scanned with nmap shows 1985/udp filtered unknown , also wireshark shows that I receive unreachable/filtered. Check attach.

After I have un-bounded the ACL 125, the port is open and in wireshark I see no unreachable msg and all packets arrive.

Check also attach.

rack3-sw1_3560#sh access-list 122
Extended IP access list 122
    10 permit udp host 5.5.100.11 host 5.5.100.3 eq 1985 log (9 matches)
rack3-sw1_3560#sh access-list 125
Extended IP access list 125
    10 deny udp host 5.5.100.11 host 5.5.100.3 eq 1985 log (2 matches)
    20 permit ip any any log (816 matches)
rack3-sw1_3560#sh debug
Generic IP:
  IP packet debugging is on for access list 122

rack3-sw1_3560#sh ip int vl100
Vlan100 is up, line protocol is up
  Internet address is 5.5.100.3/24
  Broadcast address is 255.255.255.255
  Address determined by non-volatile memory
  MTU is 1500 bytes
  Helper address is not set
  Directed broadcast forwarding is disabled
  Multicast reserved groups joined: 224.0.0.10 224.0.0.2
  Outgoing access list is not set
  Inbound  access list is 125


rack3-sw1_3560(config)#int vl100
rack3-sw1_3560(config-if)#no ip access-group 125 in
rack3-sw1_3560(config-if)#end
rack3-sw1_3560#sh ip int vl100
Vlan100 is up, line protocol is up
  Internet address is 5.5.100.3/24
  Broadcast address is 255.255.255.255
  Address determined by non-volatile memory
  MTU is 1500 bytes
  Helper address is not set
  Directed broadcast forwarding is disabled
  Multicast reserved groups joined: 224.0.0.10 224.0.0.2
  Outgoing access list is not set
  Inbound  access list is not set


--not filtered:---


C:\nmap-5.21>nmap -v -sU 5.5.100.3 -p 1985

Starting Nmap 5.21 ( http://nmap.org ) at 2010-07-14 21:09 Central Europe Daylig
ht Time
Initiating ARP Ping Scan at 21:09
Scanning 5.5.100.3 [1 port]
Completed ARP Ping Scan at 21:09, 0.35s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 21:09
Completed Parallel DNS resolution of 1 host. at 21:09, 0.05s elapsed
Initiating UDP Scan at 21:09
Scanning 5.5.100.3 [1 port]
Completed UDP Scan at 21:09, 0.21s elapsed (1 total ports)
Nmap scan report for 5.5.100.3
Host is up (0.0020s latency).
PORT     STATE         SERVICE
1985/udp open|filtered unknown
MAC Address: 00:1D:A1:36:5E:C3 (Cisco Systems)

Read data files from: C:\nmap-5.21
Nmap done: 1 IP address (1 host up) scanned in 0.78 seconds
           Raw packets sent: 3 (98B) | Rcvd: 1 (42B)


rack3-sw1_3560#
*Mar  1 04:03:11.874: %SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 14 packets
*Mar  1 04:03:11.874: %SEC-6-IPACCESSLOGP: list 125 permitted udp 5.5.100.2(1985) -> 224.0.0.2(1985), 67 packets
*Mar  1 04:03:11.874: %SEC-6-IPACCESSLOGRP: list 125 permitted eigrp 5.5.100.2 -> 224.0.0.10, 13 packets
*Mar  1 04:03:11.874: %SEC-6-IPACCESSLOGNP: list 125 permitted 112 5.5.100.2 -> 224.0.0.18, 72 packets
*Mar  1 04:03:11.874: %SEC-6-IPACCESSLOGP: list 125 permitted udp 5.5.100.2(3222) -> 224.0.0.102(3222), 22 packets
*Mar  1 04:03:11.874: %SEC-6-IPACCESSLOGP: list 125 permitted tcp 5.5.100.2(25055) -> 5.5.100.3(23), 219 packets

---filtered:---


C:\nmap-5.21>nmap -v -sU 5.5.100.3 -p 1985

Starting Nmap 5.21 ( http://nmap.org ) at 2010-07-14 21:10 Central Europe Daylig
ht Time
Initiating ARP Ping Scan at 21:10
Scanning 5.5.100.3 [1 port]
Completed ARP Ping Scan at 21:10, 0.32s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 21:10
Completed Parallel DNS resolution of 1 host. at 21:10, 0.05s elapsed
Initiating UDP Scan at 21:10
Scanning 5.5.100.3 [1 port]
Completed UDP Scan at 21:10, 0.01s elapsed (1 total ports)
Nmap scan report for 5.5.100.3
Host is up (0.0030s latency).
PORT     STATE    SERVICE
1985/udp filtered unknown
MAC Address: 00:1D:A1:36:5E:C3 (Cisco Systems)

Read data files from: C:\nmap-5.21
Nmap done: 1 IP address (1 host up) scanned in 0.53 seconds
           Raw packets sent: 2 (70B) | Rcvd: 2 (98B)

*Mar  1 04:03:51.778: IP: s=5.5.100.11 (Vlan100), d=5.5.100.3, len 28, access denied

rack3-sw1_3560#


--not filtered again:--

C:\nmap-5.21>nmap -v -sU 5.5.100.3 -p 1985

Starting Nmap 5.21 ( http://nmap.org ) at 2010-07-14 21:11 Central Europe Daylig
ht Time
Initiating ARP Ping Scan at 21:11
Scanning 5.5.100.3 [1 port]
Completed ARP Ping Scan at 21:11, 0.36s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 21:11
Completed Parallel DNS resolution of 1 host. at 21:11, 0.05s elapsed
Initiating UDP Scan at 21:11
Scanning 5.5.100.3 [1 port]
Completed UDP Scan at 21:11, 0.21s elapsed (1 total ports)
Nmap scan report for 5.5.100.3
Host is up (0.0030s latency).
PORT     STATE         SERVICE
1985/udp open|filtered unknown
MAC Address: 00:1D:A1:36:5E:C3 (Cisco Systems)

Read data files from: C:\nmap-5.21
Nmap done: 1 IP address (1 host up) scanned in 0.78 seconds
           Raw packets sent: 3 (98B) | Rcvd: 1 (42B)


*Mar  1 04:04:35.978: IP: s=5.5.100.11 (Vlan100), d=5.5.100.3, len 28, rcvd 2
*Mar  1 04:04:35.978:     UDP src=44235, dst=1985
*Mar  1 04:04:35.978: IP: s=5.5.100.11 (Vlan100), d=5.5.100.3, len 28, stop process pak for forus packet
*Mar  1 04:04:35.978:     UDP src=44235, dst=1985pak 43A1210 consumed in input feature , packet consumed, MCI Check(63), rtype 0, forus FALSE, sendself FALSE, mtu 0
*Mar  1 04:04:36.078: IP: s=5.5.100.11 (Vlan100), d=5.5.100.3, len 28, input feature
*Mar  1 04:04:36.078:     UDP src=44236, dst=1985, MCI Check(63), rtype 0, forus FALSE, sendself FALSE, mtu 0
*Mar  1 04:04:36.078: IP: s=5.5.100.11 (Vlan100), d=5.5.100.3, len 28, rcvd 2
*Mar  1 04:04:36.078:     UDP src=44236, dst=1985
*Mar  1 04:04:36.078: IP: s=5.5.100.11 (Vlan100), d=5.5.100.3, len 28, stop process pak for forus packet
*Mar  1 04:04:36.078:     UDP src=44236, dst=1985

rack3-sw1_3560#

Mohamed Sobair
Level 7
Level 7

This is very strange. there is a communication between HSRP members using ,ulticast address 224.0.0.2 and udp port number 1958, yet they dont recognize each other.

I dont see any reason could prevent them from recognizing the active/standby routers but it could be some thing else like a bug or so.

I would suggest open a tac request attaching all your output results describing your issue clearly and see if they could tell you some thing.

HTH

Mohamed

I know it is very strange.

I will check soon with another IOS on the 3560.

Thanks for double-checking

Issue is solved on 3560 with another IOS.

Interface   Grp  Pri P State   Active          Standby         Virtual IP
Vl100       1    200 P Active  local           5.5.100.2       5.5.100.1
rack3-sw1_3560#


Interface   Grp  Pri P State   Active          Standby         Virtual IP
Vl100       1    130 P Standby 5.5.100.2       local           5.5.100.1
rack3-sw1_3560#

Thanks!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco