From: Jason Madsen (madsen.jason@gmail.com)
Date: Wed Aug 06 2008 - 11:16:08 ART
Hi group,
I've come across a weird situation. I was involved with a network upgrade,
which pretty consisted of implementing routing authentication, SSH, some
login enhancements (failover, success, and quiet mode etc.), and an IOS
upgrade...not a whole lot more. After doing the upgrade, I found that some
devices couldn't reach the HSRP IP address for one of the Standby groups.
Both routers running HSRP seemed to communicate with each other and
negotiation their Standby/Active relationship quite quickly without event.
However, the Standby router couldn't ping the HSRP IP address either...same
symptom on a few devices. This is a live network that I was working on and
I was quite limited on how intrusive I could go in testing, but I did notice
that "use-bia" immediately fixed the reachability issue.
I also know that this (use-bia) is an undesired feature (per the RFC) unless
using Token Ring, which I can assure you I'm not using. It seems as though
the root cause may have something to do with proxy-arp or icmp redirects,
but I just don't know at this point. I do know that "no ip proxy-arp" is
implemented on the network, which may or may not be a contributing factor.
The Active router should send out a gratuitous arp though and let everyone
know that it's using the HSRP MAC and IP.
Anyone have any ideas?
Jason
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Mon Sep 01 2008 - 08:15:29 ART