I have a 3660 and a 2610 which I intend to use in a HSRP group for a redundant default gateway.
The two routers are connected to a 3512 switch which does VLAN and so both routers only have one interface, the one connected to the switch.
There are 3 VLANs. One for my internal network 192.168.2.0/24, one for the DMZ 192.168.1.0/24 and one for the Internet. I have one public IP address, 188.8.131.52 and my default gateway on the Internet is 184.108.40.206.
When using only the 3660 or the 2610 and when set up without HSRP, everything works just fine, I can ping the default gateway and everything.
But when I enable HSRP it all stop working. The routers use the address 192.168.2.253 and 192.168.2.254 respectively and are set to create a virtual router with the address of 192.168.2.1 on the internal network. This works just fine. On the DMZ it works great as well.
But on the external interface towards the internet it does not work fine.
Since I only have one external IP adress I use a few private ones, okay this is not a very nice solution but hey, what choice do I have? Here's the configuration for the external interface
interface FastEthernet 0/0.25
ip address 192.168.254.1 255.255.255.252
standby 13 ip 220.127.116.11
standby 13 priority 110
interface Ethernet 0/0.25
ip address 192.168.254.2 255.255.255.252
standby 13 ip 18.104.22.168
standby 13 priority 100
Both routers can ping each other on the external interface, but neither can ping 22.214.171.124. When doing a show standby FastEthernet 0/0.25 everything shows up just fine, and 126.96.36.199 is set as active ip. Though when looking in the arp cache 188.8.131.52 does not show up, so I configured it statically. It made no difference.
the way I understood the active router never actually communicates with the standby router through the active adress but via the address assigned to the interface, that is in my case 192.168.254.1 and .2
Anyway, this was actually something which I suspected quite early on. And so I tried using two public IP adresses.
I assigned 184.108.40.206 to the 2610 and 220.127.116.11 to the 3660 and lastly 18.104.22.168 to the virtual router.
This didn't work either.
When I use an IP which does not "belong" to me I cannot ping my default gateway (22.214.171.124). But this should have no impact, should it? The routers ought to just communicate among themselves, right?
I seem to have missed a bit on the inner workings of HSRP.
Reason why you cannot use a different subnet for the virtual IP, is that the router doesnt know how to reach that subnet. When you assign 192.168.254.1 and .2 to the physical interface, the router knows that its ethernet interface is attached to 192.168.254.0 network.
But when you assign 126.96.36.199 network to the virtual IP, it doesnt know that to reach this network, it has to use ethernet interface.
What was the status of HSRP, when you configured the virtual Ip and physical IP from the same subnet (188.8.131.52, 217 and 219) ?
Give a show standby and see if one has become active and the other has become standby.
Also see if you can ping from .218 to .219 or vice versa.
So what happens, when you try to ping 184.108.40.206.
Is it still not pinging ? Have you configured any accesslist on the 220.127.116.11 device ? What device is it ? Is it under your administration ? Give a show arp on the 3660 and see what mac address you see for the ip address (7.1)
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...