Re: HSRP - Default Gateway

From: Greg Wendel (gwendel@gmail.com)
Date: Wed Apr 11 2007 - 15:19:18 ART

• Next message: Greg Wendel: "Re: HSRP - Default Gateway"
• Previous message: Todd, Douglas M.: "RE: HSRP - Default Gateway"
• Maybe in reply to: Ian Blaney: "HSRP - Default Gateway"
• Next in thread: Greg Wendel: "Re: HSRP - Default Gateway"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Sorry, I just realized I was restating what Douglass had said 30 minutes
earlier. I was also thinking you had separate groups for the good and the
bad, but you are right if you only have the one standby group on the vlan
interface you are just recreating the probelms with a prettier mac address.

On 4/11/07, Ian Blaney <ian.blaney@gmail.com> wrote:
>
> Greg
>
> This changes the mac address for both IPs so I back to square one again.
>
> test(config)#int vlan 122
> test(config-if)#standby 2 mac-address 1111.1111.1111
> test(config-if)#
> *Apr 11 17:15:43: %STANDBY-6-STATECHANGE: Standby: 2: Vlan122 state
> Active -> Listen
> *Apr 11 17:16:03: %STANDBY-6-STATECHANGE: Standby: 2: Vlan122 state
> Speak -> Standby
> *Apr 11 17:16:03: %STANDBY-6-STATECHANGE: Standby: 2: Vlan122 state
> Standby -> Active
>
> test#sh ip arp vlan 122
> Protocol Address Age (min) Hardware Addr Type Interface
> Internet 10.10.10.100 28 000a.e4b9.c78b ARPA Vlan122
> Internet 10.10.10.251 - 0050.80ce.d200 ARPA Vlan122
> Internet 10.10.10.253 - 1111.1111.1111 ARPA Vlan122
> Internet 10.10.10.254 - 1111.1111.1111 ARPA Vlan122
>
>
>
> On 4/11/07, Greg Wendel <gwendel@gmail.com> wrote:
> >
> > Can you try to do this to force the secondary standby group to use a
> > different mack?
> >
> > Rack1R1(config-if)#int f0/0
> > Rack1R1(config-if)#standby 111 mac-address abc.abc.abc
> > Rack1R1(config-if)#
> >
> >
> > On 4/11/07, Jian Gu < guxiaojian@gmail.com> wrote:
> >
> > > Can't you simply turn on debug arp and clear arp to see what are those
> > > hosts
> > > are sending ARP requests to physical IP adderess?
> > >
> > > On 4/11/07, Ian Blaney < ian.blaney@gmail.com > wrote:
> > > >
> > > > Karl
> > > >
> > > > An ACL on the IP address of the HSRP physical/virtual will not work
> > > as the
> > > > destination address will always be the same and will never be the
> > > actual
> > > > HSRP IP address. For example if I do a ping from a remote subnet to
> > > a
> > > > machine that I am trying to find the default gateway of. The icmp
> > > reply
> > > > Layer 3 IP header will always have the IP address of the remote
> > > > destination
> > > > so it will never be matched on the ACL. Its only the layer 2 headers
> > > that
> > > > changes. Someone correct me here if I am talking out my ar*e.
> > > >
> > > > Saying the layer 2 header changes my initial question was not quite
> > > > correct.
> > > > This is a sample of the config
> > > >
> > > > interface Vlan122
> > > > ip address 10.10.10.251 255.255.255.0
> > > > standby 2 ip 10.10.10.254
> > > > standby 2 ip 10.10.10.253 secondary
> > > > standby 2 priority 200
> > > > standby 2 preempt
> > > >
> > > > As a temporary workaround the line "standby 2 ip 10.10.10.253
> > > secondary"
> > > > was
> > > > added as some hosts had the wrong default gateway of 10.10.10.253instead
> > > > of
> > > > 10.10.10.254. The company want to take this out now but before they
> > > want
> > > > to
> > > > find all hosts with the wrong IP address ie .253. The problem is
> > > when I do
> > > > a
> > > > show ip arp
> > > >
> > > > TestLab#sh ip arp vlan 122
> > > > Protocol Address Age (min) Hardware Addr Type
> > > Interface
> > > > Internet 10.10.10.100 35 000a.e4b9.c78b ARPA Vlan122
> > > > Internet 10.10.10.251 - 0050.80ce.d200 ARPA Vlan122
> > > > Internet 10.10.10.253 - 0000.0c07.ac02 ARPA
> > > Vlan122 <---
> > > > Internet 10.10.10.254 - 0000.0c07.ac02 ARPA
> > > Vlan122 <---
> > > >
> > > > You see that both .253 and .254 have the same mac address ie
> > > reserved HSRP
> > > > mac address 00-00-0c-07-ac-xx where xx is the standby group number.
> > > I
> > > > cannot
> > > > even sniff and filter on mac address as they have the same mac
> > > address.
> > > >
> > > > Anyone have any ideas.
> > > >
> > > > Ian
> > > >
> > > > PS It would be great if we could use DHCP but there are some really
> > > old
> > > > specialized machines where DHCP is not available and the only option
> > > is to
> > > > statically configure the IP information
> > > >
> > > >
> > > >
> > > > On 4/11/07, Karl Brenner < karl.brenner@morenet.biz> wrote:
> > > > >
> > > > > Hi Ian,
> > > > >
> > > > > I've to recall my previous mail. You can't get the info you're
> > > after
> > > > > with an ACL. I can't think of anything else than sniffing for the
> > > arp
> > > > > requests. Don't you use a DHCP server for the subnet to manage IP
> > > > > addressing centrally?
> > > > >
> > > > > Karl
> > > >
> > > >
> > > _______________________________________________________________________
> > > > Subscription information may be found at:
> > > > http://www.groupstudy.com/list/CCIELab.html
> > >
> > >
> > > _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> > >
> > >
> > >
> >
> >
> > --
> > Gregory Wendel
> > Springfield VA, 22153
>
>
>

-- 
Gregory Wendel
Springfield VA, 22153

• Next message: Greg Wendel: "Re: HSRP - Default Gateway"
• Previous message: Todd, Douglas M.: "RE: HSRP - Default Gateway"
• Maybe in reply to: Ian Blaney: "HSRP - Default Gateway"
• Next in thread: Greg Wendel: "Re: HSRP - Default Gateway"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue May 01 2007 - 08:28:35 ART