cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
508
Views
0
Helpful
4
Replies

HSRP standy router IP not showing

Anand Narayana
Level 6
Level 6

Hi,

i have got 6509 with l3, now with the below said configuration, i couldn't not able to the standby router ip address, instead it shows me "unknown" but for others vlan it shows me the standby router ip address, is that because that i had put access-list & will the access-list has affected that?

----------------------------------------

Main Layer3 card

interface Vlan199

description ***PCR Network***

ip address 192.168.3.254 255.255.255.0

ip access-group 101 in

ip access-group 103 out

no ip redirects

ip pim sparse-mode

mls rp ip

standby 199 ip 192.168.3.252

standby 199 timers 5 15

standby 199 priority 109

standby 199 preempt

Vlan199 - Group 199

Local state is Active, priority 109, may preempt

Hellotime 5 sec, holdtime 15 sec

Next hello sent in 1.548

Virtual IP address is 192.168.3.252 configured

Active router is local

Standby router is unknown

Virtual mac address is 0000.0c07.acc7

19 state changes, last state change 10w5d

IP redundancy name is "hsrp-Vl199-199" (default)

access-list 101 permit ip 192.168.3.0 0.0.0.255 10.2.9.0 0.0.0.255

access-list 101 permit ip 192.168.3.0 0.0.0.255 10.2.1.0 0.0.0.255

access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.3.0 0.0.0.255

access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255

----------------------------------------

Standby Layer3 card

interface Vlan199

description ***PCR Network***

ip address 192.168.3.253 255.255.255.0

ip access-group 101 in

ip access-group 103 out

no ip redirects

ip pim sparse-mode

mls rp ip

standby 199 ip 192.168.3.252

standby 199 timers 5 15

standby 199 priority 110

standby 199 preempt

Vlan199 - Group 199

Local state is Active, priority 110, may preempt

Hellotime 5 sec, holdtime 15 sec

Next hello sent in 0.910

Virtual IP address is 192.168.3.252 configured

Active router is local

Standby router is unknown

Virtual mac address is 0000.0c07.acc7

3 state changes, last state change 10w5d

IP redundancy name is "hsrp-Vl199-199" (default)

access-list 101 permit ip 192.168.3.0 0.0.0.255 10.2.9.0 0.0.0.255

access-list 101 permit ip 192.168.3.0 0.0.0.255 10.2.1.0 0.0.0.255

access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.3.0 0.0.0.255

access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255

------------------------------------------

1 Accepted Solution

Accepted Solutions

Hi Friend,

You can keep the accesslist as it is but just include one more ip address as permit statement

allow 224.0.0.2 ip address in extended access list as destination address and source any and add it into your existing acces list.

HTH, if yes please rate the post.

Ankur

View solution in original post

4 Replies 4

ankurbhasin
Level 9
Level 9

Hi Anand,

Both the routers are thinking themselves to be active if you check the sh stahndy status which you have pasted "Local state is Active"

This means hello packets are getting lost between the 2 routers and they are not able to detect which is active and which is standy router.

Your accesss list can be one of the reason because you have allowed only 4 set of ip addresses and rest are implicit deny as per access list rules and HSRP hello packet carries 224.0.0.2 in its hello packet as destination address.

Can you permit this ip in your access list and see what happens.

HTH

Ankur

Hi Ankur,

thanks for the reply. with your response i had come to know that access-list is causing this problem, because for other VLAN's i hav't put the access-list, so i am sure that if i remove the access-list one will become active & other will become standby, but my requirement requires access-list for VLAN 199, so how will i proceed?

Hi Friend,

You can keep the accesslist as it is but just include one more ip address as permit statement

allow 224.0.0.2 ip address in extended access list as destination address and source any and add it into your existing acces list.

HTH, if yes please rate the post.

Ankur

shsong21
Level 1
Level 1

You have to add to "permit ip any any" a end your access-list.

access-list 101 permit ip any any

access-list of default option is deny.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: