asked on
Testing HSRP
Hello,
I am trying to test my HSRP setup I configured within GNS3. I kind of talked about that in my last question but I am facing now the issue and I am not sure what I need to do. I have configured HSRP on ESW1 and ESW2. Both ESW1 and ESW2 have SVI’s and are configured with IPsla with tracking of ASA1 and 2 and vice versa. My vlans, ipsla and routing is configured as below.
ESW1
ESW2
IPsla works fine, when I turn off the ESW1 switch, everything gets routed to ESW2 and I get a ping back from 1.1.1.1 to hosts. The problem I am having is when I go to ESW1 and I shutdown one of the vlans like vlan 9 for example. I have a host 10.153.2.15 which is on vlan 9. When I shut off vlan 9 on ESW1, it will no longer ping ISP 1.1.1.1. As you can see I have HSRP configured. When I shutdown VLAN 9, ESW2 vlan 9 comes up as ACTIVE. I have the host configured with default-gateway as the virtual IP.
Here is host 10.153.2.15 (far left) ping and traceroute (should it be 10.153.2.1? Notice the first hope is not the virtual IP.
Here is when I shutoff the (ESW2 vlan 9 goes active.
ESW3 has ipsla with tracking of 192.168.100.1 vlan 1 on ESW1. If I shut off VLAN 1, I can ping 1.1.1.1 I am assuming becouse of IPSLA, does that mean I need IP sla for each vlan? That would be very messy, can anyone provide assistance or proper config? Please see attached image on the net. map. thank you all!
image.jpg
I am trying to test my HSRP setup I configured within GNS3. I kind of talked about that in my last question but I am facing now the issue and I am not sure what I need to do. I have configured HSRP on ESW1 and ESW2. Both ESW1 and ESW2 have SVI’s and are configured with IPsla with tracking of ASA1 and 2 and vice versa. My vlans, ipsla and routing is configured as below.
ESW1
interface Vlan1
ip address 192.168.100.1 255.255.255.0
standby 0 preempt
standby 1 ip 192.168.100.5
standby 1 priority 250
standby 1 preempt
!
interface Vlan5
ip address 10.153.0.1 255.255.255.0
standby 0 preempt
standby 1 ip 10.153.0.5
standby 1 priority 250
standby 1 preempt
!
interface Vlan6
ip address 10.153.6.3 255.255.255.0
standby 0 preempt
standby 1 ip 10.153.6.5
standby 1 priority 150
!
interface Vlan7
ip address 10.153.7.3 255.255.255.0
standby 0 preempt
standby 1 ip 10.153.7.5
standby 1 priority 150
!
interface Vlan8
ip address 10.153.1.1 255.255.255.0
standby 0 preempt
standby 1 ip 10.153.1.5
standby 1 priority 250
standby 1 preempt
!
interface Vlan9
ip address 10.153.2.1 255.255.255.0
standby 0 preempt
standby 1 ip 10.153.2.5
standby 1 priority 250
standby 1 preempt
!
interface Vlan10
ip address 10.153.3.1 255.255.255.0
standby 0 preempt
standby 1 ip 10.153.3.5
standby 1 priority 250
standby 1 preempt
ip sla 2
icmp-echo 10.153.0.2 source-interface FastEthernet1/0
timeout 1000
threshold 2
frequency 3
ip sla schedule 2 life forever start-time now
ESW2
interface Vlan1
ip address 192.168.100.15 255.255.255.0
standby 1 ip 192.168.100.5
standby 1 priority 150
!
interface Vlan2
no ip address
!
interface Vlan3
no ip address
!
interface Vlan5
ip address 10.153.0.3 255.255.255.0
standby 1 ip 10.153.0.5
standby 1 priority 150
!
interface Vlan6
ip address 10.153.6.1 255.255.255.0
standby 1 ip 10.153.6.5
standby 1 priority 250
standby 1 preempt
!
interface Vlan7
ip address 10.153.7.1 255.255.255.0
standby 1 ip 10.153.7.5
standby 1 priority 250
standby 1 preempt
!
interface Vlan8
ip address 10.153.1.3 255.255.255.0
standby 1 ip 10.153.1.5
standby 1 priority 150
!
interface Vlan9
ip address 10.153.2.3 255.255.255.0
standby 1 ip 10.153.2.5
standby 1 priority 150
!
interface Vlan10
ip address 10.153.3.3 255.255.255.0
standby 1 ip 10.153.3.5
standby 1 priority 150
ip sla 3
icmp-echo 10.153.6.2 source-interface FastEthernet1/10
timeout 1000
threshold 2
frequency 3
ip sla schedule 3 life forever start-time now
ip route 0.0.0.0 0.0.0.0 10.153.6.2 track 3
ip route 0.0.0.0 0.0.0.0 10.153.7.2 50
IPsla works fine, when I turn off the ESW1 switch, everything gets routed to ESW2 and I get a ping back from 1.1.1.1 to hosts. The problem I am having is when I go to ESW1 and I shutdown one of the vlans like vlan 9 for example. I have a host 10.153.2.15 which is on vlan 9. When I shut off vlan 9 on ESW1, it will no longer ping ISP 1.1.1.1. As you can see I have HSRP configured. When I shutdown VLAN 9, ESW2 vlan 9 comes up as ACTIVE. I have the host configured with default-gateway as the virtual IP.
Here is host 10.153.2.15 (far left) ping and traceroute (should it be 10.153.2.1? Notice the first hope is not the virtual IP.
R7#show ip route
Default gateway is 10.153.2.5
Host Gateway Last Use Total Uses Interface
ICMP redirect cache is empty
R7#
R7#tra
R7#traceroute 1.1.1.1
Type escape sequence to abort.
Tracing the route to 1.1.1.1
1 10.153.2.1 12 msec 20 msec 20 msec
2 66.238.#.# 252 msec 64 msec 48 msec
3 2.2.2.2 40 msec 68 msec 76 msec
Here is when I shutoff the (ESW2 vlan 9 goes active.
ESW2#
*Mar 1 00:16:18.807: %HSRP-5-STATECHANGE: Vlan9 Grp 1 state Standby -> Active
R7#ping 1.1.1.1 repeat 10000
Type escape sequence to abort.
Sending 10000, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!........................
..........
R7#traceroute 1.1.1.1
R7#traceroute 1.1.1.1
Type escape sequence to abort.
Tracing the route to 1.1.1.1
1 *
10.153.2.3 44 msec 16 msec
2 * * *
3 * *
ESW3 has ipsla with tracking of 192.168.100.1 vlan 1 on ESW1. If I shut off VLAN 1, I can ping 1.1.1.1 I am assuming becouse of IPSLA, does that mean I need IP sla for each vlan? That would be very messy, can anyone provide assistance or proper config? Please see attached image on the net. map. thank you all!
image.jpg
RoutersSwitches / HubsNetwork Architecture
Last Comment
Predrag Jovic
ASKER
I did create tracking, I just didn't post it, I forgot, when I reached out to Cisco, they recommended using IPSLA with tracking and HSRP. I asked them first If I should use EIGRP or OSPF and they said no need.
R7#traceroute 1.1.1.1This looks like problem with routing on ESW2 (missing default route, or next hop is not available).
Type escape sequence to abort.
Tracing the route to 1.1.1.1
1 *
10.153.2.3 44 msec 16 msec
2 * * *
3 * *
Check default route in routing table on that switch.
PS
I would go with routing in your configuration.
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
ASKER
If I go with routing, I would need a IGRP within the switch network right? Do I extend over to ASA's and routers?
No, you don't need IGRP within the switch network.
I guess that you need it on ESW1, ESW2, ASA ( if ASA is not in transparent mode) and on R1 and R2. Then you would need to set tracking on R1 and R2.
I guess that you need it on ESW1, ESW2, ASA ( if ASA is not in transparent mode) and on R1 and R2. Then you would need to set tracking on R1 and R2.
ASKER
Ok, I changed it all to EGRP and removed IPSLA's and hsrp off the vlans. I dropped vlan 9 and I am not getting a reply back from the host 2.15 Since ESW3 has no EIGRP configured, what routing should I have on there and should I have ipsla with tracking on ESW3? When I do a traceroute form 2.15 I am not getting a next hop, I have no default gateway on ESW3/
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
or do I need HSRP on ESW1 and 2?
You need HSRP on ESW1 and 2 for your VLANs.
If links between switches ESW1, 2 and 3 are L2 then sure you don't need EIGRP there.
If links between switches ESW1, 2 and 3 are L2 then sure you don't need EIGRP there.
ASKER
they're trunk links
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
L2 links.
ASKER
OK so I just need eigrp on asa's and routers and hsrp on esw1, 2 along with ipsla and tracking. on esw3 I need ipsla and tracking. correct?
Problem is I am not expert for ASA, so I am not very familiar with it's capabilities.
You can implement it in a few ways.
If ASA can do IP SLA and tracking (the way to insert default route in routing table) you don't need EIGRP on R1 and R2 since there is only one path to reach those routers. So in that case that on ASA you can insert (and pull out) default route into EIGRP with IP SLA, you don't really need EIGRP on R1 & R2, otherwise you need it there. With implementing internal routing protocol in topology the only tricky part is elegant implementation of default route into routing table. The rest is really easy.
You can implement it in a few ways.
If ASA can do IP SLA and tracking (the way to insert default route in routing table) you don't need EIGRP on R1 and R2 since there is only one path to reach those routers. So in that case that on ASA you can insert (and pull out) default route into EIGRP with IP SLA, you don't really need EIGRP on R1 & R2, otherwise you need it there. With implementing internal routing protocol in topology the only tricky part is elegant implementation of default route into routing table. The rest is really easy.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
If ESW3 is connected with trunks with ESW1 and 2 - you don't need anything there. HSRP is there to do its job.
ASKER
haha, right, so pretty much exactly how I had it set up in first place.
ASKER
so if you look at the original post, then you're saying I am having a routing problem then
Your help has saved me hundreds of hours of internet surfing.
fblack61
ASKER CERTIFIED SOLUTION
Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a questionASKER
I was able to resolve the issue. I think it was a GNS3 error. The new GNS3 that came up recently is awful
Nice.
:)
Few tips that I found somewhere on internet.
When you add switching module and creating vlans, sometimes it helps to add interface vlan on every switch, for every vlan, and then ping it. It worked for me more than once, other would be find image that works stable in GNS3, I am using c7200-adventerprisek9_sna-
:)
Few tips that I found somewhere on internet.
When you add switching module and creating vlans, sometimes it helps to add interface vlan on every switch, for every vlan, and then ping it. It worked for me more than once, other would be find image that works stable in GNS3, I am using c7200-adventerprisek9_sna-
:)
You created IP SLA, but did you create tracking? Track 3 is not equal IP sla 3.
Missing link in quoted part command (in the case you did not implement it) # track 3 ip sla 3