Simple HSRP but puzzled answer ?

Discussion in 'Cisco' started by bensonlei@yahoo.com.hk, May 3, 2011.

  1. Guest

    Hi,
    We have such configuration (focus on HSRP config. please ) between two
    routers:

    R1:
    interface FastEthernet0/0.334
    encapsulation dot1Q 334
    ip address 10.10.10.1 255.255.255.224
    ip access-group Branch in
    ip helper-address 10.10.11.6
    ip helper-address 10.10.11.8
    no ip redirects
    no ip proxy-arp
    ip ospf authentication message-digest
    ip ospf message-digest-key 1 md5 <removed>
    ip ospf cost 10
    ip ospf hello-interval 2
    ip ospf retransmit-interval 1
    standby 34 ip 10.10.10.3
    standby 34 timers 2 6
    standby 34 priority 105
    standby 34 preempt
    standby 34 authentication as2
    !


    R2:
    interface FastEthernet0/0.334
    encapsulation dot1Q 334
    ip address 10.10.10.2 255.255.255.224
    ip access-group Branch in
    ip helper-address 10.10.11.6
    ip helper-address 10.10.11.8
    no ip redirects
    no ip proxy-arp
    ip ospf authentication message-digest
    ip ospf message-digest-key 1 md5 <removed>
    ip ospf cost 10
    ip ospf hello-interval 2
    ip ospf retransmit-interval 1
    standby 34 ip 10.10.10.3
    standby 34 timers 2 6
    standby 34 preempt
    standby 34 authentication as2
    !


    1. "show ip arp" in routers, a client workstation 10.10.10.10 is
    shown
    in both routers
    2. "show adj fa0/0.334" in routers, workstations traffic in both of
    routers'
    counters


    Any comments ? R1 is the HSRP active for this connection ? R2 should
    has no traffic ?
     
    , May 3, 2011
    #1
    1. Advertising

  2. Andre Guest

    Hi

    Are you sure HSRP is working correctly?

    Run "show stand brief" on each router and check whether R1 is active
    and "sees" R2 as standby and vice versa.

    Might be the case both are active which leads to duplicate standby
    address. This could be a reason for seeing traffic on both sides.

    You might think, why should both routers be active? Have a look at
    your access-list "Branch". It's an inbound access list which might
    block traffic from the HSRP partner.

    When using inbound access list on HSRP enabled interfaces it's
    necessary to allow incoming traffic from the other router to HSRP
    multicast address 224.0.0.2.

    e.g. on R1
    ip access-list extended Branch
    permit ip host 10.10.10.2 host 224.0.0.2

    This, in your case, is also for OSPF groups 224.0.0.5, 224.0.0.6


    HTH,

    Andre
     
    Andre, May 15, 2011
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    7
    Views:
    4,328
    Kimba W. Lion
    Jan 26, 2007
  2. GrandpaChuck
    Replies:
    0
    Views:
    502
    GrandpaChuck
    Jul 25, 2006
  3. GrandpaChuck
    Replies:
    3
    Views:
    454
    Blinky the Shark
    Jul 26, 2006
  4. MeekiMoo
    Replies:
    0
    Views:
    688
    MeekiMoo
    Jul 28, 2009
  5. Replies:
    5
    Views:
    1,351
    Sam Wilson
    May 17, 2011
Loading...

Share This Page