01-11-2007 04:23 PM - edited 03-05-2019 01:44 PM
My MSFC has been reporting an issue with HSRP for the past few days. Seeing the following:
33w6d: IP-EIGRP: Neighbor 10.73.136.2 not on common subnet for Vlan158 (10.73.65.3 255.255.255.0)
33w6d: IP-EIGRP: Neighbor 10.73.65.3 not on common subnet for Vlan17 (10.73.136.3 255.255.248.0)
Jan 10 15:02:48: %STANDBY-3-BADAUTH: Bad authentication from 10.73.65.2, remote state Standby
33w6d: IP-EIGRP: Neighbor 10.73.136.2 not on common subnet for Vlan158 (10.73.65.3 255.255.255.0)
33w6d: IP-EIGRP: Neighbor 10.73.65.3 not on common subnet for Vlan17 (10.73.136.3 255.255.248.0)
33w6d: IP-EIGRP: Neighbor 10.73.136.2 not on common subnet for Vlan158 (10.73.65.3 255.255.255.0)
Jan 10 15:03:19: %STANDBY-3-BADAUTH: Bad authentication from 10.73.136.2, remote state Active
I know what everyone will say "Check authentication". Been there done that.
Topology:
2 Cat6509s. Each with dual Supervisor/MSFC modules. Both switches connect together via Etherchannel. HSRP Vlan peers are setup where peer 1 is in Switch/MSFC-1 and peer 2 is in Switch/MSFC-2.
MSFC configuration:
Compared running and starting configuration on both MSFCs. IP addressing and HSRP authentication are correct.
MSFC-1
----------
interface Vlan17
ip address x.x.17.130 255.255.255.0 secondary
ip address 10.73.136.2 255.255.248.0
no ip redirects
no ip unreachables
ip pim version 1
ip pim sparse-mode
standby 1 timers 5 15
standby 1 priority 110 preempt
standby 1 authentication vlan17
standby 1 ip 10.73.136.1
standby 1 ip x.x.17.129 secondary
interface Vlan158
ip address x.x.158.2 255.255.255.0 secondary
ip address 10.73.65.2 255.255.255.0
no ip redirects
no ip unreachables
ip pim version 1
ip pim sparse-mode
standby 1 timers 5 15
standby 1 priority 110 preempt
standby 1 authentication vlan158
standby 1 ip 10.73.65.1
standby 1 ip x.x.158.1 secondary
end
MSFC-2
-----------
interface Vlan17
ip address x.x.17.131 255.255.255.0 secondary
ip address 10.73.136.3 255.255.248.0
no ip redirects
no ip unreachables
ip pim version 1
ip pim sparse-mode
standby 1 timers 5 15
standby 1 priority 100 preempt
standby 1 authentication vlan17
standby 1 ip 10.73.136.1
standby 1 ip x.x.17.129 secondary
end
interface Vlan158
ip address x.x.158.3 255.255.255.0 secondary
ip address 10.73.65.3 255.255.255.0
no ip redirects
no ip unreachables
ip pim version 1
ip pim sparse-mode
standby 1 timers 5 15
standby 1 priority 100 preempt
standby 1 authentication vlan158
standby 1 ip 10.73.65.1
standby 1 ip x.x.158.1 secondary
end
====================================
My question is why is my Vlan 17 neighbor trying to authenticate with my Vlan 158 neighbor according to the syslog message? I believe this is why the authentication message appears. These messages are only occurring on 1 of the MSFCs.
01-11-2007 07:21 PM
Jeffrey
The symptoms sound like the switches/VLANs are cross connected: interface VLAN17 seems to be receiving data from VLAN158 of the other switch. The error messages not only show a problem with HSRP but also show a problem with EIGRP.
Is there a possibility that some port got connected wrong? Or is there a possibility that there is a mismatched native VLAN between the switches?
The configs look correct, but if there is some kind of cross connect it would explain both the authentication error in HSRP (it is expecting to authenticate with vlan17 but is receiving vlan158) and the EIGRP error message.
HTH
Rick
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: