Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!
Testing HSRP
Hello,
I am trying to test my HSRP setup I configured within GNS3. I kind of talked about that in my last question but I am facing now the issue and I am not sure what I need to do. I have configured HSRP on ESW1 and ESW2. Both ESW1 and ESW2 have SVI’s and are configured with IPsla with tracking of ASA1 and 2 and vice versa. My vlans, ipsla and routing is configured as below.
ESW1
ESW2
IPsla works fine, when I turn off the ESW1 switch, everything gets routed to ESW2 and I get a ping back from 1.1.1.1 to hosts. The problem I am having is when I go to ESW1 and I shutdown one of the vlans like vlan 9 for example. I have a host 10.153.2.15 which is on vlan 9. When I shut off vlan 9 on ESW1, it will no longer ping ISP 1.1.1.1. As you can see I have HSRP configured. When I shutdown VLAN 9, ESW2 vlan 9 comes up as ACTIVE. I have the host configured with default-gateway as the virtual IP.
Here is host 10.153.2.15 (far left) ping and traceroute (should it be 10.153.2.1? Notice the first hope is not the virtual IP.
Here is when I shutoff the (ESW2 vlan 9 goes active.
ESW3 has ipsla with tracking of 192.168.100.1 vlan 1 on ESW1. If I shut off VLAN 1, I can ping 1.1.1.1 I am assuming becouse of IPSLA, does that mean I need IP sla for each vlan? That would be very messy, can anyone provide assistance or proper config? Please see attached image on the net. map. thank you all!
image.jpg
I am trying to test my HSRP setup I configured within GNS3. I kind of talked about that in my last question but I am facing now the issue and I am not sure what I need to do. I have configured HSRP on ESW1 and ESW2. Both ESW1 and ESW2 have SVI’s and are configured with IPsla with tracking of ASA1 and 2 and vice versa. My vlans, ipsla and routing is configured as below.
ESW1
interface Vlan1
ip address 192.168.100.1 255.255.255.0
standby 0 preempt
standby 1 ip 192.168.100.5
standby 1 priority 250
standby 1 preempt
!
interface Vlan5
ip address 10.153.0.1 255.255.255.0
standby 0 preempt
standby 1 ip 10.153.0.5
standby 1 priority 250
standby 1 preempt
!
interface Vlan6
ip address 10.153.6.3 255.255.255.0
standby 0 preempt
standby 1 ip 10.153.6.5
standby 1 priority 150
!
interface Vlan7
ip address 10.153.7.3 255.255.255.0
standby 0 preempt
standby 1 ip 10.153.7.5
standby 1 priority 150
!
interface Vlan8
ip address 10.153.1.1 255.255.255.0
standby 0 preempt
standby 1 ip 10.153.1.5
standby 1 priority 250
standby 1 preempt
!
interface Vlan9
ip address 10.153.2.1 255.255.255.0
standby 0 preempt
standby 1 ip 10.153.2.5
standby 1 priority 250
standby 1 preempt
!
interface Vlan10
ip address 10.153.3.1 255.255.255.0
standby 0 preempt
standby 1 ip 10.153.3.5
standby 1 priority 250
standby 1 preempt
ip sla 2
icmp-echo 10.153.0.2 source-interface FastEthernet1/0
timeout 1000
threshold 2
frequency 3
ip sla schedule 2 life forever start-time now
ESW2
interface Vlan1
ip address 192.168.100.15 255.255.255.0
standby 1 ip 192.168.100.5
standby 1 priority 150
!
interface Vlan2
no ip address
!
interface Vlan3
no ip address
!
interface Vlan5
ip address 10.153.0.3 255.255.255.0
standby 1 ip 10.153.0.5
standby 1 priority 150
!
interface Vlan6
ip address 10.153.6.1 255.255.255.0
standby 1 ip 10.153.6.5
standby 1 priority 250
standby 1 preempt
!
interface Vlan7
ip address 10.153.7.1 255.255.255.0
standby 1 ip 10.153.7.5
standby 1 priority 250
standby 1 preempt
!
interface Vlan8
ip address 10.153.1.3 255.255.255.0
standby 1 ip 10.153.1.5
standby 1 priority 150
!
interface Vlan9
ip address 10.153.2.3 255.255.255.0
standby 1 ip 10.153.2.5
standby 1 priority 150
!
interface Vlan10
ip address 10.153.3.3 255.255.255.0
standby 1 ip 10.153.3.5
standby 1 priority 150
ip sla 3
icmp-echo 10.153.6.2 source-interface FastEthernet1/10
timeout 1000
threshold 2
frequency 3
ip sla schedule 3 life forever start-time now
ip route 0.0.0.0 0.0.0.0 10.153.6.2 track 3
ip route 0.0.0.0 0.0.0.0 10.153.7.2 50
IPsla works fine, when I turn off the ESW1 switch, everything gets routed to ESW2 and I get a ping back from 1.1.1.1 to hosts. The problem I am having is when I go to ESW1 and I shutdown one of the vlans like vlan 9 for example. I have a host 10.153.2.15 which is on vlan 9. When I shut off vlan 9 on ESW1, it will no longer ping ISP 1.1.1.1. As you can see I have HSRP configured. When I shutdown VLAN 9, ESW2 vlan 9 comes up as ACTIVE. I have the host configured with default-gateway as the virtual IP.
Here is host 10.153.2.15 (far left) ping and traceroute (should it be 10.153.2.1? Notice the first hope is not the virtual IP.
R7#show ip route
Default gateway is 10.153.2.5
Host Gateway Last Use Total Uses Interface
ICMP redirect cache is empty
R7#
R7#tra
R7#traceroute 1.1.1.1
Type escape sequence to abort.
Tracing the route to 1.1.1.1
1 10.153.2.1 12 msec 20 msec 20 msec
2 66.238.#.# 252 msec 64 msec 48 msec
3 2.2.2.2 40 msec 68 msec 76 msec
Here is when I shutoff the (ESW2 vlan 9 goes active.
ESW2#
*Mar 1 00:16:18.807: %HSRP-5-STATECHANGE: Vlan9 Grp 1 state Standby -> Active
R7#ping 1.1.1.1 repeat 10000
Type escape sequence to abort.
Sending 10000, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!........................
..........
R7#traceroute 1.1.1.1
R7#traceroute 1.1.1.1
Type escape sequence to abort.
Tracing the route to 1.1.1.1
1 *
10.153.2.3 44 msec 16 msec
2 * * *
3 * *
ESW3 has ipsla with tracking of 192.168.100.1 vlan 1 on ESW1. If I shut off VLAN 1, I can ping 1.1.1.1 I am assuming becouse of IPSLA, does that mean I need IP sla for each vlan? That would be very messy, can anyone provide assistance or proper config? Please see attached image on the net. map. thank you all!
image.jpg
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
I already told you to to implement internal routing protocol, and not to use IP SLA inside your network.
:)
You created IP SLA, but did you create tracking?
Missing link in quoted part command (in the case you did not implement it) # track 3 ip sla 3
:)
You created IP SLA, but did you create tracking?
ip sla 3Track 3 is not equal IP sla 3.
icmp-echo 10.153.6.2 source-interface FastEthernet1/10
timeout 1000
threshold 2
frequency 3
ip sla schedule 3 life forever start-time now
ip route 0.0.0.0 0.0.0.0 10.153.6.2 track 3
Missing link in quoted part command (in the case you did not implement it) # track 3 ip sla 3
I did create tracking, I just didn't post it, I forgot, when I reached out to Cisco, they recommended using IPSLA with tracking and HSRP. I asked them first If I should use EIGRP or OSPF and they said no need.
R7#traceroute 1.1.1.1This looks like problem with routing on ESW2 (missing default route, or next hop is not available).
Type escape sequence to abort.
Tracing the route to 1.1.1.1
1 *
10.153.2.3 44 msec 16 msec
2 * * *
3 * *
Check default route in routing table on that switch.
PS
I would go with routing in your configuration.
If I go with routing, I would need a IGRP within the switch network right? Do I extend over to ASA's and routers?
No, you don't need IGRP within the switch network.
I guess that you need it on ESW1, ESW2, ASA ( if ASA is not in transparent mode) and on R1 and R2. Then you would need to set tracking on R1 and R2.
I guess that you need it on ESW1, ESW2, ASA ( if ASA is not in transparent mode) and on R1 and R2. Then you would need to set tracking on R1 and R2.
Ok, I changed it all to EGRP and removed IPSLA's and hsrp off the vlans. I dropped vlan 9 and I am not getting a reply back from the host 2.15 Since ESW3 has no EIGRP configured, what routing should I have on there and should I have ipsla with tracking on ESW3? When I do a traceroute form 2.15 I am not getting a next hop, I have no default gateway on ESW3/
You need HSRP on ESW1 and 2 for your VLANs.
If links between switches ESW1, 2 and 3 are L2 then sure you don't need EIGRP there.
If links between switches ESW1, 2 and 3 are L2 then sure you don't need EIGRP there.
OK so I just need eigrp on asa's and routers and hsrp on esw1, 2 along with ipsla and tracking. on esw3 I need ipsla and tracking. correct?
Problem is I am not expert for ASA, so I am not very familiar with it's capabilities.
You can implement it in a few ways.
If ASA can do IP SLA and tracking (the way to insert default route in routing table) you don't need EIGRP on R1 and R2 since there is only one path to reach those routers. So in that case that on ASA you can insert (and pull out) default route into EIGRP with IP SLA, you don't really need EIGRP on R1 & R2, otherwise you need it there. With implementing internal routing protocol in topology the only tricky part is elegant implementation of default route into routing table. The rest is really easy.
You can implement it in a few ways.
If ASA can do IP SLA and tracking (the way to insert default route in routing table) you don't need EIGRP on R1 and R2 since there is only one path to reach those routers. So in that case that on ASA you can insert (and pull out) default route into EIGRP with IP SLA, you don't really need EIGRP on R1 & R2, otherwise you need it there. With implementing internal routing protocol in topology the only tricky part is elegant implementation of default route into routing table. The rest is really easy.
If ESW3 is connected with trunks with ESW1 and 2 - you don't need anything there. HSRP is there to do its job.
If you look at original post, then you have routing problem. :)
Check default route on ESW2, try to ping (or traceroute) from ESW2. Other routers in the way should know where network 10.153.2.0/24. If any of those routers don't know where network 10.153.2.0/24 is ping will fail. Also, just in case, check NAT rules - is network 10.153.2.0/24 natted on second gateway (in the case that traffic is sent to different router).
Check default route on ESW2, try to ping (or traceroute) from ESW2. Other routers in the way should know where network 10.153.2.0/24. If any of those routers don't know where network 10.153.2.0/24 is ping will fail. Also, just in case, check NAT rules - is network 10.153.2.0/24 natted on second gateway (in the case that traffic is sent to different router).
I was able to resolve the issue. I think it was a GNS3 error. The new GNS3 that came up recently is awful
Nice.
:)
Few tips that I found somewhere on internet.
When you add switching module and creating vlans, sometimes it helps to add interface vlan on every switch, for every vlan, and then ping it. It worked for me more than once, other would be find image that works stable in GNS3, I am using c7200-adventerprisek9_sna-
:)
Few tips that I found somewhere on internet.
When you add switching module and creating vlans, sometimes it helps to add interface vlan on every switch, for every vlan, and then ping it. It worked for me more than once, other would be find image that works stable in GNS3, I am using c7200-adventerprisek9_sna-
Premium Content
You need an Expert Office subscription to comment.Start Free Trial