0

I have an etherchannel (LACP) between two C3850 switches (g1/0/23 and g1/0/24 on each of the two 3850s (running IP BASE). This is PO1, trunked, allowing all VLANs between the two switches.

I have (so far) a couple VLANs. VLAN 1 (just used for various management access of cisco devices for now), VLAN 2 (a customer devices VLAN, co-located equipment), and VLAN 3 (my companies printers/desktops).

I have HSRP configured on each. on switch 1, I have VLAN 2 with an HSRP VIP of 192.168.2.1. THe first switch (active) has 192.168.2.2, the second switch has 192.168.2.3 (on INT VLAN 2). The active switch has a priority of 100, the second has a priority of 50.

I have the same for VLAN 3. 192.168.3.1 is the VIP, .2 is on the first switch (active), and .3 is on INT VLAN 3 on the standby switch.

For testing, I have two devices on the first switch (one on VLAN 1, one on VLAN 3). On the second switch, I have two devices, one on VLAN 2, one on VLAN 3.

All devices can ping their VIPs.

When I failover (by either physically disconnecting the uplink cables on g1/0/23 & 24, or doing a SHUT on INT PO1, the VIPs failover pefectly. (on all devices, I have multipel windows open doing pings of the VIPs and of the end devices.

Of course, with the uplinks broken, no device can ping any other device on the other switch (unreachable of course).

However, devices within a single switch (physically cabled and connected), while all able to ping their VLAN VIP without a problem, cannot ping each other any longer.

That is, until I either plug the cables back in, or do a NO SHUT on INT PO1 (the etherchannel).

I am stumped. From within the switch, the switch can ping their directly connected devices. THe devices connected to a switch can ping their VIP. HOwever, they can no longer reach each other. Again, to reemphisize...these devices I'm testing are all physically connected to a switch. I'm not trying to reach a switch with broken uplinks.

I am trying to figure out why routing fails after HSRP failover. Each switch knows what devices are connected to it, and can ping all it's direclty connected devices.

But the devices connected to ONE of the switches can ping the VIP, but inter-vlan routing no longer works.

It's driving me crazy. I could use some advice about what to look into after the failover. VIP failover works perfect with nary a packet loss. But devices can't reach each other that are connected to the same switch.

Each switch has a very simple routing table. VLAN 1, 2,3, 4 directly connected. a default route of 0.0.0.0 0.0.0.0 exists to route to the internet.

Any troubleshooting steps/recommendations would be much appreciated.

I had expected that after a very quick/brief interruption during a failover, that the VIP would go active on the switch and that routing (to locally connected, available routes) would continue to work.

I'm stumped.

Bubbawny
  • 21
  • 6
  • Cisco TAC working on it. After failover, the standby switch goes ACTIVE on ALL VIPS, and responds to arp requests on the VIPs. HOwever, it no longer responds to ARP requests for any other device. Waiting to hear back from Cisco. Obviously not working right. Downgraded to latest stable and still not working the way it should. VIPs failover seamlessly. But routing fails as the stanby swtich (now active) does not respond to ARP requests from any port. Just crazy. Will post more when I hear back from Cisco – Bubbawny Jul 01 '16 at 16:33
  • Such a ridiculously simple fault. my second switch (a new 3850) did not have IP routing enabled. Stupid me. – Bubbawny Jul 08 '16 at 23:23

1 Answers1

0

Enable IP ROUTING. My second switch did not have IP routing enabled. first switch was doing all the routing. IT was the active HSRP member. UPon failover, HSRP spun up the standby IPs and switched the VIPS properly. IP ROUTING wasn't working simply because it wasn't enabled on that second switch.

Stupidly easy mistake with consequences. Live and learn!

:)

Bubbawny
  • 21
  • 6