From: Ian Blaney (ian.blaney@gmail.com)
Date: Wed Apr 11 2007 - 14:52:38 ART
Douglas, Craig and all
Its a HIGH availability environment. I will get lynched to the nearest tree
if there is any downtime. I cannot make any changes which will bring the
interface down even for a second.
My heart was beating like after a 100m sprint even when I was doing a debug
arp on the router.
With the debug arp I can see some devices arping for the gateway address but
I presume alot of the hosts will already have an entry in their cache. I
would have to physically clear the arp cache on all machines.
Ian
On 4/11/07, Todd, Douglas M. <DTODD@partners.org> wrote:
>
> Ian:
>
> Good point, we are assuming that we are going to ping from the closest
> router to
> the host(local segment). If you are a hop or few hops back the host you
> are
> pinging will send the traffic default gateway and not the physical
> address.
>
> Change the virtual mac address on one of the standby groups:
>
> int vlan 112
> standby mac-address 0000:dead:beaf
>
>
> DMT
>
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
> > Behalf Of Ian Blaney
> > Sent: Wednesday, April 11, 2007 12:47 PM
> > To: Karl Brenner
> > Cc: ccielab@groupstudy.com
> > Subject: Re: HSRP - Default Gateway
> >
> > Karl
> >
> > An ACL on the IP address of the HSRP physical/virtual will
> > not work as the destination address will always be the same
> > and will never be the actual HSRP IP address. For example if
> > I do a ping from a remote subnet to a machine that I am
> > trying to find the default gateway of. The icmp reply Layer 3
> > IP header will always have the IP address of the remote
> > destination so it will never be matched on the ACL. Its only
> > the layer 2 headers that changes. Someone correct me here if
> > I am talking out my ar*e.
> >
> > Saying the layer 2 header changes my initial question was not
> > quite correct.
> > This is a sample of the config
> >
> > interface Vlan122
> > ip address 10.10.10.251 255.255.255.0
> > standby 2 ip 10.10.10.254
> > standby 2 ip 10.10.10.253 secondary
> > standby 2 priority 200
> > standby 2 preempt
> >
> > As a temporary workaround the line "standby 2 ip 10.10.10.253
> > secondary" was added as some hosts had the wrong default
> > gateway of 10.10.10.253 instead of 10.10.10.254. The company
> > want to take this out now but before they want to find all
> > hosts with the wrong IP address ie .253. The problem is when
> > I do a show ip arp
> >
> > TestLab#sh ip arp vlan 122
> > Protocol Address Age (min) Hardware Addr Type Interface
> > Internet 10.10.10.100 35 000a.e4b9.c78b ARPA Vlan122
> > Internet 10.10.10.251 - 0050.80ce.d200 ARPA Vlan122
> > Internet 10.10.10.253 - 0000.0c07.ac02 ARPA
> > Vlan122 <---
> > Internet 10.10.10.254 - 0000.0c07.ac02 ARPA
> > Vlan122 <---
> >
> > You see that both .253 and .254 have the same mac address ie
> > reserved HSRP mac address 00-00-0c-07-ac-xx where xx is the
> > standby group number. I cannot even sniff and filter on mac
> > address as they have the same mac address.
> >
> > Anyone have any ideas.
> >
> > Ian
> >
> > PS It would be great if we could use DHCP but there are some
> > really old specialized machines where DHCP is not available
> > and the only option is to statically configure the IP information
> >
> >
> >
> > On 4/11/07, Karl Brenner <karl.brenner@morenet.biz> wrote:
> > >
> > > Hi Ian,
> > >
> > > I've to recall my previous mail. You can't get the info
> > you're after
> > > with an ACL. I can't think of anything else than sniffing
> > for the arp
> > > requests. Don't you use a DHCP server for the subnet to manage IP
> > > addressing centrally?
> > >
> > > Karl
> >
> > ______________________________________________________________
> > _________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
>
>
>
>
>
> The information transmitted in this electronic communication is intended
> only for the person or entity to whom it is addressed and may contain
> confidential and/or privileged material. Any review, retransmission,
> dissemination or other use of or taking of any action in reliance upon this
> information by persons or entities other than the intended recipient is
> prohibited. If you received this information in error, please contact the
> Compliance HelpLine at 800-856-1983 and properly dispose of this
> information.
This archive was generated by hypermail 2.1.4 : Tue May 01 2007 - 08:28:35 ART