Simple HSRP but puzzled answer ?

Sorry, subjet should be "Simple HSRP but puzzled answer" =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

Hi, We have such configuration (focus on HSRP config. please ) between two routers:

R1: interface FastEthernet0/0.334 encapsulation dot1Q 334 ip address 10.10.10.1 255.255.255.224 ip access-group Branch in ip helper-address 10.10.11.6 ip helper-address 10.10.11.8 no ip redirects no ip proxy-arp ip ospf authentication message-digest ip ospf message-digest-key 1 md5 ip ospf cost 10 ip ospf hello-interval 2 ip ospf retransmit-interval 1 standby 34 ip 10.10.10.3 standby 34 timers 2 6 standby 34 priority 105 standby 34 preempt standby 34 authentication as2 !

R2: interface FastEthernet0/0.334 encapsulation dot1Q 334 ip address 10.10.10.2 255.255.255.224 ip access-group Branch in ip helper-address 10.10.11.6 ip helper-address 10.10.11.8 no ip redirects no ip proxy-arp ip ospf authentication message-digest ip ospf message-digest-key 1 md5 ip ospf cost 10 ip ospf hello-interval 2 ip ospf retransmit-interval 1 standby 34 ip 10.10.10.3 standby 34 timers 2 6 standby 34 preempt standby 34 authentication as2 !

1. "show ip arp" in routers, a client workstation 10.10.10.10 is shown in both routers
2. "show adj fa0/0.334" in routers, workstations traffic in both of routers' counters

Any comments ? R1 is the HSRP active for this connection ? R2 should has no traffic ?

The wise snipped-for-privacy@yahoo.com.hk enlightened me with:

Shouldn't that be different IP addresses? Or do I need a lot more coffee this morning?

Greetings

Mark

Sorry for the typo, new post is updated

1) How do you know there is traffic from R2? (Is it only ARP entry or you checked with wireshark)? 2) In which direction traffic flows - from 10.10.10.10 or towards it? a) If it's towards - you have asynchronous routing working b) If it's from 10.10.10.10 then you have bad routing on 10.10.10.10

BR, Ivan

Hi

Are you sure HSRP is working correctly?

Run "show stand brief" on each router and check whether R1 is active and "sees" R2 as standby and vice versa.

Might be the case both are active which leads to duplicate standby address. This could be a reason for seeing traffic on both sides.

You might think, why should both routers be active? Have a look at your access-list "Branch". It's an inbound access list which might block traffic from the HSRP partner.

When using inbound access list on HSRP enabled interfaces it's necessary to allow incoming traffic from the other router to HSRP multicast address 224.0.0.2.

e.g. on R1 ip access-list extended Branch permit ip host 10.10.10.2 host 224.0.0.2

This, in your case, is also for OSPF groups 224.0.0.5, 224.0.0.6

HTH,

Andre

Depending on your network topology this is probably normal. Traffic for

10.10.10.10 arriving at R2 will be sent immediately on fa0/0.334 - the router has an active interface on that LAN, after all. To do that it needs to ARP for 10.10.10.10's MAC address.

Sam

Because one router is active is not the same as the standby/inactive router doesnt route. Due to topology and asymmetically routing you will see packets in both routers, hence ARP in both routers. So what you see is normal operation.

Regards Martin