We help IT Professionals succeed at work.
Get Started

Testing HSRP

Shark Attack
Shark Attack asked
on
18 Comments
1 Solution
240 Views
Last Modified: 2015-09-23
Hello,
I am trying to test my HSRP setup I configured within GNS3. I kind of talked about that in my last question but I am facing now the issue and I am not sure what I need to do. I have configured HSRP on ESW1 and ESW2.  Both ESW1 and ESW2 have SVI’s and are configured with IPsla with tracking of ASA1 and 2 and vice versa.  My vlans, ipsla and routing is configured as below.

ESW1

interface Vlan1
 ip address 192.168.100.1 255.255.255.0
 standby 0 preempt
 standby 1 ip 192.168.100.5
 standby 1 priority 250
 standby 1 preempt
!
interface Vlan5
 ip address 10.153.0.1 255.255.255.0
 standby 0 preempt
 standby 1 ip 10.153.0.5
 standby 1 priority 250
 standby 1 preempt
!
interface Vlan6
 ip address 10.153.6.3 255.255.255.0
 standby 0 preempt
 standby 1 ip 10.153.6.5
 standby 1 priority 150
!
interface Vlan7
 ip address 10.153.7.3 255.255.255.0
 standby 0 preempt
 standby 1 ip 10.153.7.5
 standby 1 priority 150
!
interface Vlan8
 ip address 10.153.1.1 255.255.255.0
 standby 0 preempt
 standby 1 ip 10.153.1.5
 standby 1 priority 250
 standby 1 preempt
!
interface Vlan9
 ip address 10.153.2.1 255.255.255.0
 standby 0 preempt
 standby 1 ip 10.153.2.5
 standby 1 priority 250
 standby 1 preempt
!
interface Vlan10
 ip address 10.153.3.1 255.255.255.0
 standby 0 preempt
 standby 1 ip 10.153.3.5
 standby 1 priority 250
 standby 1 preempt	

ip sla 2
 icmp-echo 10.153.0.2 source-interface FastEthernet1/0
 timeout 1000
 threshold 2
 frequency 3
ip sla schedule 2 life forever start-time now

Open in new window


ESW2

interface Vlan1
 ip address 192.168.100.15 255.255.255.0
 standby 1 ip 192.168.100.5
 standby 1 priority 150
!
interface Vlan2
 no ip address
!
interface Vlan3
 no ip address
!
interface Vlan5
 ip address 10.153.0.3 255.255.255.0
 standby 1 ip 10.153.0.5
 standby 1 priority 150
!
interface Vlan6
 ip address 10.153.6.1 255.255.255.0
 standby 1 ip 10.153.6.5
 standby 1 priority 250
 standby 1 preempt
!
interface Vlan7
 ip address 10.153.7.1 255.255.255.0
 standby 1 ip 10.153.7.5
 standby 1 priority 250
 standby 1 preempt
!
interface Vlan8
 ip address 10.153.1.3 255.255.255.0
 standby 1 ip 10.153.1.5
 standby 1 priority 150
!
interface Vlan9
 ip address 10.153.2.3 255.255.255.0
 standby 1 ip 10.153.2.5
 standby 1 priority 150
!
interface Vlan10
 ip address 10.153.3.3 255.255.255.0
 standby 1 ip 10.153.3.5
 standby 1 priority 150

ip sla 3
 icmp-echo 10.153.6.2 source-interface FastEthernet1/10
 timeout 1000
 threshold 2
 frequency 3
ip sla schedule 3 life forever start-time now

ip route 0.0.0.0 0.0.0.0 10.153.6.2 track 3
ip route 0.0.0.0 0.0.0.0 10.153.7.2 50

Open in new window


IPsla works fine, when I turn off the ESW1 switch, everything gets routed to ESW2 and I get  a ping back from 1.1.1.1 to hosts. The problem I am having is when I go to ESW1 and I shutdown one of the vlans like vlan 9 for example. I have a host 10.153.2.15 which is on vlan 9. When I shut off vlan 9 on ESW1, it will no longer ping ISP 1.1.1.1. As you can see I have HSRP configured. When I shutdown VLAN 9, ESW2 vlan 9 comes up as ACTIVE. I have the host configured with default-gateway as the virtual IP.

Here is host 10.153.2.15 (far left) ping and traceroute (should it be 10.153.2.1? Notice the first hope is not the virtual IP.

R7#show ip route
Default gateway is 10.153.2.5

Host               Gateway           Last Use    Total Uses  Interface
ICMP redirect cache is empty
R7#
R7#tra
R7#traceroute 1.1.1.1

Type escape sequence to abort.
Tracing the route to 1.1.1.1

  1 10.153.2.1 12 msec 20 msec 20 msec
  2 66.238.#.# 252 msec 64 msec 48 msec
  3 2.2.2.2 40 msec 68 msec 76 msec

Open in new window


Here is when I shutoff the (ESW2 vlan 9 goes active.
ESW2#
*Mar  1 00:16:18.807: %HSRP-5-STATECHANGE: Vlan9 Grp 1 state Standby -> Active

Open in new window

R7#ping 1.1.1.1 repeat 10000

Type escape sequence to abort.
Sending 10000, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!........................
..........

Open in new window


R7#traceroute 1.1.1.1

Open in new window


R7#traceroute 1.1.1.1

Type escape sequence to abort.
Tracing the route to 1.1.1.1

  1  *
    10.153.2.3 44 msec 16 msec
  2  *  *  *
  3  *  *

Open in new window



ESW3 has ipsla with tracking of 192.168.100.1 vlan 1 on ESW1. If I shut off VLAN 1, I can ping 1.1.1.1 I am assuming becouse of IPSLA, does that mean I need IP sla for each vlan? That would be very messy, can anyone provide assistance or proper config? Please see attached image on the net. map. thank you all!
image.jpg
Comment
Watch Question
CERTIFIED EXPERT
Distinguished Expert 2018
Commented:
This problem has been solved!
Unlock 1 Answer and 18 Comments.
See Answer
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE