HSRP Vlan Failover
Hi
I have a question that i would like help with please
Core1------------------Link1----------------------Core2
| |
| |
Access Sw---------------Link2---------------Access Sw
If we look at the above setup, Say we have many vlans running on the access switches
The question is if HSRP is running per vlan, if say for vlan 100 is not allowed on link 1 but is allowed on link 2 and that link 2 drops, does HSRP lose visibility of its neighbor on vlan 100 as link2 is the only link allowing vlan100.
The reason im trying to ask this is I have a client who is having issues with hsrp flapping on certain vlans and they have this setup. I was thinking of allowing the vlans on link 1 as its directly cconnected between the 2 cores and is a 10gig link. Currently Link 1 is not allowing all vlans.
Hope this is clear, Thanks
Yes if vlan 100 is allowed on link 2 and not on link 1 and if link 2 goes down then the core switches will lose visibility to each other for vlan 100 and HSRP would be impacted.
HTH
Rick
Similar Messages
-
Hi All,
I need a create a setup with complete HA availability from Core Switch , Firewall and Router.
I had 2-Cisco 3560 Switch , 2 - Cisco ASA 5520 Fw and 2 - Cisco 2921 router.
Let me explain how the devices are connected. Created HSRP between the Users VLAN in the Core Switch for the Gateway HA.
Also made a Priority set on one of the L3 Switch and make that a Root Bridge.
Configured 2 Firewall with Active/Standy mode and also 2 Routers LAN Interface with HSRP mode for HA.
All the Firewall Outside and Router LAN Interfaces are connected in a L2 VLAN. Also created a Separate L2 VLAN for the Failover link and connected.
Please refer the attached diagram for more clarity.
Now the activity is to create a Site to tunnel in the Firewall to connect other locations.
Problem : Sometimes the Secondary Firewall become as Active Firewall and we are unable to ping anything outside.. but the same ip's are reachable from Standby Firewall. I am suscepting that all the ports are in Secondary switches are in blocked port .. it may be the cause.
I made the Secondary Firewall connectivity to the Primary Switch and start to do the configuration change, but some what in between the default gateway is not getting reachable and tunnel is going down.
*** Some ip's i am able to reach from the Switch-A but the same is not reach from Switch - B and also from the Firewalls. No idea why it is pinginig.
*** Is it a proper setup to connect the devices or we need to do any changes.
Kindly suggest me the right setup and Configuration .... which will provide a HA in all layers.Hi Ganesan,
I am proposing a design like this. You can have the STP in pvst mode and have a different priority set for the core switch to make it core a as root bridge. There is nothing wrong with your design you have made you core switch which will be physically down to your firewall... but in real it comes on the top of your firewall as well... But spanning tree conf should be done properly to achieve this... I have proposed my design which is pretty simple but easy for troubleshoot....
You can have your firewalls connected to core switch on the down and can directly connected to router on outside... always core a -->py fw--rtra will be the primary path... if anything goes wrong then secondary line will come in to picture....
make sure that your hsrp will have high priority to ur core a vlan conf for the access switches.....
Please do rate for the helpful posts.
By
Karthik -
Hi,
I am trying to setup a 4948 switch so that half the ports belong to one subnet and the other half belong to another. In one subnet I will connect routers and servers and in the other subnet I will connect workstations (via other switches)
I also have a second 4948 which I want to configure exactly the same and then setup HSRP for failover.
I know I can setup Vlans and split the ports as planned and assign each vlan with an IP address for its subnet. What Im not sure about is routing between the two Vlans and how HSRP will fit in.
Any help would be greatly appreciated.
Thanks
LeighHi Leigh,
This should be a simple configuration. As far as routing between the VLANs, as long as you have "ip routing" globally configured, it will automatically route between the VLANs.
Your config would look something like this
switch 1:
interface Vlan101
description Workstations
ip address 10.1.1.2 255.255.255.0
standby 101 ip 10.1.1.1
interface Vlan102
description Routers and Servers
ip address 1.1.1.2 255.255.255.0
standby 102 ip 10.1.2.1
switch 2:
interface Vlan101
description Workstations
ip address 10.1.1.3 255.255.255.0
standby 101 ip 10.1.1.1
interface Vlan102
description Routers and Servers
ip address 1.1.1.3 255.255.255.0
standby 102 ip 10.1.2.1
10.1.1.1 and 10.1.2.1 would be your HSRP virtual address that you would use as the default gateway for these VLANs.
For more on HSRP in a switched network see the following doc:
http://www.cisco.com/warp/public/473/62.shtml
HTH,
Bobby
*Please rate helpful posts. -
Dear Team,
As per the requirement i've created 10 VLANs. and also configued HSRP for failover. Out of 10 Vlans we have configured DHCP for 2 VLANs in the active switch.
My concerns:
1. Do we have to configure DHCP in standby switch too?
2. If yes, is there any Active and Standby concept for DHCP?
Switch Model:
WS-C4506-E
Regards,
Vamsi Harish.T.
[email protected]Hi,
The Host sends a DHCP broadcast request message to the Active Switch whenever it needs to assign and get an ip address based on the DHCP release confguration on the DHCP server or when the Hosts Got shut down. So yes there is a Concept here, the Concept is that the Active Switch will always get the DHCP request from the HOST. However, if the Active Switch fails, The HOSTS will be sending the DHCP broadcast request messages to the Standby Switch which becomes the Active one now, and if there is no DHCP service configured on the Standby Switch, then Hosts will fail to assign/Got an IP addresses. This Means both Active & Standby Switches should be configured with DHCP.
HTH
Mohamed -
NLB on 2 different switch running HSRP
Hi,
we have implemented NLB on the SGI Server running IRIX OS, it works fine. the connectivity is 2 NIC connected on 3750-1(ruuning HSRP),now if i connect 1 of NIC in to the other switch 3750-2(running HSRP) will the NLB workz & will i get the 2Gbps throughput, according to me, i don't think so.Think, it should work, check out the following explanation to avoid single point of failure :
Create a subnet that spans two switches and home half of the NLB cluster to each switch. The objective is typically to create a LAN with no single points of failure. To this end you will also need two router uplinks and have one switch uplink to one router. You also need to run a redundant routing protocol such as HSRP for failover of the router links. Finally you will need two cross-over links between the switches (otherwise the cross-over cable is a single point of failure). Each switch has two paths off the network: one via the router it is linked to (which is used by default) and one through the other switch. In this configuration, the loss of a router (or link to a router) causes the affected switch to use the cross link to ship its traffic off the LAN. The loss of a switch cuts the cluster capacity in half. -
Hi
Please see attachment for my setup. So I have 2 sites which are approx half a mile apart. The ISP has provided 2 circuits, one at each site and these are meant to be acting as a Active/Standby circuit for which they will use HSRP. They have asked us to provide a layer 2 link on which they will run their HSRP Vlan.
We currently have spare fiber running between the 2 sites so no issues there. We are trying to work out how to provide this L2 link. It was suggested by someone to put a switch at each site and use one of the spare fibers to connect into these switches to provide the L2 link, the or router and ISP router can connect into these switches.
The issue is the customer does not want to provide the 2 switches so I was thinking if there is any alternative. The uplinks from my core switches at each site are routed links. Is there any was on running a L2 vlan down those links and across the core switches?
ThanksI hope others will answer this question as well but it comes back to allowing internet traffic via your core without going through the firewall as previously discussed.
If you want to do that then yes simply run cables via your core but it is, as I said before, a really bad idea.
As soon as you use your core switches for that vlan you are exposing your internal network to the internet.
So the answer is yes it can be done but it is not a secure or safe way to do it.
As I said before all these issues could be solved by simply asking the ISP for a new address block for site 2. Your internal servers wouldn't be accessible if site 1 goes down but you said that is not important.
If they insist on running HSRP and you cannot purchase the switches then the only other way is to use the core switches but I wouldn't do it.
Jon -
Anyone can help to understand Track ip route 0.0.0.0 0.0.0.0 reachability
Hi All
Please see the diagram in attachment. R7 e1/0 ip address is 7.1.1.7. R3 and R4 are configured with HSRP. R3, R4, R2, and R7 are configured with EIGRP.
HSRP are configured in R3 and R4 as following. Do you think the track configuration is correct ? Thank you
R3(config-if)#do sh run int vlan 4
interface Vlan4
ip address 4.1.1.3 255.255.255.0
standby 2 ip 4.1.1.1
standby 2 preempt
standby 2 track 1
R3(config-if)#do sh run | s track
track 1 ip route 7.1.1.7 255.255.255.255 reachability
R4(config-if)#do sh run int vlan 4
interface Vlan4
ip address 4.1.1.4 255.255.255.0
standby 2 ip 4.1.1.1
standby 2 priority 105
standby 2 preempt
standby 2 track 1
R4(config-if)#do sh run | s track
track 1 ip route 7.1.1.7 255.255.255.255 reachabilityAs far as tracking goes, it will be "Up" as long as there is a route to 7.1.1.7/32 in the routing table of the routers configured with track 1. It must be a /32 route due to the "255.255.255.255" in the track 1 statement. With that being said, track 1 will be "Down" since e1/0 on r7 is most likely not configured with a /32 mask. I say most likely because it is conneced to R2 and ethernet interfaces cannot be configured with a /32 mask. Attempting to would result in "Bad mask /32 for address 7.1.1.7". To bring track 1 up, the mask needs to match the route for 7.1.1.7 exactly as seen in the routing tables of R3 and R4.
With the current topology any issue causing eigrp on R2 to not advertise 7.1.1.7/32 will take track 1 down on both R3 and R4. The HSRP priority on both routers will decrement 10 which means that R3 will never take priority. No failover will occur as a permanent state in a converged network.
Another point to make in this scenario is that tracking 7.1.1.7/32 could cause instability in the network. If connectivity between R2 and R7 fails, HSRP will failover. This topology change causes updates and and traffic disruptions in an unrelated part of the network. Traffic destined to R2 or possibly another router off R2 is now affected even though only connectivity to R7 is of concern. Also, R2's hold timer for R7 could cause long delays for eigrp updates to make it down to R3 and R4.
Optimally, R3 and R4 should track the status of an object specifically related to their own connectivity to R2 such as interface line-protocol or IP. This will give the network stability, increase routing accuracy, cause faster failover, and better avaibility, etc, etc, etc.
Check out Configuring Enhanced Object Tracking @ http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp/configuration/15-mt/iap-15-mt-book/iap-eot.html
Ian -
I have a single CSS11506 whose job is to load balance 4 web servers. I have two 1Gbps uplinks to the network - each goes to an L3 only 6506. I need enable the second link for failover purposes. How can I fail over to the second link with the following considerations in mind
1. Users still need to get to the same vip address(http) 2. No routing protocols enabled on the CSS 3. The rest of the network needs to understand how to redirect to the secondary link 4. The primary link comes back up after the link is restored 5. How to get around the rule that two uplinks cannot be in the same vlan"5. How to get around the rule that two uplinks cannot be in the same vlan"
I don't believe there is such a rule. You can have both uplinks configured with the same VLAN. This is normally used to bridge traffic "through" the CSS though. I've never tried dual-homing a CSS as I have dual CSS's in all of my production implementations.
I'd try configuring both uplinks for the same VLAN, and configuring an HSRP VLAN on your 6509's. The HSRP hello traffic would pass through the CSS to get to the opposite switch. i.e. treat the CSS like a regular access layer ethernet switch.
With VLAN autostate and/or interface tracking on the 6509, a failure of an uplink would cause the backup HSRP partner to go primary and the traffic would begin taking the other link. -
ISDN backup for ADSL connected sites using separate router
In our set-up we have a central site with a large number of remote sites connected.
We have moved a number of remote sites from ISDN connections to ADSL connections. However, we would like to keep the ISDN and use it for backup.
The problem I have is - how do I implement ISDN backup with our current set-up? From the documentation, I can see how to do this for more "straightforward" set-ups but not for the set-up we have! Let me explain:
At the central site, we have a Cisco 7206 router. The ISDN connected sites connect directly to this router (which is configured with a large number of dialer map statements for each site)
The 7206 connects to a PIX515E firewall. The ADSL connected sites connect over the public internet using IPSEC with the tunnels terminating on the PIX.
The 7206 router contains static routes for the ADSL connected sites, pointing to the firewall.
At the remote sites, we have a Cisco 837 router for the ADSL connection.
This is connected (via ethernet) to the router we want to use for ISDN backup - a Cisco 800. The 837 and 800 are configured with HSRP.
However, at the moment, if the 837 or the ADSL link was to go down, there would be no means to connect to the central site. How can we configure this to use the 2nd router for ISDN backup, given our set-up?
Any suggestions would be greatly appreciated!
(incidentally, I have only recently joined this company and have taken this over, without any information to go on as to why things are set up as they are !)Hello again,
I think you can pretty much ignore my last message. I've done a bit more digging and I think I have a better idea of what you mean now!
Lets see if I've got this about right. To recap:
I need to set up a GRE tunnel between the remote site and 7206 router at head office, which in turn would be using IPSEC tunnel between remote router and PIX.
So, steps required:
1) set up IPSec tunnel to to PIX (this is the way it is already currenly configured - am I right in thinking no further configuration would be required as far as the PIX is concerned, for the new set-up?)
2) set up GRE tunnel between remote ADSL router and 7206 - requires tunnel interface on both router with start point and end point configured. Use GRE keepalive to enable the line protocol to be brought down if the far end cannot be reached.
3) Add static routes on ADSL router to reach head office network via tunnel interface
4) Add static route on 7206 router to reach remote network via tunnel interface
5) Configure ISDN map statement on 7206 mapping remote network to ISDN number
6) Configure "floating" static routes on 7206 to use ISDN to reach remote network
7) Configure HSRP on ADSL and ISDN routers with tracking of tunnel interface. If tunnel interface goes down, then ISDN router takes over as active.
8) Configure static routes on ISDN router to point to head office network using BRI0 interface.
So, under normal operation, traffic between head office and remote office will be routed across the GRE tunnel using the ADSL link.
If the ADSL link was to go down then the GRE tunnel would also go down. So, the 7206 would then use the floating static routes to reach the remote network via the ISDN connection.
The ISDN router would take over as active at the remote site since the tunnel interface would have gone down, forcing the HSRP to failover.
Does that all sound about right? Is there anything I've missed?
I'll start trying to put some configurations together when I get the chance - but, if its ok, I'll probably run these past you too, just to make sure they seem correct!
Thanks,
Neil -
hi folks
if we install two CSM's in the same 6500, can we load balance serverfarmA using CSM1 & serverfarmB using CSM2.
would the csm's be in csm mode or rp mode? would we need to configure them identically or use hsrp for failover?
any ideas appreciated since i have 0 experience with content stuff.
thanks,
anuragthere is no more rp mode. Everything must be csm mode nowadays.
If you put 2 CSM in the same chassis, they can workd independently and therefore be both acitve, or you can have the same config on both and work in active/standby.
With version 4.2.x and the corresponding ios version, there is a command to sync the config between active and standby so you don't have to configure everything twice. The command is 'hw-module ContentSwitching X standby config-sync'.
Regarding the serverfarm the question is not really important. You first have to decide if you want to be active/standby or active/active.
Be aware that if you go for active/active you have no backup [you can't be active and standby at the same time] and you will have to split your traffic between the 2 CSM by configuring different vservers on each.
Gilles. -
3550 - 3750 problem. Fiber type or configuration?
I'm having trouble with a link that was working with a 3600 as an end device, but won't work when replaced with a stack of 3750 switches. A couple of co-workers in our group has looked at it, but can't find anything obvious.
The path is from a 6500 on multimode trunked fiber to a converter to single mode fiber, (then under the street) to a 3550 Long Haul Gbic. Then we took copper from the 3550 to a 3660 10/half(?). To this point it used to work. We pulled the 3600 and put in a 3750 stack, and configured the copper port on the 3550 to 100/full, and the same on the 3750. The problem is that we can go to the middle device and then ping and telnet both ways from there. But we cannot go from the 6513 through the 3550 to the 3750. I turned debug icmp on the 3550, and it's not seeing anything from the 3750 when I try to go to the gateway.
Both swiches have the default gateway pointing back to the HSRP Vlan VIP of the 6513. CDP is seeing its neighbors. All interfaces seem to be up/up. Here are the snippets of configs for all ports. Maybe someone can see something I'm missing? The only thing I can think could be a mismatch somewhere between the switches, or the multimode to single mode fiber is not translating.
6513:
interface GigabitEthernet1/23
description To Building E
no ip address
udld port aggressive
switchport
switchport trunk encapsulation dot1q
3550 from 6500
interface GigabitEthernet0/1
switchport mode dynamic desirable
3550 out to 3750:
interface FastEthernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
speed 100
duplex full
3750 stack:
interface FastEthernet5/0/1
switchport trunk encapsulation dot1q
switchport mode trunk
duplex full
speed 100
Any direction would be most appreciated.
Thanks,
JimI can't say the configuration is eithre good or not as it does not really show a lot. As far as L2 configuration they seem okay as all the ports are configured for trunking, however, the trunk port between 3550 and 3750 looks like the are "forced" to turnk with the mode trunk. are the vlans in forwarding mode in both sides (show int trunk). What happens when the port between 3550 and 3750 are in desirable mode, does it build the trunk? More important questions is what ip address are you pinging on the 3750? What vlan should it belong to?
Maybe you can post the following:
1. ping from 6513 to the 3550.
2. ping from 6513 to the 3750.
I want to keep it short so might have some question after seeing the above outputs. -
Track ip route metric threshold
Hi guys
Is there someone who can explain the follow output:
c3750#sh track
Track 1
IP route 8.8.4.4 255.255.255.255 metric threshold
Metric threshold is Up (EIGRP/28416/11)
147 changes, last change 00:00:04
Metric threshold down 210 up 190
First-hop interface is Vlan1
Track 2
IP route 8.8.8.8 255.255.255.255 metric threshold
Metric threshold is Up (OSPF/20/20)
40 changes, last change 01:13:36
Metric threshold down 255 up 254
First-hop interface is Vlan1
I've not found documentation about line :
(EIGRP/28416/11) and (OSPF/20/20)
I've not understood which is the metric that track match with his configuration:
Thanks many much in advance
Daniele
Some configuration detail:
track 1 ip route 8.8.4.4 255.255.255.255 metric threshold
threshold metric up 190 down 210
track 2 ip route 8.8.8.8 255.255.255.255 metric threshold
c3750#sh ip route
O E2 8.8.8.8 [110/20] via 192.168.0.100, 00:00:04, Vlan1
D EX 8.8.4.4 [170/28416] via 192.168.0.1, 00:00:31, Vlan1As far as tracking goes, it will be "Up" as long as there is a route to 7.1.1.7/32 in the routing table of the routers configured with track 1. It must be a /32 route due to the "255.255.255.255" in the track 1 statement. With that being said, track 1 will be "Down" since e1/0 on r7 is most likely not configured with a /32 mask. I say most likely because it is conneced to R2 and ethernet interfaces cannot be configured with a /32 mask. Attempting to would result in "Bad mask /32 for address 7.1.1.7". To bring track 1 up, the mask needs to match the route for 7.1.1.7 exactly as seen in the routing tables of R3 and R4.
With the current topology any issue causing eigrp on R2 to not advertise 7.1.1.7/32 will take track 1 down on both R3 and R4. The HSRP priority on both routers will decrement 10 which means that R3 will never take priority. No failover will occur as a permanent state in a converged network.
Another point to make in this scenario is that tracking 7.1.1.7/32 could cause instability in the network. If connectivity between R2 and R7 fails, HSRP will failover. This topology change causes updates and and traffic disruptions in an unrelated part of the network. Traffic destined to R2 or possibly another router off R2 is now affected even though only connectivity to R7 is of concern. Also, R2's hold timer for R7 could cause long delays for eigrp updates to make it down to R3 and R4.
Optimally, R3 and R4 should track the status of an object specifically related to their own connectivity to R2 such as interface line-protocol or IP. This will give the network stability, increase routing accuracy, cause faster failover, and better avaibility, etc, etc, etc.
Check out Configuring Enhanced Object Tracking @ http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp/configuration/15-mt/iap-15-mt-book/iap-eot.html
Ian -
Sending Ciscowrks device credential Verification Job alters the device ARP table.
Hi:
I send a Device credential verification Job to two different devices , a Cisco 3750 and a blade switch WS-CBS3120. I configured SNMP write access to the switches. The SNMP write access in either SNMP v1 or SNMP V3 , tried both.
The job is send from the Ciscoworks server.
Once the job has completed, I do a show ip arp on the device and find a new entry with the IP address of the Ciscoworks Server and the mac-address of the L2 next hop.
We would not have noticed this behavior had it not been that in the case that the switch next hop is an HSRP vlan on a nexus , the ARP entry entered into the switch is incorrect, and from then on the switch loses connection to Ciscoworks.
The Mac-address that is entered by Ciscoworks , in the case of nexus is a statice mac defined on the Nexus for the Vlan in question , but it is NOT the HSRP default gateway MAC address. Therefore we lose connection between the switch and Ciscoworks. One has to manually clear the ARP table inorder to again reach the Ciscoworks.
Questions:
1. Why does Ciscoworks insist on changing the ARP table?
2. Is this ARP entry aged out or is it permeant as would an ARP entry which is entered through CLI be permeant ?
3. In the case of the Nexus connection, this ARP entry does not allow Ciscoworks and the device to communicate. This is not productive!
Has any one come across this situation ? Any known fixes, workarround? I was not able to find a word about this on Cisco's site.
Our Ciscoworks is at the following levels:
CW Common services 3.3.0
LMS portal 1.2.0
CW Assistent 1.2.0
RME 4.3.1
Device fault manager 3.2.0
IPM 4.2.1
Cisco View 6.1.9
campus Manager 5.2.1
thanks for any help
MickeyCiscoWorks does not change the ARP table, at least not overtly. A credential verification job will do the following things depending on what protocols are selected to test:
SNMP RO : Fetches sysLocation.0
SNMP RW : Sets sysLocation.0 to the value currently stored in sysLocation.0
Telnet : Logs in using DCR username and password
SSH : Logs in using DCR username and password
Enable : Enters enable mode and verifies privilege level 15
If one of these things are causing the ARP table to change, then there is something fishy in the device or network configuration. I've never heard of such behavior relating to CiscoWorks before. -
Hi Commnity,
We have two cisco 6500 swtiches. Switch A is a active state of HSRP and Switch B in stanby state, After 2 days we are going have go-live test for Switches failove redudancy.
Please see the sample HSRP confiuration for both switches
SWTICH A
interface Vlan 100
description << RECEPTION>>
ip address 10.1.2.254 255.255.255.0
ip route-cache flow
standby delay minimum 20 reload 25
standby 3 ip 10.1.2.1
standby 3 priority 110
standby 3 preempt delay minimum 380
SWITCH B
interface Vlan3
description << RECEPTION>>
ip address 10.1.2.253 255.255.255.0
ip route-cache flow
standby delay minimum 20 reload 25
standby 3 ip 10.1.2.1
standby 3 priority 95
standby 3 preempt delay minimum 380
SWITCH A# sh stanby brief
Interface Grp Prio P State Active addr Standby addr Group addr
Vl3 3 110 P Active local 10.1.2.253 10.1.2.1
SWITCH B #
Interface Grp Prio P State Active addr Standby addr Group addr
Vl3 3 95 P Standby local local 10.1.2.1
If there is any misconfiguration, your sugesstion will be highly appreciated.Hi jon,
1. config of vlan 19
interface Vlan19
ip address 10.1.19.254 255.255.255.0
ip route-cache flow
standby 19 ip 10.1.19.1
standby 19 timers 5 15
standby 19 priority 110
standby 19 preempt
2. output of sh int trunk
Core A
Port Mode Encapsulation Status Native Vlan
Gi2/23 desirable n-isl trunking 1
Port Vlans Allowed
Gi2/23 1-29,40,100-103
Port Vlans in spanning tree forwarding state and not pruned
Gi2/23 1-29,40,100-103
Core B
Port Mode Encapsulation Status Native Vlan
Gi2/23 desirable n-isl trunking 1
Port Vlans Allowed
Gi2/23 1-29,40,100-103
Port Vlans in spanning tree forwarding state and not pruned
Gi2/23 1-29,40,100-103
3. ouput of ipconfig /all
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) 82567LM-3 Gigabit Network Connec
tion
Physical Address. . . . . . . . . : 00-23-7D-49-A5-BE
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.1.19.10(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.1.19.1
DNS Servers . . . . . . . . . . . : 10.1.2.2
10.1.2.4
NetBIOS over Tcpip. . . . . . . . : Enabled
4. sh int trunk
Port Mode Encapsulation Status Native vlan
Gi1/1 desirable n-802.1q trunking 1
Gi1/2 desirable n-isl trunking 1
Gi1/3 desirable n-isl trunking 1
Gi1/4 desirable n-isl trunking 1
Gi1/5 desirable n-isl trunking 1
Gi1/6 desirable n-isl trunking 1
Gi1/7 desirable n-isl trunking 1
Gi1/8 desirable n-isl trunking 1
Gi1/9 desirable n-isl trunking 1
Gi1/10 desirable n-isl trunking 1
Gi1/11 desirable n-802.1q trunking 1
Gi1/12 desirable n-isl trunking 1
Gi1/13 desirable n-isl trunking 1
Gi1/14 desirable n-isl trunking 1
Gi1/15 desirable n-isl trunking 1
Gi1/16 desirable n-isl trunking 1
Gi1/17 desirable n-isl trunking 1
Gi1/18 desirable n-isl trunking 1
Gi1/19 desirable n-isl trunking 1
Gi1/20 desirable n-isl trunking 1
Gi1/21 desirable n-isl trunking 1
Gi1/22 desirable n-isl trunking 1
Gi1/23 desirable n-isl trunking 1
Gi1/24 desirable n-isl trunking 1
Gi2/1 desirable n-isl trunking 1
Gi2/2 desirable n-isl trunking 1
Gi2/3 desirable n-802.1q trunking 1
Gi2/4 desirable n-isl trunking 1
Gi2/5 desirable n-802.1q trunking 1
Gi2/6 desirable n-802.1q trunking 1
Gi2/23 desirable n-isl trunking 1
Gi2/24 desirable n-802.1q trunking 1
Port Vlans allowed on trunk
Gi1/1 1-4094
Gi1/2 1-4094
Gi1/3 1-4094
Gi1/4 1-4094
Gi1/5 1-4094
Gi1/6 1-4094
Gi1/7 1-4094
Gi1/8 1-4094
Gi1/9 1-4094
Gi1/10 1-4094
Gi1/11 1-4094
Gi1/12 1-4094
Gi1/13 1-4094
Gi1/14 1-4094
Gi1/15 1-4094
Gi1/16 1-4094
Gi1/17 1-4094
Gi1/18 1-4094
Gi1/19 1-4094
Gi1/20 1-4094
Gi1/21 1-4094
Gi1/22 1-4094
Gi1/23 1-4094
Gi1/24 1-4094
Gi2/1 1-4094
Port Vlans allowed on trunk
Gi2/2 1-4094
Gi2/3 1-4094
Gi2/4 1-4094
Gi2/5 1-4094
Gi2/6 1-4094
Gi2/23 1-4094
Gi2/24 1-4094
Port Vlans allowed and active in management domain
Gi1/1 1-29,40,100-103
Gi1/2 1-29,40,100-103
Gi1/3 1-29,40,100-103
Gi1/4 1-29,40,100-103
Gi1/5 1-29,40,100-103
Gi1/6 1-29,40,100-103
Gi1/7 1-29,40,100-103
Gi1/8 1-29,40,100-103
Gi1/9 1-29,40,100-103
Gi1/10 1-29,40,100-103
Gi1/11 1-29,40,100-103
Gi1/12 1-29,40,100-103
Gi1/13 1-29,40,100-103
Gi1/14 1-29,40,100-103
Gi1/15 1-29,40,100-103
Gi1/16 1-29,40,100-103
Gi1/17 1-29,40,100-103
Gi1/18 1-29,40,100-103
Gi1/19 1-29,40,100-103
Gi1/20 1-29,40,100-103
Gi1/21 1-29,40,100-103
Gi1/22 1-29,40,100-103
Gi1/23 1-29,40,100-103
Gi1/24 1-29,40,100-103
Gi2/1 1-29,40,100-103
Gi2/2 1-29,40,100-103
Gi2/3 1-29,40,100-103
Gi2/4 1-29,40,100-103
Gi2/5 1-29,40,100-103
Gi2/6 1-29,40,100-103
Gi2/23 1-29,40,100-103
Gi2/24 1-29,40,100-103
Port Vlans in spanning tree forwarding state and not pruned
Gi1/1 1-29,40,100-103
Gi1/2 1-29,40,100-103
Gi1/3 1-29,40,100-103
Gi1/4 1-29,40,100-103
Gi1/5 1-29,40,100-103
Gi1/6 1-29,40,100-103
Gi1/7 1-29,40,100-103
Gi1/8 1-29,40,100-103
Gi1/9 1-29,40,100-103
Gi1/10 1-29,40,100-103
Gi1/11 1-29,40,100-103
Gi1/12 1-29,40,100-103
Gi1/13 1-29,40,100-103
Gi1/14 1-29,40,100-103
Gi1/15 1-29,40,100-103
Gi1/16 1-29,40,100-103
Gi1/17 1-29,40,100-103
Gi1/18 1-29,40,100-103
Port Vlans in spanning tree forwarding state and not pruned
Gi1/19 1-29,40,100-103
Gi1/20 1-29,40,100-103
Gi1/21 1-29,40,100-103
Gi1/22 1-29,40,100-103
Gi1/23 1-29,40,100-103
Gi1/24 1-29,40,100-103
Gi2/1 1-29,40,100-103
Gi2/2 1-29,40,100-103
Gi2/3 1-29,40,100-103
Gi2/4 1-29,40,100-103
Gi2/5 1-29,40,100-103
Gi2/6 1-29,40,100-103
Gi2/23 1-29,40,100-103
Gi2/24 1-29,40,100-103 -
HSRP Issues on VLAN interfaces
We are experiencing an issue with HSRP and VLANS. We have the VLANS tracked to physical interfaces, with the default decrement value of 10.
When we physically fail the fiber circuit (pull fiber transmit) the physical port reports down condition. The VLAN reports that it is still up. BOTH routers report that they are the active router and connectivity is lost.
When the physical port is shut down, the failover takes place and the routers report their state as predicted.
Any help would be greatly appreciated.
These routers are 4506's running 12.1(19)EW code
on WS-X4515 module.If there are still active ports, then I would expect the VLAN interface to stay UP on both routers. However, I would not normally expect both routers to be ACTIVE. Could it be that when you take down these physical links, that the routers lose sight of each other as far as the Hellos are concerned?
About the "If there are still active ports" bit ... don't gorget that a trunk can also constitute an active port in this sense. So if you have go any access switches uplinked to these 4506s, the trunks will be enough to keep the VLAN interface alive.
Remember also that HSRP has a hold time of only 9 seconds by default, whereas 802.1d Spanning Tree has a convergence time up to 50 seconds by default. So it is possible that if the link you are disconnecting is the active root port of a switch, that the two HSRP routers will lose sight of each other. In that case,they can both become active for a few seconds. Effectively, during the STP convergence the VLAN can be partitioned. It all depends on your topology.
You are pulling only the transmit fiber. I wonder if enabling UDLD would help here.
As Georg says, it would be useful to know a bit more about the topology and the configuration.
Kevin Dorrell
Luxembourg
Maybe you are looking for
-
In Receiver Mail Adapter ,how to ignore SOAP Header attachment
HI Folks, Am using Receiver Mail Adapter and am getting 2 attachments. 1. one is Soap header which contains Control records 2. payload I want only Payload as attachment and need to ignore SOAP Header(AT00001.xml). The configuration is as below:-Trasp
-
Core Dump when installing SAP Integration Kit Fix Pack 3.1
When installing the SAP Integration Kit Fix Pack 3.1 we are getting the following error message.. boperl.sh[88]: 9961568 Memory Fault (Core Dump) This install is being done on AIX after the SP3 was installed. Any ideas? Thanks, Deepti
-
OS X tries to reboot every night
In the past week I've started keeping my mac on at night to download bit torrent files. For some reason, it reboots itself every night. This is incredibly annoying, and I have my mac secured, so it doesn't automatically log in. I've checked the conso
-
What is the relation between KTOPL and 0CHRT_ACCTS_ATTR? both Chart of Acct
Hi If an R3 field e.g. KTOPL (in datasource 0fi_gl_4) which is a "Chart of Accout" is extracted a part of 0fi_gl_4 to BI, is there the need to separately extract 0CHRT_ACCTS_ATTR & 0CHRT_ACCTS_TEXT which are also "Chart of Accout" What is the relati
-
Wlw-runtime-config.xml & two managed servers
I have a problem with WSDL generation and WebLogic workshop in a cluster. I'm using a wlw-runtime-config.xml file to ensure that my web service generates the correct url for it's endpoint. The problem I have is that I have two managed servers on one