Is there a loop between 192.168.99.191 and .192 (this are two routers with hsrp .190) or is this normal behavior when using trace route on an asr 1001?
i have a strange issue with an HSRP Setup. I have two (S1+S2) 3560 as Core/Distribution Layer. Inter-vlan routing are enabled on both Switches. S1 and S2 are connected with an ether channel over four fibre ports. S3 -S5 are the (L2) access layer.
Gi0/1 on S1 and S2 are L3 ports, connect to a Linux Firewall.
HSRP is enabled, S1 is the active router and the STP root bridge.
But, my monitoring via cacti show me, that the Gi0/1 on S2 is active, too! But it should not be active? Only if S1 fails, should S2 the active switch.A client from the access ports on S3 - 5 gets traffic from the Internet via Gi0/1 from S2. Gi0/1 on S1 is active too, but will send mostly traffic to the Internet. Why is S2 active and why route it traffic from the Internet to the client?
I've enabled antispoof on all interfaces on asa 5510.If you start a traceroute to a network on the default route, everything works, since replies comes to an interface with route 0.0.0.0/0 defined.If you start a tracer route to a network that is NOT on the default route (let's assume coporate MPLS), you only get response from first carrier router, the other are discarded because of anti spoof violation.
I have ICMP inspection and icmp-error inspection enabled.
I want to know the return path between my IP and a server. I know that trace route gets some information about the hops from my IP to a server (for example www.google.com) but this info is about the forward path. But I want to know what is the path from the server to my PC, what is the reverse path (return path)? What are the middle hops? In other word, I want to know where is the forward and reverse path when I ping a server? I can find the forward path using trace route, but what about the return path?
I am trying to track down a device that's blocking a certain port I know there are programs out there than will do a trace-route that's on TCP but is there any programs that allow you to specify a port?
We have problem con EIGRP and two ASR 1001 in High Availability. ASR2 have received all route (100 route) from PE, but in ASR1 doesnt received all route (75 route) from PE or from other ASR02. All PE have all route. The ASR1 when modify or lost some route dont update to the ASA. see diagram.
Have win7 system, cisco WIRED 1720 router, ~1.5mb frame relay via C&WPanama, nortons antivirus installed. IP config dump is at the bottom, but in this event, I don't think my problem is local.An important work-related chat quit working today, and I have narrowed down the issue to not being able to connect to the provider website from my current location. (I can connect via US proxy, but cannot run the java applet via the proxy, it seems it is still trying to go from here to there).
The site I am trying to reach is host7.parachat.com, IP 64.13.158.24
I can load this page (just a landing page comment) as well as their main pages via us proxy, but time out trying to load directly. Fiddler returns a 502 error, socket connection failed.
have tested on 3 machines (all on same router), then on a laptop which hadn't been booted or updated in over a year (also on same router). Trying to find a free wireless network to test with the laptop, but that hasn't been found yet.
We have a ASA 5505 and a 5510, that we are using site to site.I need to traceroute from the 5505-5510.. From the outside interfaces.. Don't want to do this through the site-to-site.I have temporarily added a few acl on the outside interfaces.when i traceroute it only goes one hop.. Maybe thats the way it suppose to be? I need to know all the hops between the outside interfaces on the 5505 to the outside interface on the 5510.
I changed from a Linksys E4200 to a 5505 and when I use trace route, it doesn't return a DNS name for each hop. I can see the hops shown as asterisks. Do I have to add something to inspect for this to work?
I have problem with icmp traceroute configuration. When I enabling icmp error inspection in global policy, my traceroute results through ASA 8.2.4 looks like this: My traceroute [v0.75]
icmp inspection and ttl decrement on ASA is enabled. Also I configured ACL on outside interface to permit ICMP completely.
I have an E4200 and have added it to my network with a new static IP and DHCP and firewalls off.It runs off my cable modem and router (Virgin Media Superhub) that has DHCP.When I tell it to do a firmware update, traceroute or ping it fails, just wont do any of them.
i want to apply a QOS for my trafic LAN, in my ASR 1001 , the LAN is connected with ge0/0/0 interface and it configured with the service instance to bridge vlan 1 ( i do that for OTV ) i put service policy in "service instance 1" to marking data with ef31 but i noticed that the class "plateform_datacenter" match the trafic and the ACL associate to this class not mach any trafic trafic !
tha policy-map march trafic for Datacenter : sh policy-map interface gigabitEthernet 0/0/0 service instance 1 GigabitEthernet0/0/0: EFP 1 Service-policy input: MARKING-OTV Class-map: Platforme_DC (match-any)
I am migration an IPsec site to site VPN config to a new ASR1001 router «facing» a Linux box (ipsec-tools + racoon). As the Debian Linux does not offer VTI, I am using a crypto map.
The working config is given below with the corresponding logs on the Linux side.
When I try to apply this previously working config to the ASR1001, I get the following error :
deploy OTV using ASR 1001 between 2 data-centers? We want to acquire HSRP localization there, but at this moment I can only see lots docs are saying how to do this on N7K, not ASR. I saw it has a FHRP filtering enabled by default when the OTV configuration is done, and also see there is a access-list created by default call otv_filter_fhrp, Im just wondering besides this IP ACL there should be MAC ACL applied?
I have a few new ASR 1001s throwing false environmental alerts.According to the logs, the inlet temp is in excess of 100 degrees C.When I telnet to the routers, they're well within tolerance (30-32C),Running 15.1(1)S and bug toolkit shows no related issues or caveats.
I was wondering if I am able to add a redundant power supply to an asr 1001 router that is in production without losing connectivity or causing any diruption to the Users - is it hotswappable?
I'm configuring CoPP for an ASR 1001 router with consolidated IOS XE Version: 03.07.01.S. And I'm trying to use 'DROP' command under policy map to drop.un wanted traffic. But the drop command is not listed.
I am using two 7609 router in setup, HSRP enable on both router, and both have WAN connectivity to different PE end router we want to enable hsrp feature ip route traking, in case primary link goes down (Because of any reason link bgp failure, PE device issue).
I've got two Nexus 7010's running HSRP north bound to a pair of ASA's, and BGP south bound to four 6509's. Is it possible to advertise default route to BGP neighbor (or prefer it via MED), only if the node is HSRP-active?
Essentially the goal is to create symmetry for inbound/outbound traffic. Only way I can think of so far is via an EEM script, so that when it sees HSRP go active via syslog, it would kick off an action to remove ASN prepend, or reduce MED, and the opposite if HSRP goes standby.
I am facing an isssues with 7609 for LAN switching , based on LAN (VRRP/HSRP) feature.Actually we are having ES+ cards (on 7609) and we are using multiple groups(say 350 vrrp groups) running on the router . the routers are connected as router 1>>> mux(which is working as switches)>>> router2
my questing are
1. does their will be "multicast packets" (for VRRP/HSRP group) "from backup router to Master router", when in stable state( ie when Master and backup are already chosen) , or the packet from backup to master should be unicast.I know for sure, the packet from master to back is multicast packets denstination to Multicast IP packet and To MAC address.I am not sure but I think from backup to master it should be multicast
2. what is frequency of these packets( from backup to master)
3. As i have multiper group on a single interface ( we are using q-in-q), when the connectivity from router's is broken, then does all the groups will muticast their active roll in the lan sengment "at once" or it will be in a groups say 100 groups at once, and after few ms few 100's and sone ( as is on OSPF or RIP)
we are in between troubleshooting I hope we get the ans( Actul problem we are seeing in the router's that we have 2 ports on active routers and 2 ports on standby router , but we are not seeing muticast on 1 port on standby router where as all other 3 ports are seeing multicast packets) [code]
I configure HSRP on Router 2951 as a primary router, and Router 2811 as backup router. But when I am switching off my Primary router the backup router is taking 2 mins to take over form primary router.
We have two Cisco 3560E layer 3 switches at the core of our network. The switches are configured as an HSRP pair and the clients on our network point to the HSRP address as their default gateway. So if CORE-A dies, then CORE-B will pick up the address and the default route for the clients will continue to be available.We also need to specify a few static routes on the core switch to allow us to get to specific networks. Is there a way to do this so that the routes failover in the same way that the default gateway does?
I'm looking to try and implement ipv6 HSRP on a series of IOS-XR Routers running 4.2.1 following on from successfully setting up IPv6 HSRP on a few cat6509s on VLAN Interfaces in other parts of the network. I have entered the "router hsrp" configuration menu and gone into the interface in question that I'm looking to setup with IPv6 HSRP. Unfortunately, there version 2 or address-family ipv6 commands are not available.
if the above design is acceptable how does the routers know which one is active and which one is standby ? if we need a direct connection between two routers they have to be on a seperate subnet and routers dont allow broadcasts - so how will hsrp work on routers ?
We have two numbers of Cisco 4900 ME Switches. Basically want LAN failover from these devices. There are about 400 users in our network. I have attached rough network topology for your reference(I am not good at Microsoft Visio). Need to know implementation of the HSRP in these switches. Two distribution switches(Cisco 4900 ME Switches) are connected to 4 Access switches and these are connected to the LAN.
i have 2 cisco 7604 distrubution routers .Both routers are running 310 hsrp groups.
Sundenly there is hsrp flapping which causes high CPU.
What is the limitation of HSRP group on cisco 7604 router .Below is the show ver from the router
----------------- show version ------------------ Cisco IOS Software, c7600rsp72043_rp Software (c7600rsp72043_rp-ADVIPSERVICES-M), Version 12.2(33)SRC2, RELEASE SOFTWARE (fc2)
I currently use L3 switches as edge routers to my WAN. I want to use a pair of 3560x switches with IPbase to provide a failover path to my WAN using HSRP at one location but had some problems testing the configuration. My plan is use a virtual address on the LAN interface (VLANx which port gi0/1 accesses) and the WAN interface (VLANy which port gi0/24 accesses). I want switch 1 to be primary since it will have an IPS attached to it, and switch 2 will be backup and used only when switch 1 or the IPS requires maintenance. On both the LAN and WAN sides there is no advanced routing going on, the various hosts just depend on the availability of their respective default gateways, so HSRP should be sufficient to provide a failover in either direction.
In my testing I got 1 or the other link to fail over but not the entire switch. What should my config look like to achieve failover of the entire switch in the event 1 or the other interface goes down, and fail back when the primary links are again available?
n our datacenter we've implemented HSRP on 2 6500's for redundancy purposes. Both switches are connected via a trunk. When an interface is administratively brought up, HSRP becomes instable. Below some selective logging:
12:58:01.759 CET: %HSRP-5-STATECHANGE: Vlan32 Grp 32 state Standby -> Active12:58:01.919 CET: %HSRP-5-STATECHANGE: Vlan21 Grp 21 state Standby -> Active12:58:02.031 CET: %HSRP-5-STATECHANGE: Vlan42 Grp 42 state Standby -> Active12:58:02.031 CET: %HSRP-5-STATECHANGE: Vlan18 Grp 18 state Standby -> Active12:58:02.223 CET: %HSRP-5-STATECHANGE: Vlan4 Grp 4 state Standby -> Active
Basically what happens, is that both switches becomes active and thus are forwarding traffic. After a few seconds all is back to normal. It seems they are missing each others "hello messages", so the state change is in this case normal outcome. What I can't figure out', is the root cause. Since it is triggered by bringing up an random interface configured as a dot1q trunk, I'm thinking of STP limits. But the limitations I found are 10.000 active STP logical ports and 1800 virtual ports per slot. In my case this is 2591 logical ports and all the virtual ports per slot are below 1800. This suggest the switch is capable of running this set-up without a problem.
Some extra information:-Sup 720 10GE-Version 12.2(33)SXH2a-No Vss used-No drops on trunked interfaces between the 2 core switches-83 standby groups (max256) -R-PVST
I just started a evaluation license for IP Base on my 3850 switches. But i can't configure HSRP cause the commands are not there (I rebooted allready). Do you need enterprise for HSRP on the 3850?
