HSRP help needed!

amai_yuki · ‎04-26-2006

HSRP configured as below:

1. two switches(3750) connected to two routers (2851) respectively, and the two switches inter-connected via trunk links.

2. HSRP configured on routers, router1 active for vlan1 & 2, standby for vlan3

3. router2 active for valn3, standby for vlan1 & 2

4. all 3 groups configured to use the same virtual MAC address (for the SNA purpose)

5. redudancy works fine on vlan1 & 2, but not vlan3, show standby bri returns both router in active state for vlan3 and the remote router ip unknown.

Is the same virtual MAC configured on all 3 groups causing the problem? can I configure this virtual MAC on the gi0/0 interface, and configure standby use-bia on the vlan interfaces instead??

any suggestions will be greatly appreciated!

vladrac-ccna · ‎04-26-2006

Hello,

the same MAC address wont be an issue if each VLAN has a subnet for it, as HSRP hellos works on multicast 224.0.0.2 and they would be isolated inside each vlan.

did you run debug standby packets? to see if you're receiving the hellos from the other router?

It looks like you have a connectivity issue or ACL blocking multicast for this vlan.

could you provide us with more information on this topology?

anyway check the following link:

http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a0080094afd.shtml

HTH,

Vlad

amai_yuki · ‎04-26-2006

Vlad, thanks for your reply, there is no ACL for this vlan, maybe the problem with the trunk config, but the configs are identical to all trunk ports:

interface GigabitEthernet1/0/3

description To P3 on switch2

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport trunk allowed vlan 10,1-4

switchport mode trunk

ip arp inspection trust

channel-group 1 mode on

ip dhcp snooping trust

devices of vlan3 on 2 swithes can't communicate each other, but vlan1 & 2 are fine.

(the vlan#s are bogus, so don't consider vlan1 as the defaul vlan)

vladrac-ccna · ‎04-26-2006

So, indeed you have a problem sending packets between the 2 switches on vlan 3

I can see that this interface belongs to a port-channel?

the configuration for all the interfaces are the same? I mean the physical and port-channel?

could you give us more detail on this?

and you could try debug ip udp to catch the HSRP packtes as well. and some show int switchport or show int trunk might help to find layer 2 issues.

let me know,

Vlad

amai_yuki · ‎04-26-2006

hi Vlad,

I've checked all the trunk/access ports, they have identical configs, the thing is why all other vlans are working fine but only vlan3?

some new findings:

1.vlan3 resides on switch2 and all other vlans reside on switch1 (sorry I told you that vlan3 on both switches, I was wrong), vlan3 can only talk to router2 connects to it directly, all other vlans can talk to both router

2. both trunk ports on switches that connected to the routers belong to native vlan10

3. vlan10 is shutdown on switch2, open on switch1

I guess this's most likely the problem(I can't change the config now, have to do it tomorrow during day, so can't test), if this is the cause, why? because vlan3 is allowed on all trunk ports.

sorry can't disclose too much details, I really appreciate your help!

vladrac-ccna · ‎04-27-2006

Hello again,

HSRP is usually simple to configure and the problems resides on connectivity issues between the routers inside the vlan where hsrp is configured or layer 2 brigdes, which cause duplicate hsrp packets to cause problems to hsrp process.

If you cant reach vlan 3 in one of the routers, you wont be able to use HSRP.

I guess you're on the way to correcting this problem.

Anyway I'd appreciate if you rated my posts, if they helped.

Vlad