From: Greg Wendel (gwendel@gmail.com)
Date: Wed Apr 11 2007 - 15:20:45 ART
Note to group,
Avoid the stupid mistakes I made and make sure you are looking at the latest
copies of the thread before replying. I am 2 for 2 today with responding
with duplicate information.
On 4/11/07, Greg Wendel <gwendel@gmail.com> wrote:
>
> Sorry, I just realized I was restating what Douglass had said 30 minutes
> earlier. I was also thinking you had separate groups for the good and the
> bad, but you are right if you only have the one standby group on the vlan
> interface you are just recreating the probelms with a prettier mac address.
>
> On 4/11/07, Ian Blaney <ian.blaney@gmail.com> wrote:
> >
> > Greg
> >
> > This changes the mac address for both IPs so I back to square one again.
> >
> > test(config)#int vlan 122
> > test(config-if)#standby 2 mac-address 1111.1111.1111
> > test(config-if)#
> > *Apr 11 17:15:43: %STANDBY-6-STATECHANGE: Standby: 2: Vlan122 state
> > Active -> Listen
> > *Apr 11 17:16:03: %STANDBY-6-STATECHANGE: Standby: 2: Vlan122 state
> > Speak -> Standby
> > *Apr 11 17:16:03: %STANDBY-6-STATECHANGE: Standby: 2: Vlan122 state
> > Standby -> Active
> >
> > test#sh ip arp vlan 122
> > Protocol Address Age (min) Hardware Addr Type Interface
> > Internet 10.10.10.100 28 000a.e4b9.c78b ARPA Vlan122
> > Internet 10.10.10.251 - 0050.80ce.d200 ARPA Vlan122
> > Internet 10.10.10.253 - 1111.1111.1111 ARPA Vlan122
> > Internet 10.10.10.254 - 1111.1111.1111 ARPA Vlan122
> >
> >
> >
> > On 4/11/07, Greg Wendel <gwendel@gmail.com> wrote:
> > >
> > > Can you try to do this to force the secondary standby group to use a
> > > different mack?
> > >
> > > Rack1R1(config-if)#int f0/0
> > > Rack1R1(config-if)#standby 111 mac-address abc.abc.abc
> > > Rack1R1(config-if)#
> > >
> > >
> > > On 4/11/07, Jian Gu < guxiaojian@gmail.com> wrote:
> > >
> > > > Can't you simply turn on debug arp and clear arp to see what are
> > > > those hosts
> > > > are sending ARP requests to physical IP adderess?
> > > >
> > > > On 4/11/07, Ian Blaney < ian.blaney@gmail.com > wrote:
> > > > >
> > > > > Karl
> > > > >
> > > > > An ACL on the IP address of the HSRP physical/virtual will not
> > > > work as the
> > > > > destination address will always be the same and will never be the
> > > > actual
> > > > > HSRP IP address. For example if I do a ping from a remote subnet
> > > > to a
> > > > > machine that I am trying to find the default gateway of. The icmp
> > > > reply
> > > > > Layer 3 IP header will always have the IP address of the remote
> > > > > destination
> > > > > so it will never be matched on the ACL. Its only the layer 2
> > > > headers that
> > > > > changes. Someone correct me here if I am talking out my ar*e.
> > > > >
> > > > > Saying the layer 2 header changes my initial question was not
> > > > quite
> > > > > correct.
> > > > > This is a sample of the config
> > > > >
> > > > > interface Vlan122
> > > > > ip address 10.10.10.251 255.255.255.0
> > > > > standby 2 ip 10.10.10.254
> > > > > standby 2 ip 10.10.10.253 secondary
> > > > > standby 2 priority 200
> > > > > standby 2 preempt
> > > > >
> > > > > As a temporary workaround the line "standby 2 ip 10.10.10.253
> > > > secondary"
> > > > > was
> > > > > added as some hosts had the wrong default gateway of 10.10.10.253instead
> > > > > of
> > > > > 10.10.10.254. The company want to take this out now but before
> > > > they want
> > > > > to
> > > > > find all hosts with the wrong IP address ie .253. The problem is
> > > > when I do
> > > > > a
> > > > > show ip arp
> > > > >
> > > > > TestLab#sh ip arp vlan 122
> > > > > Protocol Address Age (min) Hardware Addr Type
> > > > Interface
> > > > > Internet 10.10.10.100 35 000a.e4b9.c78b ARPA Vlan122
> > > > > Internet 10.10.10.251 - 0050.80ce.d200 ARPA Vlan122
> > > > > Internet 10.10.10.253 - 0000.0c07.ac02 ARPA
> > > > Vlan122 <---
> > > > > Internet 10.10.10.254 - 0000.0c07.ac02 ARPA
> > > > Vlan122 <---
> > > > >
> > > > > You see that both .253 and .254 have the same mac address ie
> > > > reserved HSRP
> > > > > mac address 00-00-0c-07-ac-xx where xx is the standby group
> > > > number. I
> > > > > cannot
> > > > > even sniff and filter on mac address as they have the same mac
> > > > address.
> > > > >
> > > > > Anyone have any ideas.
> > > > >
> > > > > Ian
> > > > >
> > > > > PS It would be great if we could use DHCP but there are some
> > > > really old
> > > > > specialized machines where DHCP is not available and the only
> > > > option is to
> > > > > statically configure the IP information
> > > > >
> > > > >
> > > > >
> > > > > On 4/11/07, Karl Brenner < karl.brenner@morenet.biz> wrote:
> > > > > >
> > > > > > Hi Ian,
> > > > > >
> > > > > > I've to recall my previous mail. You can't get the info you're
> > > > after
> > > > > > with an ACL. I can't think of anything else than sniffing for
> > > > the arp
> > > > > > requests. Don't you use a DHCP server for the subnet to manage
> > > > IP
> > > > > > addressing centrally?
> > > > > >
> > > > > > Karl
> > > > >
> > > > >
> > > > _______________________________________________________________________
> > > > > Subscription information may be found at:
> > > > > http://www.groupstudy.com/list/CCIELab.html
> > > >
> > > >
> > > > _______________________________________________________________________
> > > > Subscription information may be found at:
> > > > http://www.groupstudy.com/list/CCIELab.html
> > > >
> > > >
> > > >
> > >
> > >
> > > --
> > > Gregory Wendel
> > > Springfield VA, 22153
> >
> >
> >
>
>
> --
> Gregory Wendel
> Springfield VA, 22153
>
-- Gregory Wendel Springfield VA, 22153
This archive was generated by hypermail 2.1.4 : Tue May 01 2007 - 08:28:35 ART