Re: HSRP - Default Gateway

From: Ian Blaney (ian.blaney@gmail.com)
Date: Wed Apr 11 2007 - 13:46:52 ART

• Next message: Hewie: "SecureCRT login script"
• Previous message: Brian McGahan: "RE: Purpose of Mapping agent in multicast"
• Maybe in reply to: Ian Blaney: "HSRP - Default Gateway"
• Next in thread: Jian Gu: "Re: HSRP - Default Gateway"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Karl

An ACL on the IP address of the HSRP physical/virtual will not work as the
destination address will always be the same and will never be the actual
HSRP IP address. For example if I do a ping from a remote subnet to a
machine that I am trying to find the default gateway of. The icmp reply
Layer 3 IP header will always have the IP address of the remote destination
so it will never be matched on the ACL. Its only the layer 2 headers that
changes. Someone correct me here if I am talking out my ar*e.

Saying the layer 2 header changes my initial question was not quite correct.
This is a sample of the config

interface Vlan122
 ip address 10.10.10.251 255.255.255.0
 standby 2 ip 10.10.10.254
 standby 2 ip 10.10.10.253 secondary
 standby 2 priority 200
 standby 2 preempt

As a temporary workaround the line "standby 2 ip 10.10.10.253 secondary" was
added as some hosts had the wrong default gateway of 10.10.10.253 instead of
10.10.10.254. The company want to take this out now but before they want to
find all hosts with the wrong IP address ie .253. The problem is when I do a
show ip arp

TestLab#sh ip arp vlan 122
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.10.10.100 35 000a.e4b9.c78b ARPA Vlan122
Internet 10.10.10.251 - 0050.80ce.d200 ARPA Vlan122
Internet 10.10.10.253 - 0000.0c07.ac02 ARPA Vlan122 <---
Internet 10.10.10.254 - 0000.0c07.ac02 ARPA Vlan122 <---

You see that both .253 and .254 have the same mac address ie reserved HSRP
mac address 00-00-0c-07-ac-xx where xx is the standby group number. I cannot
even sniff and filter on mac address as they have the same mac address.

Anyone have any ideas.

Ian

PS It would be great if we could use DHCP but there are some really old
specialized machines where DHCP is not available and the only option is to
statically configure the IP information

On 4/11/07, Karl Brenner <karl.brenner@morenet.biz> wrote:
>
> Hi Ian,
>
> I've to recall my previous mail. You can't get the info you're after
> with an ACL. I can't think of anything else than sniffing for the arp
> requests. Don't you use a DHCP server for the subnet to manage IP
> addressing centrally?
>
> Karl

• Next message: Hewie: "SecureCRT login script"
• Previous message: Brian McGahan: "RE: Purpose of Mapping agent in multicast"
• Maybe in reply to: Ian Blaney: "HSRP - Default Gateway"
• Next in thread: Jian Gu: "Re: HSRP - Default Gateway"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue May 01 2007 - 08:28:35 ART