Re: HSRP - Default Gateway

From: Jian Gu (guxiaojian@gmail.com)
Date: Wed Apr 11 2007 - 14:05:13 ART

• Next message: Luu Hoang Dung: "RE: Problem with ACS"
• Previous message: Luu Hoang Dung: "RE: Problem with ACS"
• Maybe in reply to: Ian Blaney: "HSRP - Default Gateway"
• Next in thread: Todd, Douglas M.: "RE: HSRP - Default Gateway"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Can't you simply turn on debug arp and clear arp to see what are those hosts
are sending ARP requests to physical IP adderess?

On 4/11/07, Ian Blaney <ian.blaney@gmail.com> wrote:
>
> Karl
>
> An ACL on the IP address of the HSRP physical/virtual will not work as the
> destination address will always be the same and will never be the actual
> HSRP IP address. For example if I do a ping from a remote subnet to a
> machine that I am trying to find the default gateway of. The icmp reply
> Layer 3 IP header will always have the IP address of the remote
> destination
> so it will never be matched on the ACL. Its only the layer 2 headers that
> changes. Someone correct me here if I am talking out my ar*e.
>
> Saying the layer 2 header changes my initial question was not quite
> correct.
> This is a sample of the config
>
> interface Vlan122
> ip address 10.10.10.251 255.255.255.0
> standby 2 ip 10.10.10.254
> standby 2 ip 10.10.10.253 secondary
> standby 2 priority 200
> standby 2 preempt
>
> As a temporary workaround the line "standby 2 ip 10.10.10.253 secondary"
> was
> added as some hosts had the wrong default gateway of 10.10.10.253 instead
> of
> 10.10.10.254. The company want to take this out now but before they want
> to
> find all hosts with the wrong IP address ie .253. The problem is when I do
> a
> show ip arp
>
> TestLab#sh ip arp vlan 122
> Protocol Address Age (min) Hardware Addr Type Interface
> Internet 10.10.10.100 35 000a.e4b9.c78b ARPA Vlan122
> Internet 10.10.10.251 - 0050.80ce.d200 ARPA Vlan122
> Internet 10.10.10.253 - 0000.0c07.ac02 ARPA Vlan122 <---
> Internet 10.10.10.254 - 0000.0c07.ac02 ARPA Vlan122 <---
>
> You see that both .253 and .254 have the same mac address ie reserved HSRP
> mac address 00-00-0c-07-ac-xx where xx is the standby group number. I
> cannot
> even sniff and filter on mac address as they have the same mac address.
>
> Anyone have any ideas.
>
> Ian
>
> PS It would be great if we could use DHCP but there are some really old
> specialized machines where DHCP is not available and the only option is to
> statically configure the IP information
>
>
>
> On 4/11/07, Karl Brenner <karl.brenner@morenet.biz> wrote:
> >
> > Hi Ian,
> >
> > I've to recall my previous mail. You can't get the info you're after
> > with an ACL. I can't think of anything else than sniffing for the arp
> > requests. Don't you use a DHCP server for the subnet to manage IP
> > addressing centrally?
> >
> > Karl
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Luu Hoang Dung: "RE: Problem with ACS"
• Previous message: Luu Hoang Dung: "RE: Problem with ACS"
• Maybe in reply to: Ian Blaney: "HSRP - Default Gateway"
• Next in thread: Todd, Douglas M.: "RE: HSRP - Default Gateway"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue May 01 2007 - 08:28:35 ART