Re: the bug of HSRP and SPANNING-TREE or MLS???

c.chunxia · ‎06-06-2002

6509A---------------6509B

| |

--G0/1-3524---G0/2---

1¡¢6509A is root of spanning tree

2¡¢The ACTIVE gateway of 10.1.7.0 is on 6509A,and STANDBY is on 6509B

3¡¢G0/1of 3524 is FORWARDING£¬G0/2 is BLOCKING

4¡¢The ACTIVE gateway of 10.1.8.0 and 10.1.9.0 is on 6509B

5¡¢10.1.7.x is connected with 3524

sometime,10.1.7.x can't ping a maching of 10.18.0 or 10.1.9.0. Then I ping 10.1.7.250(the STANDBY gateway of HSRP),it success, and I go on ping same machine of 10.1.8.0 and 10.1.9.0. It can success!!!

I don't know why,pls help me.

6509A£º

interface Vlan7

ip address 10.1.7.252 255.255.255.0

ip access-group 117 out

no ip redirects

mls rp vtp-domain CMBDNB

mls rp ip

standby 7 priority 160 preempt

standby 7 ip 10.1.7.253

end

6509B£º

!

interface Vlan7

ip address 10.1.7.250 255.255.255.0

ip access-group 117 out

no ip redirects

mls rp vtp-domain CMBDNB

mls rp ip

standby 7 priority 150 preempt

standby 7 ip 10.1.7.253

end

!

interface Vlan8

ip address 10.1.8.250 255.255.255.0

no ip redirects

mls rp vtp-domain CMBDNB

mls rp ip

standby 8 priority 150 preempt

standby 8 ip 10.1.8.253

end

!

interface Vlan9

ip address 10.1.9.250 255.255.255.0

ip access-group 119 out

no ip redirects

mls rp vtp-domain CMBDNB

mls rp ip

standby 9 priority 150 preempt

standby 9 ip 10.1.9.253

end

jimmy_zhang2k1 · ‎06-07-2002

i think this topology is not hsrp,cause if the cat6509a down,all downlink switch will lost connection to the cat 6509

best regard

E.Z

rfroom · ‎06-07-2002

You do not need to to configure the "mls" command on the Cat6k unless the MSFC is acting as MLS RP for Cat5k in the network.

What version of software are you running?

MickPhelps · ‎06-07-2002

If I remember correctly, the "bug" regarding HSRP and STP relates to a "router on a stick" that is also bridging.

If you have a router that is using HSRP and connected to a switch *and* that router is also bridging on that interface, it is possible that the switch will block the port to the router and HSRP/routing will fail.

It doesn't appear to be the problem in your case.

Some notes: using preempt on an HSRP backup interface isn't useful without using "standby track". The priority will never lower on the primary, therefore, preempt is not needed... no harm, but not needed.

If you want to see if HSRP is giving you grief, run a DEBUG STAND and you will see your hellos in and out... also, you will see flapping if its occuring. Also, SHOW STAND will give you good info.

Mick.

c.chunxia · ‎06-11-2002

somebody tell me but I don't know whether it is correct

1¡¢pc1(10.1.7.*) sends an arp request broadcast(des ip=10.1.7.253,that is th

e gateway) before sending an

icmp echo request packet to 10.1.8.*;

2¡¢6509A responses with an arp reply(source ip=10.1.7.253;source MAC=virtual

router's MAC) since it is an

active router for that standby group;

3¡¢pc1(10.1.7.*) sends an icmp echo request packet to 10.1.8.*(des mac=virt

ual router's MAC);

4¡¢.....

5.pc2(10.1.8.*) sends an icmp echo reply to pc1 after it receives the icmp e

cho request packet.

6.6509B lookups its routing table for 10.1.7.*,because 10.1.7.0/24 is a conn

ected subnet,so the nexthop is

just 0.0.0.0,so it sends an arp request broadcast(des ip=10.1.7.*|sour ip=10

.1.7.253|sour mac=virtual router's MAC)

7.6509A and 3524 will forward that arp packet orderly.

8.pc1 sends an arp reply(des ip=10.1.7.253|des mac=virtual router's MAC)out

of interface G0/1,

after it receives the arp request ;

9.Because 6509a thinks that arp packet is destined to itself,it will not for

ward it.

10.As a result,6509B couldn't know the mac address of pc1,so.....

As you ping 10.1.7.250 on pc1

1.pc1 will first send an arp request broadcast(des ip=10.1.7.250) before sen

ding an

icmp echo request packet to 10.1.7.250

2.Now,6509B gets the Mac address of pc1 from that arp request broadcast,the

above problem is solved.

MickPhelps · ‎06-11-2002

I understand your explanation, but I'm not sure about this part:

6.6509B lookups its routing table for 10.1.7.*,because 10.1.7.0/24 is a conn

ected subnet,so the nexthop is

just 0.0.0.0,so it sends an arp request broadcast(des ip=10.1.7.*|sour ip=10

.1.7.253|sour mac=virtual router's MAC)

What you're saying is that 6509B is active on subnet 10.1.8.* and 6509A is active on 10.1.7.*, correct?

If the 6509B router is *not* the active router for subnet 10.1.7.*, why would it source the ARP request packet from the HSRP group IP/MAC address?

If this is happening, try using STANDBY USE-BIA on both 6509s. This will force them to use the burned in address on the interface instead of the HSRP MAC address.

Mick.

9w.boye · ‎06-19-2002

Interesting thread, I have to work on it.

But: I have read that it is not possible to use standby use-bia on the 6500 switches. Because I have not really understood why there is this restriction I am looking forward on further hints. William