RE: HSRP - Default Gateway

From: Todd, Douglas M. (DTODD@PARTNERS.ORG)
Date: Wed Apr 11 2007 - 16:05:33 ART

• Next message: John Gibson: "Re: RE: Reporting NDA violations"
• Previous message: Craig Tompkins: "Re: HSRP - Default Gateway"
• Maybe in reply to: Ian Blaney: "HSRP - Default Gateway"
• Next in thread: Ian Blaney: "Re: HSRP - Default Gateway"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Rack1R1#sh standby br
                   P indicates configured to preempt.
                   |
Interface Grp Pri P State Active Standby Virtual IP
Fa0/0 1 100 Active local unknown 183.1.17.2
Fa0/0 2 100 Active local unknown 183.1.17.254
Here is what I ran in the lab -

interface FastEthernet0/0
 ip address 183.1.17.1 255.255.255.0
 duplex auto
 speed auto
 standby 1 ip 183.1.17.2
 standby 2 ip 183.1.17.254
 standby 2 mac-address 0000.0dea.dbef
end

Rack1R1#
Rack1R1#
Rack1R1#sh ip arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 183.1.17.1 - 0002.fd8d.80f0 ARPA FastEthernet0/0
Internet 183.1.17.2 - 0000.0c07.ac01 ARPA FastEthernet0/0
Internet 183.1.17.7 36 000b.4617.7900 ARPA FastEthernet0/0
Internet 183.1.17.254 - 0000.0dea.dbef ARPA FastEthernet0/0
Rack1R1#sh run int f0/0
Building configuration...

Current configuration : 185 bytes
!

Rack1R1#ping 183.1.17.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 183.1.17.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
Rack1R1#ping 183.1.17.254

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 183.1.17.254, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
Rack1R1#

It seems to work well in the lab - anyone see this type of configuration not
working in production?

DMT

> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
> Behalf Of Ian Blaney
> Sent: Wednesday, April 11, 2007 1:59 PM
> To: Greg Wendel
> Cc: Jian Gu; Karl Brenner; ccielab@groupstudy.com
> Subject: Re: HSRP - Default Gateway
>
> Greg
>
> This changes the mac address for both IPs so I back to square
> one again.
>
> test(config)#int vlan 122
> test(config-if)#standby 2 mac-address 1111.1111.1111
> test(config-if)# *Apr 11 17:15:43: %STANDBY-6-STATECHANGE:
> Standby: 2: Vlan122 state
> Active -> Listen
> *Apr 11 17:16:03: %STANDBY-6-STATECHANGE: Standby: 2: Vlan122 state
> Speak -> Standby
> *Apr 11 17:16:03: %STANDBY-6-STATECHANGE: Standby: 2: Vlan122 state
> Standby -> Active
>
> test#sh ip arp vlan 122
> Protocol Address Age (min) Hardware Addr Type Interface
> Internet 10.10.10.100 28 000a.e4b9.c78b ARPA Vlan122
> Internet 10.10.10.251 - 0050.80ce.d200 ARPA Vlan122
> Internet 10.10.10.253 - 1111.1111.1111 ARPA Vlan122
> Internet 10.10.10.254 - 1111.1111.1111 ARPA Vlan122
>
>
>
> On 4/11/07, Greg Wendel <gwendel@gmail.com> wrote:
> >
> > Can you try to do this to force the secondary standby group
> to use a
> > different mack?
> >
> > Rack1R1(config-if)#int f0/0
> > Rack1R1(config-if)#standby 111 mac-address abc.abc.abc
> > Rack1R1(config-if)#
> >
> >
> > On 4/11/07, Jian Gu <guxiaojian@gmail.com> wrote:
> >
> > > Can't you simply turn on debug arp and clear arp to see what are
> > > those hosts are sending ARP requests to physical IP adderess?
> > >
> > > On 4/11/07, Ian Blaney <ian.blaney@gmail.com > wrote:
> > > >
> > > > Karl
> > > >
> > > > An ACL on the IP address of the HSRP physical/virtual will not
> > > > work as
> > > the
> > > > destination address will always be the same and will
> never be the
> > > actual
> > > > HSRP IP address. For example if I do a ping from a
> remote subnet
> > > > to a machine that I am trying to find the default
> gateway of. The
> > > > icmp
> > > reply
> > > > Layer 3 IP header will always have the IP address of the remote
> > > > destination so it will never be matched on the ACL. Its
> only the
> > > > layer 2 headers
> > > that
> > > > changes. Someone correct me here if I am talking out my ar*e.
> > > >
> > > > Saying the layer 2 header changes my initial question was not
> > > > quite correct.
> > > > This is a sample of the config
> > > >
> > > > interface Vlan122
> > > > ip address 10.10.10.251 255.255.255.0 standby 2 ip 10.10.10.254
> > > > standby 2 ip 10.10.10.253 secondary standby 2 priority
> 200 standby
> > > > 2 preempt
> > > >
> > > > As a temporary workaround the line "standby 2 ip 10.10.10.253
> > > secondary"
> > > > was
> > > > added as some hosts had the wrong default gateway of
> > > > 10.10.10.253instead of 10.10.10.254. The company want
> to take this
> > > > out now but before they
> > > want
> > > > to
> > > > find all hosts with the wrong IP address ie .253. The
> problem is
> > > > when
> > > I do
> > > > a
> > > > show ip arp
> > > >
> > > > TestLab#sh ip arp vlan 122
> > > > Protocol Address Age (min) Hardware Addr
> Type Interface
> > >
> > > > Internet 10.10.10.100 35 000a.e4b9.c78b
> ARPA Vlan122
> > > > Internet 10.10.10.251 - 0050.80ce.d200
> ARPA Vlan122
> > > > Internet 10.10.10.253 - 0000.0c07.ac02 ARPA
> > > Vlan122 <---
> > > > Internet 10.10.10.254 - 0000.0c07.ac02 ARPA
> > > Vlan122 <---
> > > >
> > > > You see that both .253 and .254 have the same mac address ie
> > > > reserved
> > > HSRP
> > > > mac address 00-00-0c-07-ac-xx where xx is the standby group
> > > > number. I cannot even sniff and filter on mac address
> as they have
> > > > the same mac
> > > address.
> > > >
> > > > Anyone have any ideas.
> > > >
> > > > Ian
> > > >
> > > > PS It would be great if we could use DHCP but there are some
> > > > really
> > > old
> > > > specialized machines where DHCP is not available and the only
> > > > option
> > > is to
> > > > statically configure the IP information
> > > >
> > > >
> > > >
> > > > On 4/11/07, Karl Brenner <karl.brenner@morenet.biz> wrote:
> > > > >
> > > > > Hi Ian,
> > > > >
> > > > > I've to recall my previous mail. You can't get the
> info you're
> > > > > after with an ACL. I can't think of anything else
> than sniffing
> > > > > for the
> > > arp
> > > > > requests. Don't you use a DHCP server for the subnet
> to manage
> > > > > IP addressing centrally?
> > > > >
> > > > > Karl
> > > >
> > > >
> > >
> ____________________________________________________________________
> > > ___
> > > > Subscription information may be found at:
> > > > http://www.groupstudy.com/list/CCIELab.html
> > >
> > >
> ____________________________________________________________________
> > > ___ Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> > >
> > >
> > >
> >
> >
> > --
> > Gregory Wendel
> > Springfield VA, 22153
>
> ______________________________________________________________
> _________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>

The information transmitted in this electronic communication is intended only for the person or entity to whom it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this information in error, please contact the Compliance HelpLine at 800-856-1983 and properly dispose of this information.

• Next message: John Gibson: "Re: RE: Reporting NDA violations"
• Previous message: Craig Tompkins: "Re: HSRP - Default Gateway"
• Maybe in reply to: Ian Blaney: "HSRP - Default Gateway"
• Next in thread: Ian Blaney: "Re: HSRP - Default Gateway"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue May 01 2007 - 08:28:35 ART