Shark Attack
asked on
VRRP question
How come when I configure VRRP on my vlans, I can no longer reach them? For ex. I have 2 switches, one Core an other Backup. Both configured with SVI's. I configure VRRP per vlan with the following syntex:
CORE 1
int vl 1
ip add 192.168.1.1
vrrp 1 ip 192.168.1.1
BACKUP
int vl 1
ip add 192.168.1.2
vrrp 1 ip 192.168.1.1
After the above config, I cannot reach the vlans from hosts at all. Any ideas? What am I doing wrong? Both switches are connected as a trunk
CORE 1
int vl 1
ip add 192.168.1.1
vrrp 1 ip 192.168.1.1
BACKUP
int vl 1
ip add 192.168.1.2
vrrp 1 ip 192.168.1.1
After the above config, I cannot reach the vlans from hosts at all. Any ideas? What am I doing wrong? Both switches are connected as a trunk
Your Vlan interface ip address and VRRP address should not be same ... Check your core 1 vlan config
ASKER
I have VRRP configured on all vlans the same way. Without VRRP I get instant reply back. With VRRP I don't. For ex. I have a vlan 5 below
Core:
Int vl 5
ip 10.153.0.1
vrrp 1 ip 10.153.0.1
BACKUP
int vl 5
ip 10.153.0.2
vrrp 1 ip 10.153.0.1
I have a host on the vlan with an IP 10.153.0.15. When I ping 10.153.0.1, or .2 I get no reply back. When I remove VRRP configs, I get back the connection.
Core:
Int vl 5
ip 10.153.0.1
vrrp 1 ip 10.153.0.1
BACKUP
int vl 5
ip 10.153.0.2
vrrp 1 ip 10.153.0.1
I have a host on the vlan with an IP 10.153.0.15. When I ping 10.153.0.1, or .2 I get no reply back. When I remove VRRP configs, I get back the connection.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
by the way I created the scenario in GNS3, are my configs correct? This could be GNS3 issue i guess but I am going ti implement VRRP to my network and wanted to see if I can give it a try in GNS3 first
ASKER
NetExper: I am using VRRP which enables me to use the same Ip address of the interface as a virtual interface. Thats the reason why I'm going with VRRP and not HSRP
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
It worked when I made the change.
So, I cannot use the same IP as a SVI for VRRP IP? What If I had physical interface and used that as an IP of the VRRP? Would this also be an issue?
So, I cannot use the same IP as a SVI for VRRP IP? What If I had physical interface and used that as an IP of the VRRP? Would this also be an issue?
Yes. You do not use the same IP address for the virtual router as you do for the interface. Regardless of whether it's a physical interface or SVI.
ASKER
OK, well that changes everything, might as well use HSRP.
Let me as you one more question. When I configured HSRP first on each of the vlans, and I drop the primary vlan, The backup switch goes to ACTIVE but the hosts don't re-direct to the virtual IP. For ex. I have "no ip routing" on the host with ip default-gateway pointing to the virtual HSRP address but when I do traceroute, it still shows the actual IP of the interface vlan. I can ping the virtual IP though, so not sure why this is happening. I also have ip sla configured but only for the vlan thats a native vlan on the trunk. Do I need to make ipsla with tracking for all vlans in this case for it to work?
Let me as you one more question. When I configured HSRP first on each of the vlans, and I drop the primary vlan, The backup switch goes to ACTIVE but the hosts don't re-direct to the virtual IP. For ex. I have "no ip routing" on the host with ip default-gateway pointing to the virtual HSRP address but when I do traceroute, it still shows the actual IP of the interface vlan. I can ping the virtual IP though, so not sure why this is happening. I also have ip sla configured but only for the vlan thats a native vlan on the trunk. Do I need to make ipsla with tracking for all vlans in this case for it to work?
Let me as you one more question. When I configured HSRP first on each of the vlans, and I drop the primary vlan,What do you mean by "drop the VLAN"?
when I do traceroute, it still shows the actual IP of the interface vlan.Correct. The router will respond to the traceroute with its own address.
ASKER
looks like it's working now, dont know about the new GNS3. It's pretty buggy. I have to reset the ASA at least 5 times before all interfaces work.
Thank you all for you help!
Thank you all for you help!
I'm assuming that everything works fine without the VRRP config?
Do you have VRRP configured on the other VLANs?