From: Todd, Douglas M. (DTODD@PARTNERS.ORG)
Date: Wed Apr 11 2007 - 14:17:30 ART
Ian:
Good point, we are assuming that we are going to ping from the closest router to
the host(local segment). If you are a hop or few hops back the host you are
pinging will send the traffic default gateway and not the physical address.
Change the virtual mac address on one of the standby groups:
int vlan 112
standby mac-address 0000:dead:beaf
DMT
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
> Behalf Of Ian Blaney
> Sent: Wednesday, April 11, 2007 12:47 PM
> To: Karl Brenner
> Cc: ccielab@groupstudy.com
> Subject: Re: HSRP - Default Gateway
>
> Karl
>
> An ACL on the IP address of the HSRP physical/virtual will
> not work as the destination address will always be the same
> and will never be the actual HSRP IP address. For example if
> I do a ping from a remote subnet to a machine that I am
> trying to find the default gateway of. The icmp reply Layer 3
> IP header will always have the IP address of the remote
> destination so it will never be matched on the ACL. Its only
> the layer 2 headers that changes. Someone correct me here if
> I am talking out my ar*e.
>
> Saying the layer 2 header changes my initial question was not
> quite correct.
> This is a sample of the config
>
> interface Vlan122
> ip address 10.10.10.251 255.255.255.0
> standby 2 ip 10.10.10.254
> standby 2 ip 10.10.10.253 secondary
> standby 2 priority 200
> standby 2 preempt
>
> As a temporary workaround the line "standby 2 ip 10.10.10.253
> secondary" was added as some hosts had the wrong default
> gateway of 10.10.10.253 instead of 10.10.10.254. The company
> want to take this out now but before they want to find all
> hosts with the wrong IP address ie .253. The problem is when
> I do a show ip arp
>
> TestLab#sh ip arp vlan 122
> Protocol Address Age (min) Hardware Addr Type Interface
> Internet 10.10.10.100 35 000a.e4b9.c78b ARPA Vlan122
> Internet 10.10.10.251 - 0050.80ce.d200 ARPA Vlan122
> Internet 10.10.10.253 - 0000.0c07.ac02 ARPA
> Vlan122 <---
> Internet 10.10.10.254 - 0000.0c07.ac02 ARPA
> Vlan122 <---
>
> You see that both .253 and .254 have the same mac address ie
> reserved HSRP mac address 00-00-0c-07-ac-xx where xx is the
> standby group number. I cannot even sniff and filter on mac
> address as they have the same mac address.
>
> Anyone have any ideas.
>
> Ian
>
> PS It would be great if we could use DHCP but there are some
> really old specialized machines where DHCP is not available
> and the only option is to statically configure the IP information
>
>
>
> On 4/11/07, Karl Brenner <karl.brenner@morenet.biz> wrote:
> >
> > Hi Ian,
> >
> > I've to recall my previous mail. You can't get the info
> you're after
> > with an ACL. I can't think of anything else than sniffing
> for the arp
> > requests. Don't you use a DHCP server for the subnet to manage IP
> > addressing centrally?
> >
> > Karl
>
> ______________________________________________________________
> _________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
The information transmitted in this electronic communication is intended only for the person or entity to whom it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this information in error, please contact the Compliance HelpLine at 800-856-1983 and properly dispose of this information.
This archive was generated by hypermail 2.1.4 : Tue May 01 2007 - 08:28:35 ART