cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1177
Views
0
Helpful
14
Replies

What is wrong with this HSRP config? Can't ping between these two routers

astanislaus
Level 2
Level 2

Without debug ip packet or sniffer, I can't seem to pin point the reason on why these two 2811 routers connected via x-over cable from fa0/1/3 of Router1 to fa0/1/3 of Router2 cannot get layer 3 up although layer 2 is up and CDP neigbors are seen.

fa0/1/3 and vlan 70 are both up on both routers, yet no IP connectivity.

There is something simple I am missing.

========================================

Router1:

========

IOS used: c2800nm-adventerprisek9-mz.124-9.T1.bin

interface FastEthernet0/1/3

switchport access vlan 70

duplex full

speed 100

interface Vlan70

ip address 1.1.10.2 255.255.255.0

standby 20 ip 1.1.10.1

standby 20 priority 120

standby 20 preempt

Router1(vlan)show

VLAN ISL Id: 70

Name: Test_Vlan

Media Type: Ethernet

VLAN 802.10 Id: 100070

State: Operational

MTU: 1500

Router1#show standby

Vlan70 - Group 20

State is Active

5 state changes, last state change 05:48:41

Virtual IP address is 1.1.10.1

Active virtual MAC address is 0000.0c07.ac14

Local virtual MAC address is 0000.0c07.ac14 (v1 default)

Hello time 3 sec, hold time 10 sec

Next hello sent in 1.616 secs

Preemption enabled

Active router is local

Standby router is unknown

Priority 120 (configured 120)

show interface shows:

FastEthernet0/1/3 is up, line protocol is up

Vlan70 is up, line protocol is up

show cdp neighbor shows Router2 as neighbor on fa0/1/3

=====================================================

Router2:

========

IOS used: c2800nm-adventerprisek9-mz.124-9.T1.bin

interface FastEthernet0/1/3

switchport access vlan 70

duplex full

speed 100

interface Vlan70

ip address 1.1.10.3 255.255.255.0

standby 20 ip 1.1.10.1

standby 20 preempt

Router2(vlan)show

VLAN ISL Id: 70

Name: Test_Vlan

Media Type: Ethernet

VLAN 802.10 Id: 100070

State: Operational

MTU: 1500

Router2#show standby

Vlan70 - Group 20

State is Active

5 state changes, last state change 05:59:58

Virtual IP address is 1.1.10.1

Active virtual MAC address is 0000.0c07.ac14

Local virtual MAC address is 0000.0c07.ac14 (v1 default)

Hello time 3 sec, hold time 10 sec

Next hello sent in 0.708 secs

Preemption enabled

Active router is local

Standby router is unknown

Priority 100 (default 100)

show interface shows:

FastEthernet0/1/2 is up, line protocol is up

Vlan70 is up, line protocol is up

show cdp neighbor shows Router1 as neighbor on fa0/1/3

14 Replies 14

andrew.prince
Level 10
Level 10

Question - is there a specific reason why you are using a vlan on 2 interfaces connected via an x-over?

I personally would change the interfaces back to layer 3 and configure them directly.

John Blakley
VIP Alumni
VIP Alumni

Under Router2, you have:

interface FastEthernet0/1/3

switchport access vlan 70

duplex full

speed 100

Under the same router's "sh int", it shows:

FastEthernet0/1/2 is up, line protocol is up

Vlan70 is up, line protocol is up

Can you post fa0/1/3's sh int?

Can you ping the other router sourcing from the physical ip on either router?

HTH,

John

HTH, John *** Please rate all useful posts ***

Can you ping between the addresses ? Are these interfaces on a hwic ? Don't see anything obvious either. Trying adding the command "switchport" to both interfaces .

mschooley
Level 1
Level 1

one other question, not really related, but you want preempt on both of them?

On r1 - we confirmed Layer2 is up for fa0/1/2 and vlan70

=======================================

RISSGP0114(config)#int f0/1/2

RISSGP0114(config-if)#sw mode acces

RISSGP0114(config-if)#

RISSGP0114(config-if)#end

Jul 1 01:16:17.140 GMT+8: %SYS-5-CONFIG_I: Configured from console by ga2reye on vty0 (10.200.20.13)

RISSGP0114#

RISSGP0114#

RISSGP0114#sh run int f0/1/2

Building configuration...

Current configuration : 62 bytes

!

interface FastEthernet0/1/2

switchport access vlan 70

end

RISSGP0114#sh run int vlan 70

Building configuration...

Current configuration : 144 bytes

!

interface Vlan70

description Test

ip address 1.1.1.1 255.255.255.0

standby 20 ip 1.1.1.3

standby 20 priority 120

standby 20 preempt

end

RISSGP0114#

RISSGP0114#

RISSGP0114#debug ip packet 100 detail

IP packet debugging is on (detailed) for access list 100

RISSGP0114#

RISSGP0114#debug arp

ARP packet debugging is on

RISSGP0114#

RISSGP0114#

RISSGP0114#

RISSGP0114#

RISSGP0114#

RISSGP0114#ping 1.1.1.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 1.1.1.2, timeout is 2 seconds:

Jul 1 01:10:05.722 GMT+8: IP: tableid=0, s=1.1.1.1 (local), d=1.1.1.2 (Vlan70), routed via RIB

Jul 1 01:10:05.722 GMT+8: IP: s=1.1.1.1 (local), d=1.1.1.2 (Vlan70), len 100, sending

Jul 1 01:10:05.722 GMT+8: ICMP type=8, code=0

Jul 1 01:10:05.722 GMT+8: IP ARP: creating incomplete entry for IP address: 1.1.1.2 interface Vlan70

Jul 1 01:10:05.722 GMT+8: IP ARP: sent req src 1.1.1.1 0017.59de.ac90,

dst 1.1.1.2 0000.0000.0000 Vlan70

Jul 1 01:10:05.722 GMT+8: IP: s=1.1.1.1 (local), d=1.1.1.2 (Vlan70), len 100, encapsulation failed

Jul 1 01:10:05.722 GMT+8: ICMP type=8, code=0.

Jul 1 01:10:07.722 GMT+8: IP: tableid=0, s=1.1.1.1 (local), d=1.1.1.2 (Vlan70), routed via RIB

Jul 1 01:10:07.722 GMT+8: IP: s=1.1.1.1 (local), d=1.1.1.2 (Vlan70), len 100, sending

Jul 1 01:10:07.722 GMT+8: ICMP type=8, code=0

Jul 1 01:10:07.722 GMT+8: IP ARP: sent req src 1.1.1.1 0017.59de.ac90,

dst 1.1.1.2 0000.0000.0000 Vlan70

Jul 1 01:10:07.722 GMT+8: IP: s=1.1.1.1 (local), d=1.1.1.2 (Vlan70), len 100, encapsulation failed

0000.0000.0000 Vlan70

Jul 1 01:10:09.722 GMT+8: IP: s=1.1.1.1 (local), d=1.1.1.2 (Vlan70), len 100, encapsulation failed

Jul 1 01:10:09.722 GMT+8: ICMP type=8, code=0.

Jul 1 01:10:11.722 GMT+8: IP: tableid=0, s=1.1.1.1 (local), d=1.1.1.2 (Vlan70), routed via RIB

Jul 1 01:10:11.722 GMT+8: IP: s=1.1.1.1 (local), d=1.1.1.2 (Vlan70), len 100, sending

Jul 1 01:10:11.722 GMT+8: ICMP type=8, code=0

Jul 1 01:10:11.722 GMT+8: IP ARP: sent req src 1.1.1.1 0017.59de.ac90,

dst 1.1.1.2 0000.0000.0000 Vlan70

Jul 1 01:10:11.722 GMT+8: IP: s=1.1.1.1 (local), d=1.1.1.2 (Vlan70), len 100, encapsulation failed

Jul 1 01:10:11.722 GMT+8: ICMP type=8, code=0.

Jul 1 01:10:13.722 GMT+8: IP: tableid=0, s=1.1.1.1 (local), d=1.1.1.2 (Vlan70), routed via RIB

Jul 1 01:10:13.722 GMT+8: IP: s=1.1.1.1 (local), d=1.1.1.2 (Vlan70), len 100, sending

Jul 1 01:10:13.722 GMT+8: ICMP type=8, code=0

Jul 1 01:10:13.722 GMT+8: IP ARP: sent req src 1.1.1.1 0017.59de.ac90,

dst 1.1.1.2 0000.0000.0000 Vlan70

Jul 1 01:10:13.722 GMT+8: IP: s=1.1.1.1 (local), d=1.1.1.2 (Vlan70), len 100, encapsulation failed

Jul 1 01:10:13.722 GMT+8: ICMP type=8, code=0.

Success rate is 0 percent (0/5)

RISSGP0114#

Jul 1 01:10:18.654 GMT+8: IP ARP: rcvd req src 172.10.220.129 0009.0f09.1600, dst 172.10.220.4 FastEthernet0/0

RISSGP0114#sh access-list 100

Extended IP access list 100

10 permit ip any host 1.1.1.2 (15 matches)

RISSGP0114#

And same on other router

ISSGP0115(config)#int f0/1/2

RISSGP0115(config-if)#sw mode access

RISSGP0115(config-if)#

RISSGP0115(config-if)#end

Jul 1 01:16:02.127 GMT+8: %SYS-5-CONFIG_I: Configured from console by ga2reye on vty0 (10.200.20.13)

RISSGP0115#debug ip packet 100 detail

IP packet debugging is on (detailed) for access list 100

RISSGP0115#debug arp

ARP packet debugging is on

RISSGP0115#

RISSGP0115#sh run int

Jul 1 01:16:17.140 GMT+8: %SYS-5-CONFIG_I: Configured from console by ga2reye on vty0 (10.200.20.13) f0/1/2

Building configuration...

Current configuration : 62 bytes

!

interface FastEthernet0/1/2

switchport access vlan 70

end

RISSGP0115#sh run int vlan 70

Building configuration...

Current configuration : 119 bytes

!

interface Vlan70

description Test

ip address 1.1.1.2 255.255.255.0

standby 20 ip 1.1.1.3

standby 20 preempt

end

RISSGP0115#

RISSGP0115#ping 1.1.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:

Jul 1 01:16:29.076 GMT+8: IP: tableid=0, s=1.1.1.2 (local), d=1.1.1.1 (Vlan70), routed via RIB

Jul 1 01:16:29.076 GMT+8: IP: s=1.1.1.2 (local), d=1.1.1.1 (Vlan70), len 100, sending

Jul 1 01:16:29.076 GMT+8: ICMP type=8, code=0

Jul 1 01:16:29.076 GMT+8: IP ARP: creating incomplete entry for IP address: 1.1.1.1 interface Vlan70

Jul 1 01:16:29.076 GMT+8: IP ARP: sent req src 1.1.1.2 001f.6c95.66d0,

dst 1.1.1.1 0000.0000.0000 Vlan70

Jul 1 01:16:29.076 GMT+8: IP: s=1.1.1.2 (local), d=1.1.1.1 (Vlan70), len 100, encapsulation failed

Jul 1 01:16:29.076 GMT+8: ICMP type=8, code=0

Jul 1 01:16:29.452 GMT+8: IP ARP: rcvd req src 172.10.220.129 0009.0f09.1600, dst 172.10.220.5 FastEthernet0/0

Jul 1 01:16:29.452 GMT+8: IP ARP: sent rep src 172.10.220.5 001f.6c95.66d0,

dst 172.10.220.129 0009.0f09.1600 FastEthernet0/0.

Jul 1 01:16:31.072 GMT+8: IP: tableid=0, s=1.1.1.2 (local), d=1.1.1.1 (Vlan70), routed via RIB

Jul 1 01:16:31.072 GMT+8: IP: s=1.1.1.2 (local), d=1.1.1.1 (Vlan70), len 100, sending

Jul 1 01:16:31.072 GMT+8: ICMP type=8, code=0

Jul 1 01:16:31.072 GMT+8: IP ARP throttled out the ARP Request for 1.1.1.1

Jul 1 01:16:31.072 GMT+8: IP: s=1.1.1.2 (local), d=1.1.1.1 (Vlan70), len 100, encapsulation failed

Jul 1 01:16:31.072 GMT+8: ICMP type=8, code=0.

Jul 1 01:16:33.072 GMT+8: IP: tableid=0, s=1.1.1.2 (local), d=1.1.1.1 (Vlan70), routed via RIB

Jul 1 01:16:33.072 GMT+8: IP: s=1.1.1.2 (local), d=1.1.1.1 (Vlan70), len 100, sending

Jul 1 01:16:33.072 GMT+8: ICMP type=8, code=0

Jul 1 01:16:33.072 GMT+8: IP ARP: sent req src 1.1.1.2 001f.6c95.66d0,

dst 1.1.1.1 0000.0000.0000 Vlan70

Jul 1 01:16:33.072 GMT+8: IP: s=1.1.1.2 (local), d=1.1.1.1 (Vlan70), len 100, encapsulation failed

Jul 1 01:16:33.072 GMT+8: ICMP type=8, code=0.

Jul 1 01:16:35.072 GMT+8: IP: tableid=0, s=1.1.1.2 (local), d=1.1.1.1 (Vlan70), routed via RIB

Jul 1 01:16:35.072 GMT+8: IP: s=1.1.1.2 (local), d=1.1.1.1 (Vlan70), len 100, sending

Jul 1 01:16:35.072 GMT+8: ICMP type=8, code=0

Jul 1 01:16:35.072 GMT+8: IP ARP: sent req src 1.1.1.2 001f.6c95.66d0,

dst 1.1.1.1 0000.0000.0000 Vlan70

Jul 1 01:16:35.072 GMT+8: IP: s=1.1.1.2 (local), d=1.1.1.1 (Vlan70), len 100, encapsulation failed

Jul 1 01:16:35.072 GMT+8: ICMP type=8, code=0.

Jul 1 01:16:37.072 GMT+8: IP: tableid=0, s=1.1.1.2 (local), d=1.1.1.1 (Vlan70), routed via RIB

Jul 1 01:16:37.072 GMT+8: IP: s=1.1.1.2 (local), d=1.1.1.1 (Vlan70), len 100, sending

Jul 1 01:16:37.072 GMT+8: ICMP type=8, code=0

,

Hi ,

instead of using fast ethernet ports as access port on both routers use them as trunk prot and allow only vlan 70 through that port.Check the ping response after making those ports as trunk.

Thanks,

satish

ping 1.1.1.2 source 1.1.1.3

ping 1.1.1.3 source 1.1.1.2

The source IP address must not be 1.1.1.1, because 1.1.1.1 is considered as themselves on both side.

Then you can figure out whether the layer 3 are ok.

It is IP address subnet mismatch ! you use 1.1.10.0/24 on one router, but use 1.1.1.0/24 on the other router.

are you using ios emulator like dynamips?

or is the x-over cable dodgy?

Hello Alphonse,

the involved physical ports are on some form of etherswitch module.

The debug commands show that SVI vlan 70 is considered up/up but there is no L2 counterpart and so the encapsulation fails.

Now, in a real stand-alone switch using

switchport

switchport mode access

switchport access vlan 70

is enough to have the L2 vlan 70 created automatically (in newer releases that don't use vlan database).

To understand if the L2 Vlan70 really exist do

sh spanning-tree vlan 70

you may need to create explicitly the vlan before using.

if you have partner access see the following:

http://www.cisco.com/en/US/partner/docs/ios/12_4/interface/configuration/guide/h1636nm.html#wp1092154

it says to use the vlan database mode to create the L2 vlan object

enable

2. vlan database

3. vlan vlan-id [are hops] [backupcrf mode] [bridge type | number] [media type] [mtu mtu-size] [name vlan-name] [parent parent-vlan-id] [ring ring-number] [said sa-id-value] [state {suspend | active}] [stp type type] [tb-vlan1 tb-vlan1-id] [tb-vlan2 tb-vlan2-id]

4. no vlan vlan-id

5. exit

So this can be the issue here.

We are so used with newer switches and their ability to create vlans on demand.

Why vlan70 is up/up is another question

Hope to help

Giuseppe

Would you like to post the whole output below ? RISSGP0114 and RISSGP0115

show int f0/1/2

show int vlan 70

show arp | include 1.1.1.

show mac- | include

Wandering

kishan1984
Level 1
Level 1

In debug output it is showing encapsulation failed,so kindly check it first.

kishan1984
Level 1
Level 1

One more thing that type only "switchport" command under both routers fast eth interfaces.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: