[c-nsp] HSRP & Sonicwall problem
Matt Buford
matt at overloaded.net
Wed May 3 16:21:43 EDT 2006
"RawCode" <gonnason at gmail.com> wrote:
> I am not an expert at HSRP, but I thought it used proxy arp to update the
> hosts with the new mac addess.
>
> "standby ip" syntax
> http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00801d2d21.html#wp1049563
>
> " When the *standby ip* command is enabled on an interface, the handling
> of
> proxy ARP requests is changed (unless proxy ARP was disabled). If the Hot
> Standby state of the interface is active, proxy ARP requests are answered
> using the MAC address of the Hot Standby group. If the interface is in a
> different state, proxy ARP responses are suppressed."
HSRP creates a virtual mac address that does not change during failovers, so
there is no need to update hosts during failovers. What you pasted is how
HSRP changes proxy arp behavior. For any IPs that are to be proxy arped, it
will respond with the redundant virtual mac instead of the non-redunant
physical interface MAC. As far as I know, proxy arp is not related to this
issue in any way. Also note proxy arp is disabled on his config snippit.
While I don't know what is causing this issue, I can say that I have several
hundred Sonicwalls speaking to HSRP default gateways on 6509 switches. I
have recently converted much of this from HSRP to GLBP and had no issue
either way.
The snippit says "standby 10 ip 192.168.0.2". Just to confirm, the
Sonicwall has an IP within 192.168.0.0/24 and a default gateway of
192.168.0.2, correct? I have had strange problems when attempting to put
multiple servers in multiple subnets behind the same sonicwall. The
sonicwall doesn't seem to like servers behind it using a default gateway
outside the sonicwall's own subnet (or something like that).
Newer sonicwalls let you see the arp table (wow fancy). During the broken
time, I wonder if there is no ARP for the gateway or if there is a wrong arp
for the gateway. If your sonicwall supports displaying the ARP table, this
would be worth checking.
More information about the cisco-nsp
mailing list