Cisco Switching/Routing :: 6509 - HSRP Standby Address Not Reachable
Jun 11, 2013
I have my hsp setup where switch A and switch B share active/standby roles among several vlans. In the last few weeks, i have seen trouble tickets where connectivity is lost and upon investigation i discover that i can ping physical interface IP addresses for both standby and active devices but not the standby IP. I have also validated configurations and layer 2 paths and they haven't been broken.
What I end up doing is failover to the standby device and back and the problem clears, reachability is restored. My question is whether I am solving this the right way. If so, what is it that would cause the standby IP to not be reachable and how does my solution fix that? N/B the switches are catalyst 6509's.
I have been reading several posts in this forum to try to understand ACL behaviour on a standby HSRP 6500, I would be glad to get this cleared.I have two 6509 running HSRP for all Vlans...I created VLAN 100 with standby ip address 192.168.1.129 255.255.255.128
Active 6509 (SW01) ip is 192.168.1.130/25, priority 120 Standby 6509 (SW02) ip is 192.168.1.131/25
I have created a DHCP server on the standby 6509 only on the same VLAN 100 with a defaul router of 192.168.1.129 (i.e. the hsrp vip). I connected a pc directly to the ethernet port on the standby 6509 and put it under VLAN 100 and it obtained its ip 192.168.1.200 from the ios dhcp.Now I want to restrict this PC (and any other on its subnet) to access only a remote server 172.168.10.10 and nothing else. I have created the following access list, allowing traffic to the remote server, ospf and hsrp updates,ios dhcp...
Extended IP access list SWRES 10 permit ospf any any log (172 matches) 20 permit ip any host 172.168.10.10 30 permit ip any host 224.0.0.2 40 permit udp any host 255.255.255.255 eq bootpc 50 deny ip any any log (52 matches)
I have applied this ACL on both the 6509s under interface VLAN 100 ip access-group SWRES in
1. When I ping different subnets on the 6509s from the PC, I still receive icmp replies although I expected the acl to pass traffic destined for the remote server only. I do get deny log messages on the Active 6509, but not on the standby 6509 where the PC is connected.
2. Is permitting bootpc in the acl enough for IOS DHCP server and client operation? Do i need to explicitly permit access to the defaul-router configured in the DHCP, which happens to be the VLAN 100 gateway ip and hsrp vip as well (192.168.1.129)
3. I do get deny logs on both the 6509s from the PC trying to access the local VLAN 100 broadcast address on ports 137, 138.
%SEC-6-IPACCESSLOGP: list SWRES denied udp 192.168.1.200(137) -> 192.168.1.255(137)
I am running HSRP on three 4506 switches..S1(active) S2( standby) and S3(listen)..S1 is active for all the vlansRight now, I wanted to make S3 active for two vlans: vlan 10 and 19What would be the impact to the end hosts?Also, can you tell me why the arp is not syncing for all the three devices? [code]
I am working on two Nexus 7010 with 5.1.5 NX-OS version. I configure HSRP traditionnaly, Nexus 1 with a priority of 200 and Nexus 2 with a priority of 100 for all vlan.
When I change the priority of a vlan to 200 to 50 for example, Nexus 2 become active and Nexus 1 standby. The problem is that when I do a traceroute from a PC the packet take the Nexus 1 as defaut gateway all the time.....
For information I have a peer link between the 2 Nexus for vPC.
Normally when we do HSRP with vPC on N7K the device will be Active/Standby in control plane but it will be Active/Active in data plane. In this case any traffic reach to standby device it can forward traffic directly to uplink which is not my desire. My goal is all traffic should pass through active (control plane) device in every case unless active device totally dead. So Is it possible for Nexus 7000 to be HSRP Active/Standby in Data Plane ?
I have router connected to 2 3550 switches directly. 3550A and B switches are running HSRP. OSPF is running between Router and 2 switches.
From Switch B i can ping the Router Wan interface but not the internet sites. from Switch A i can ping any sites?
Switch B 3550SMIB# sh ip routeCodes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1
If I setup 4948E's in HSRP configuration. And I connect devices to the Standby Unit that do not require redundancy. Will there be any issues passing traffic? I don't believe that standby unit blocks the traffic but wanted to confirm.
I have to migrate two Cat6K series switches in a Data center to the new Cisco 6509 Series switches with no downtime. i know there are few threads on the same topic but none of them discuss about the downtime.The two Old Cat6K series switches are working in HSRP redundant mode. All access/Dist switches are dual homed to these two switches in downlink direction. In the uplink direction a router is dual homed to both Switches. Now my requirement is to completely migrate the configuration from the old switches to the new one in VSS mode without any downtime. Already VTP server is running on of the old switches so VLAN migration is not an issue. I will update the network diagram in few hours .As per now i am going to follow these steps:
1. Remove active links from switch 1 and shut it down 2. Monitor network and traffic impact on switch 2 3. Install the new 6509 switch along with switch 2 (VSS config already done in Staging) 4. Config HSRP and make it standby 5. Connect all removed links back to new switch 6. Remove old switch 2 and monitor network 7. Connect new switch with VSS config 8. Connect the two new switches together in VSS and move virtual IP to SVI.
During last step i think i will face some minor packet drops.
I have multiple 6509 vss switch. and i notice when the standby chassis reboot I didn't get any snmp trap, but I got when the active one reboot. my question is is there any mib out there for detecting and got a trap when standby reboot?
I have 2 6509 chasis with one SUP720-3B in each and current IOS is s72033-ipservicesk9_wan-mz.122-18.SXF4 and 2 FWSM with version is 3.3.1 I need to upgrade FWSM system software to 4.1, after checking FWSM 4.1 release notes, I thought of upgrading IOS to latest version to 12.2(33)SXJ.I got new 2 CF of 512MB and downloaded the new IOS on them and need to upgrade 6509 IOS first to meet the requirement for FWSM upgrade.
One of our customer , where there 2 6509 switch , one is Core_sw1 and other is Core_sw2 , catering about 32 Vlan , and HSRP in running for all Vlans , till here no problem , now there internet Router which having one Internet link , which connected and configured on Core_sw1 in a way that one interface of Core_sw1 is given Public IP and there is vlan 85 which internet vlan and vlan 85 ip are natted with that public IP with one simple static route given toward internet router , this is how internet is working ok.
Now i have configured vlan 85 in hsrp as all other are , how can give redundancy to vlan 85 user , that if Core_sw1 get down , internet traffic can get out through Core_sw2.using same internet router with single internet link .i am not talking of ISP redundancy , but Vlan 85 in Core_sw1 goes down , other Core_sw2 will server internet.
I have a few old 2600 routers (2621, different IOS's) which I'm now replacing for new one's from the 2900 series (2901, Version 15.1(4)M4).In my configuration I have two IP addresses in my LAN interface and I have HSRP configured within the secondary IP subnet range. It would be something like this:
interface GigabitEthernet0/1 ip address 172.x.x.x x.x.x.x secondary ip address 10.z.z.z z.z.z.z
[Code].....
Now, in the new 2900 routers, my interface configuration hasn't changed however I can see that the hello packets are now sent with the source within the respective HSRP IP subnet so I had to edit my acl for that:
Having 2 router with 2 sub interface configured with HSRP. The server sending the data have the route default gw xxx.xxx.xx.252 HSRP address. But on of the routers did got HW problem so we did shut it down, R2 with IP xxxx.xxxx.xxxx.251, problem so the traffic didn't go there correct when was using the HSRP address some packaged went there but not all of them no blocks in the logs. But then we did change the server direct to to the working router R1 xxxx.xxxx.253 everything did start working fine again. was working fine. Logs i got in the router was max tcp half-open connections.
I am wondering if something wrong in the configuration below and why the traffic didn't got there correct when using the HSRP address. Its working fine when using R1 IP address. The devices are 2 Cisco 2620 routers.
R!1 interface FastEthernet0/0.192 description Prod_Inside encapsulation dot1Q 192 ip address xxx.xxx.xxx.253 255.255.255.192 ip access-group Inside_Outside in ip verify unicast reverse-path no ip redirects [code]...
I have some question about HSRP in 3750 switch. I have two Cisco 3750 switch which configured HSRP. Let say, we have interface vlan 100 that join in HSRP group member 1. The configuration on both switch is like as follows :
1 x 4500 and 1 x 3560?They are gateways of 8 Vlans?They are doing HSRP in each of those Vlans?The 4500 is the Active?There is a DHCP Pool for each of those Vlans on both gateways using "ip dhcp excluded-address" I ensured that the range of provided ips by each DHCP server will not be overlapped Obs.: Reducing the lease time, I ended with the calls bringing related problems.
OK, every thing is blue, every thing is fine.But the network diagram is realy complex(41 switchs, 89 uplinks), and depending of how is the network flow, one or other server answer first or latter.
For many reasons I would like that the secondary DHCP server would answer only if the primary DHCP server goes down.To me, the bigger reason is that DHCP database would be only in one DHCP server.But there is other reasons.
I passed by many frustrated solutions:Try to force a delay on the answer on one of the servers. - Impossible.Try to disable DHCP server, and, using EEM, enable it only if router became active in HSRP. - I couldn't do It.
What I'm thinking now is use the HSRP resource to resolve it.On both routers I would put a "ip helper-address" pointing to an Virtual_HSRP_IP.And depending on which router is the active, him will answer the request.
My first doubt is:Would it work?The second doubt is:Could I use the same Virtual_HSRP_IP that exists on that Vlan(see example 1),or I would need to point it to a Virtual_HSRP_IP in a different Vlan(see example 2)?
Example 1 ----------------------------------- | 4500 | ----------------------------------- interface Vlan1 ip address 10.10.0.2 255.255.0.0 ip helper-address 10.10.0.1 standby 1 ip 10.10.0.1
I have a 6509 running s72033_rp-ADVIPSERVICESK9_WAN-M version 12.2(33)SXH5. Four incorrect bgp aggregate-address statements were entered in which overlap. Attempted to remove the statements but they won't come out.
I have seen other discussions regarding Static MAC address entries on IPv4, but what of IPv6?We have MS NLB solutions and they are working fine. We have Cisco 6509/6504, Version 12.2(33)SXI5
But then we have a new one for a new ActiveDirectory solution, and on those networks we have implemented IPv6.
How is Static MAC address entries and MS NLB solved in IPv6 (i.e arp ip.ip.ip.ip mac.mac.mac ARPA gi1/1). I can't seem to find much examples or documentation on this? Is it replaced with another function?The reason I ask is twofold.
1. I really want to know
2. The NLB cluster seem to drop IPv6 traffic at even intervals, witch seems to correspond with NLB transition.
I am receiving this error after connecting a copper adapter on a GBIC blade in a 6509. Here are the results from the show Interface. I am waiting to confirm the device on the other side settings but as far as I see I get UP and Up for protocol and line respectively.
GigabitEthernet2/11 is up, line protocol is up (connected) Hardware is C6k 1000Mb 802.3, address is 0009.11e4.f3ce (bia 0009.11e4.f3ce) Description: RCPBSDEV MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set
I had a strange issue with one of my customer..Cisco WS-C3750X-48P Access switch was not reachable and after reload it started working.I would like to know the root cause of the issue. There were no logs and no errors in interfaces.Even Cpu utilization was not high. We have enabled arp inspection and dhcp snooping in the switch..Hope this will not make any issue..Also we have dot1x enabled on port..
I currently have a couple of 6509 chassis (router/switches) with the following hardware blades:
x3 48 ports x1 NAM x2 Sup720 Running 12.2(18)SXF3
I am keeping the four Sup720 modules and have purchased new versions of the others blades including two new 6509-E chassis?Can I take my stand-by Sup720 out of the production machine and insert it into the new chassis?
I currently have a couple of 6509 chassis (router/switches) with the following hardware blades:
x3 48 ports x1 NAM x2 Sup720
Running 12.2(18)SXF3.I am keeping the four Sup720 modules and have purchased new versions of the others blades including two new 6509-E chassis. Can I take my stand-by Sup720 out of the production machine and insert it into the new chassis?
I have successfully completed HSRP and failover configuration.When both switch are runnign then the failover run successful and wheneber one link fail then the failover run successfully but when down one 6509(total box) the failover not working.....
I am facing an isssues with 7609 for LAN switching , based on LAN (VRRP/HSRP) feature.Actually we are having ES+ cards (on 7609) and we are using multiple groups(say 350 vrrp groups) running on the router . the routers are connected as router 1>>> mux(which is working as switches)>>> router2
my questing are
1. does their will be "multicast packets" (for VRRP/HSRP group) "from backup router to Master router", when in stable state( ie when Master and backup are already chosen) , or the packet from backup to master should be unicast.I know for sure, the packet from master to back is multicast packets denstination to Multicast IP packet and To MAC address.I am not sure but I think from backup to master it should be multicast
2. what is frequency of these packets( from backup to master)
3. As i have multiper group on a single interface ( we are using q-in-q), when the connectivity from router's is broken, then does all the groups will muticast their active roll in the lan sengment "at once" or it will be in a groups say 100 groups at once, and after few ms few 100's and sone ( as is on OSPF or RIP)
we are in between troubleshooting I hope we get the ans( Actul problem we are seeing in the router's that we have 2 ports on active routers and 2 ports on standby router , but we are not seeing muticast on 1 port on standby router where as all other 3 ports are seeing multicast packets) [code]
I configure HSRP on Router 2951 as a primary router, and Router 2811 as backup router. But when I am switching off my Primary router the backup router is taking 2 mins to take over form primary router.
We have two Cisco 3560E layer 3 switches at the core of our network. The switches are configured as an HSRP pair and the clients on our network point to the HSRP address as their default gateway. So if CORE-A dies, then CORE-B will pick up the address and the default route for the clients will continue to be available.We also need to specify a few static routes on the core switch to allow us to get to specific networks. Is there a way to do this so that the routes failover in the same way that the default gateway does?
We have a setup of FWSMs configured in single mode in 6509 chassis. Both 6509 are configured in VSS. Recently I have upgraded the firmwre from 4.0(3) to 4.1(3).....before upgradation config sync was not having any problem.
After upgradation...If any one of the FWSM reload..while coming up it gets stuck in config sync and no command we can run on any of the unit and get the error as.. Configuration update in progress by another process. Also on stannby fwsm no running-config displays.
If we used # failover suspend-config on primary and then reloads the standby fwsm...standby boots up with startup config and when # no failover suspend-config command runs on active fwsm..the sync started and completing succssfully within 15 sec..
Also failover works well..with #no failover active..
I'm looking to try and implement ipv6 HSRP on a series of IOS-XR Routers running 4.2.1 following on from successfully setting up IPv6 HSRP on a few cat6509s on VLAN Interfaces in other parts of the network. I have entered the "router hsrp" configuration menu and gone into the interface in question that I'm looking to setup with IPv6 HSRP. Unfortunately, there version 2 or address-family ipv6 commands are not available.
if the above design is acceptable how does the routers know which one is active and which one is standby ? if we need a direct connection between two routers they have to be on a seperate subnet and routers dont allow broadcasts - so how will hsrp work on routers ?
We have two numbers of Cisco 4900 ME Switches. Basically want LAN failover from these devices. There are about 400 users in our network. I have attached rough network topology for your reference(I am not good at Microsoft Visio). Need to know implementation of the HSRP in these switches. Two distribution switches(Cisco 4900 ME Switches) are connected to 4 Access switches and these are connected to the LAN.
i have 2 cisco 7604 distrubution routers .Both routers are running 310 hsrp groups.
Sundenly there is hsrp flapping which causes high CPU.
What is the limitation of HSRP group on cisco 7604 router .Below is the show ver from the router
----------------- show version ------------------ Cisco IOS Software, c7600rsp72043_rp Software (c7600rsp72043_rp-ADVIPSERVICES-M), Version 12.2(33)SRC2, RELEASE SOFTWARE (fc2)
