I have two routers and have HSRP running between the fast ethernet interfaces. Actually there are two groups running. RTR_A real IP is .1 and it is Active for .3 (group 1). RTR_B real IP is .2 and it is Active for the .4 address (group 2). I want to remove one of the groups. Anyone know how I can see if the .4 virtual is being used as a default gateway by a client?
I would use a sniffer if I expect to see heavy load of ARP request.
"debug arp" would also help...but I simply would not dare :-)
I got both IP and MAC, perhaps we have different setup and configs.
*Mar 18 11:25:43.803: IP ARP: sent req src 10.1.1.1 cc01.12f4.0010,
dst 10.1.1.2 cc02.12f4.0010 FastEthernet1/0
You may wan to use mac address input accounting on Router B to get all MACs that sent frames to the interface.
ip accounting mac-address input
sh int <> mac-accounting
We're getting closer. I enabled accounting, sent some traffic, but the command show interface VLAN1 mac-acc shows the source MACs destined for the VLAN1 interface. That's works, but I may have clients pointing directly to the physical interface. Thanks for the command.
How can you determine that? A Client would have this information statically or dynamically within its TCP/IP information so what's to say this client hasn't be used for 2 weeks because the user was on vacation?
I'm afraid this request is not possible to accomplish without some leg work or having some technical support calls.
The command can be used to get a fair idea of the number of MACs sending traffic to router's interface. If we have just 2 routers and hosts, and if group 2 is active on Router B and no client is using .4, you shouldn't see any traffic right ?
It may or may not help depending on what else is going on in the LAN.
Sorry for any confusion but I didn't reply to you but to Collin. I suggest to view these posts in a threaded format.
The problem, of course, is another host can be "sitting" on the .4 gateway but, going forward, until they transmit to the gateway, you don't know they are there. If, as others have suggested, you monitored or sniffed traffic, you might find some of the hosts, but monitor for how long?
If you have standards for host IP configurations, e.g. DHCP unless "registered/approved hosts for static gateways", you could just wait until DHCP timeouts leases and change "known" static hosts.
If you've done all that you can, then you make the change prepared for a some "phone calls - my computer isn't working right" and might also be prepared for a quick rollback "our production web server that takes sales orders doesn't work!".
I'm a bit curious why you have two HSRP groups now and moving to just one group. Reason I ask, if you were doing the two groups for host to gateway load balancing, and if you planned to move to GLBP, there's an issue I believe I've discovered with such conversions.
This is a public network. No DHCP, all static IP's and there are no 'days w/o communications'. The problem is some of the IP's are customers in our data center and some of the engineers use the standard DG and some don't. I don't plan on using GLBP (no benefit) and the routers need to be cleaned up. I have no idea why there are two groups and I want to remove one if possible, hence my question.
"I have no idea why there are two groups and I want to remove one if possible, hence my question."
Well one possible reason for two mHSRP groups on the same subnet could be for gateway load balancing, especially before GLBP. With the advent of GLBP, often less need for mHSRP yet there are still some situations where it's better than GLBP. (I recall mHSRP used to only be supported on the high end routers, but believe support has been extended to additional low end routers.)
With OER/PfR, which will dynamically redirect traffic on received gateway to another path, load balancing with mHSRP or GLBP can also be slightly better.
Without OER/PfR, and using a single gateway, but with peers, OSPF equal path costing might be better than gateway balancing, although perhaps a bit more difficult to configure. Same would be true for EIGRP unless you use unequal cost routing, and there are issues with that. BGP preference for single path, and conditions to take advantage of multiple peer routers also might be more troublesome than gateway load balancing. (For instance if you have two routers with complete Internet BGP route tables, that iBGP peer, and you only send data to one as a gateway, normally "equal" AS paths will use just the gateway router's external facing interface.)
As to finding hosts that are using the .4 gateway, besides sniffing, perhaps an ACL that matches against the virtual MAC and logs it, could reveal hosts configured to use it.
I originally thought an ACL would work, but traffic would be going through it, not necessarily to it. I'll lab it up and see what happens. I understand the use of two groups, but the IP's that we're used make no sense in our environment. Completely different than everything else we use. Then again this was setup by a consultant >5 years ago.
Well that's annoying.
Concerning your other points, without knowing your network, lots of things can change over five years. It's also possible, consultant did it right then, but sometimes there's communications breakdowns too. When staffers say "I have no idea why there are two groups", sometimes indicate such.