HSRP and VLANs on a Cisco 3750

I have  VLANs set up on 2 Cisco 3750s (3750A and 3750B). The VLANs are running HSRP.  I have two Radware switches (an active and a standby) each with a VLAN defined with 2 ports. Port 1 on the Radware master goes to port 1 on  3750A and port 2 on the same VLAN goes to port 2 on 3750B. Port 1 on the Radware backup device goes to port 1 on 3750B and port 2 goes to port 2 on 3750B.

The problem is that when I disconnect port 1 or port 2 on the Radware BACKUP device, the Cisco 3750 fails over. I think I can understand why the Cisco would fail over if the cable I pulled from the BACKUP device was actually connected to the ACTIVE Cisco device. But even when I disconnect a cable from the BACKUP Radware device from the STANDBY Cisco device, the STANDBY Cisco device takes over and becomes the ACTIVE device.

What am I missing??

Thanks in advance
LVL 16
Steve JenningsIT ManagerAsked:
Who is Participating?
Don JohnstonConnect With a Mentor InstructorCommented:
>What am I missing??

Spanning Tree.

If this is all in the same VLAN and you're not using 802.1w, then it will take up to 50 seconds for the path to be re-established. By default, HSRP dead timers are 10 seconds. So when you fail a forwarding link. the HSRP dead timer expires and the route processors can't see each other. The HSRP standby route processor assumes the Active has died and takes over. Once the blocking link moves to forwarding, the route processors see each other and re-elect the Active route processor.

BTW, where are the PC's connected?

Steve JenningsIT ManagerAuthor Commented:
Thanks for the response, but that explains what I already understand about HSRP. I am confused about why the failover occurs in the first place . . . if I have 2 ports defined in the VLAN and one fails, where is the logic behind failing the entire VLAN? I would expect a fail over only if both ports failed. Is there some config I am missing? And the RADWARE devices don't have spanning tree, they are layer 4-7 switches.

Thanks very much for your response.

Don JohnstonInstructorCommented:
>And the RADWARE devices don't have spanning tree, they are layer 4-7 switches

I don't know the Radware products. Does each port of the Radware device have an IP address? Which Radware product is this?

Here's the thing: HSRP peers have to be on the same broadcast domain. If these Radware devices aren't switching at layer 2 then the HSRP hellos won't get to the other peer. Which means that if the HSRP peers can see each other then these switches are forwarding broadcasts at layer 2. Therefore, you have a layer 2 loop. Which means that spanning tree will identify and block any redundant links. When the non-blocking port fails (or is disconnected), HSRP hellos aren't passing until spanning tree converges. During that time, the two HSRP peers can't see each other.
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Can you please post your configuration
Steve JenningsIT ManagerAuthor Commented:
Ok, the Radware device is called an AppDirector and the two ports on each AppDirector are part of a VLAN and of course that VLAN has an IP address on the same network as the Cisco HSRP devices' VLAN. I also discovered that the spanning tree root port (role: root/ state: FWD) is actually attached to the backup AppDirector. After the backup AppDirector is powered off, a different port on the Cisco 3750, one that had been in BLK state, goes into root / FWD state. So if it takes time for the port to go from BLK to FWD and assume the root role, that would explain why HSRP fails over because for that brief time, the two Ciscos would not be communicating.


yasirirfan - - I will post the configs later.

Don JohnstonInstructorCommented:
I think you're starting to get it. ;-)

I don't know the Radware products so I don't know their configuration options. As long as the four ports on the Radware are in the same VLAN, you'll have this symptom.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.