Solved: HSRP not working on 4506 - Page 2

Hardik Pithadia · ‎04-17-2012

Hi Techies,

I m a Network engineer in company, we have around 800 users in the office.Below is the details of my network infra.

We have 4506 chasis with IOS version of 12.4 (44r) SG3
HSRP is configured for redundancy.
HSRP is configured on VLAN besis

The problem that HSRP is not working working properly, When my active VLAN goes down, Standby VLAN act as a Active VLAN but traffice is fail to

route trought that VLAN and i m not able to ping another vlan from that VALN.

Any early solution is highly appriciated.

Thanks in Advance.

Dan-Ciprian Cicioiu · ‎04-25-2012

Hi Hardik,

Yes, if you are considering that even vlan 2 could go down , then yes, you should have eirgp adjancency on every VLAN, in order to be sure that in any case you will be covered.

But considering that you have a down link to the access switches and a trunk link between the Core switches, in order for a SVI to go down , means that all the links to the access switches and also the trunk link to go down. I think that is hard to happend.

Dan

Bharat Negi · ‎04-25-2012

Hi Hardik

Please simulate the scenario of my previous post and share

1. "sh ip route" for Core A & B

2. HSRP states for VLAN 26 for Core A & B

3. "sh interface vlan 26" for Core A & B

4. traceroute to internet from end machine

I hope FW is configured in Active-Passive state.

Regards

Bharat

Hardik Pithadia · ‎04-26-2012

Hi Guys,

@ Dan ----- yes i will test on one of my vlan and configure EIGRP and you right that routing is only happening on Core A.

B'coz when i shut the standby Interface on Core A still trafiic is not routing from Core B for that perticuler VLAN.

My Test configuration will be (For VLAN 26)

on Core A :-configure terminal

router eigrp 26

no auto

network 172.20.13.130 0.0.0.0

on Core B :-configure terminal

router eigrp 26

no auto

network 172.20.13.130 0.0.0.0

Correct me if i am wrong.

@ Bharat

No...............firewall is configured with HA.

PFA ur required output.

Thanks & regards,

hardik

Bharat Negi · ‎04-26-2012

Hi Hardik

As per attached output it seems VLAN26 is not UP on Core A. HSRP state is unknown and VLAN26 subnet 172.20.13.128 is not reflecting in routing table (which is quite obvious as VLAN26 is down).

As per my previous post point, I specifically said to ensure VLAN26 to be UP (not in SHUT state) on Core A.

Till now, you have understood that it a routing issue. Dynamic protocol solution provided by DAN is good but is tedious in LAN/Switching scenario as VLANs will keep on increasing you will have more and more neighborships. VLAN is a virtual interface and possibility of it's going down is quite difficult till it is done by person. Hence it is recommended to avoid dynamic protocol.

Dan-Ciprian Cicioiu · ‎04-26-2012

Hi Hardik,

First of all I reiterate the idea that it's hard to have an interface vlan use for LAN down. And if they go down it means that your only layer 2 connection is to the firewall.

No, your config will not do anything at all. First of all the "network" statements are wrong on one of the Cores, because you must use the interface's IP when you put the "0.0.0.0" wildcard. But even if they were correct, you are forming a eigrp adjacency on vlan 26 and that's all.WHen the interface vlan 26 will go down your adjacency will go down and that's all.

The main reason for using a dynamic routing protocol is to use a vlan like the one used to interconnect the firewalls (vlan10) to form the eigrp adjacency and to advertise all the connected networks. The expected result - after forming a adjacency on vlan10 - You can use this config :

Core A

router eigrp 26

no auto

net 172.20.10.2 0.0.0.0

redistribute connected

Core B

router eigrp 26

no auto

net 172.20.10.3 0.0.0.0

redistribute connected

Dan

Hardik Pithadia · ‎05-07-2012

Dear Techies,

I have tested the setup with EIGRP as Dan suggested and i achieved the redundancy with HSRP.

@ Dan --- Thanks, It is working fine..... I have tested HSRP by powering off Core Switches simultaneously after configuring EIGRP on both switches.

Problem has been resolved.

Regards,

Hardik

suhas_syndrome · ‎08-25-2013

I HAVE THAE SAME PROBLEM WITH MY SETUP...

SHOULD I RUN EIGRP FOR BEST RESULT