[c-nsp] 3800 - HSRP/ARP issue
David Warner
davidwarner1975 at yahoo.com.au
Thu Aug 6 03:11:54 EDT 2009
Hi All,
Just came up against a bit of a weird issue and would appreciate some advice/input. Basic environment of two 3800s <c3845-advipservicesk9-mz.124-21a.> operating HSRP and plugging into a layer 2 switch network where servers connect (there are only 2-3 servers attached to two switches at the moment). On the face of it it looks like an ARP issue but unable to confirm and we cant even clear tables til until a maintenance window is arranged but obviously need to do some research.
Base config on each 3800 is as follows:
interface GigabitEthernet0/0/0.100
encapsulation dot1Q 100
ip vrf forwarding TEST
ip address 192.168.23.13x 255.255.255.128
ip nat outside
ip virtual-reassembly
standby 3 ip 192.168.23.129
standby 3 priority xxx
standby 3 preempt
standby 3 track GigabitEthernet0/0.200
The issue were seeing is that dead IP addresses in the range is resolving to the same MAC of the HSRP active (the physical interface). Only three of these IP address are live on this VLAN (141-143 - servers are unable to see the network). Any ideas why:
a) the interface is holding ARP entries (age is zero) for a large part of this subnet when no devices with these IP are on the network?
b) CEF tables shows a (?) against the only ‘real’ server IP addresses on the network. Im assuming a dodgy ARP table will upset the CEF tables.
This issue is causing connectivity problems to the servers on this subnet. Looks buggy to me J
SydPrimary01#sh ip arp vrf TEST
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.23.250 - 0023.0470.85c3 ARPA GigabitEthernet0/0/0.100
Internet 10.220.80.33 125 0000.5e00.0165 ARPA GigabitEthernet0/0.231
Internet 10.220.80.46 - 0000.0c07.ac17 ARPA GigabitEthernet0/0.231
Internet 10.220.80..45 - 0023.0470.85c0 ARPA GigabitEthernet0/0.231
Internet 192.168.23.164 - 0023.0470.85c3 ARPA GigabitEthernet0/0/0.100
Internet 192.168.23.163 - 0023.0470.85c3 ARPA GigabitEthernet0/0/0.100
Internet 192.168.23.162 - 0023.0470.85c3 ARPA GigabitEthernet0/0/0.100
Internet 192.168.23.161 - 0023.0470..85c3 ARPA GigabitEthernet0/0/0.100
Internet 192.168.23.160 - 0023.0470.85c3 ARPA GigabitEthernet0/0/0.100
Internet 192.168.23.154 - 0023.0470.85c3 ARPA GigabitEthernet0/0/0.100
Internet 192.168.23.153 - 0023.0470.85c3 ARPA GigabitEthernet0/0/0.100
Internet 192.168.23.152 - 0023.0470.85c3 ARPA GigabitEthernet0/0/0.100
Internet 192.168.23.151 - 0023.0470.85c3 ARPA GigabitEthernet0/0/0.100
Internet 192.168..23.150 - 0023.0470.85c3 ARPA GigabitEthernet0/0/0.100
Internet 192.168.23.144 - 0023.0470.85c3 ARPA GigabitEthernet0/0/0.100
Internet 192.168.23.143 - 0023.0470.85c3 ARPA GigabitEthernet0/0/0.100
Internet 192.168.23.142 - 0023.0470.85c3 ARPA GigabitEthernet0/0/0.100
Internet 192.168.23.141 - 0023.0470.85c3 ARPA GigabitEthernet0/0/0.100
Internet 192.168.23.140 - 0023.0470.85c3 ARPA GigabitEthernet0/0/0.100
Internet 192.168.23.139 - 0023.0470.85c3 ARPA GigabitEthernet0/0/0.100
Internet 192.168.23.138 - 0023.0470.85c3 ARPA GigabitEthernet0/0/0.100
Internet 192.168.23.137 - 0023.0470.85c3 ARPA GigabitEthernet0/0/0.100
Internet 192.168.23.136 - 0023.0470.85c3 ARPA GigabitEthernet0/0/0.100
Internet 192.168.23.135 - 0023..0470.85c3 ARPA GigabitEthernet0/0/0.100
Internet 192.168.23.134 - 0023.0470.85c3 ARPA GigabitEthernet0/0/0.100
Internet 192.168.23.133 - 0023.0470.85c3 ARPA GigabitEthernet0/0/0.100
Internet 192.168.23.132 - 0023.0470.85c3 ARPA GigabitEthernet0/0/0.100
Internet 192.168.23.131 - 0023.0470.85c3 ARPA GigabitEthernet0/0/0.100
Internet 192.168.23.130 - 0023.0470.85c3 ARPA GigabitEthernet0/0/0.100
Internet 192.168.23.129 - 0000.0c07.ac17 ARPA GigabitEthernet0/0/0.100
Internet 192.168.23.128 - 0023.0470.85c3 ARPA GigabitEthernet0/0/0.100
SydPrimary01#sh int gi0/0/0 | i 0023.0470.85c3
Hardware is PM-3387, address is 0023.0470.85c3 (bia 0023.0470.85c3)
NPMDS5DAWMDAR01#sh ip cef vrf TEST
Prefix Next Hop Interface
0.0.0.0/0 10.220.80.33 GigabitEthernet0/0.231
0.0.0.0/8 drop
0.0.0.0/32 receive
10.136.191.0/24 192..168.23.150 GigabitEthernet0/0/0.100
10.220.80.32/28 attached GigabitEthernet0/0.231
10.220.80.32/32 receive
10.220.80.33/32 10.220.80.33 GigabitEthernet0/0.231
10.220.80.45/32 receive
10.220.80.46/32 receive
10.220.80.47/32 receive
10.220.194.141/32 192.168.23.141 (?) GigabitEthernet0/0/0.100
10.220.194.142/32 192.168.23.142 (?) GigabitEthernet0/0/0.100
10.220.194.143/32 192.168.23.143 (?) GigabitEthernet0/0/0.100
127.0.0..0/8 drop
192.168.23.128/25 attached GigabitEthernet0/0/0.100
192.168.23.128/32 receive
192.168.23.129/32 receive
192.168.23.130/32 receive
192.168.23.131/32 receive
192.168.23.132/32 receive
192.168.23.133/32 receive
192.168.23..134/32 receive
192.168.23.135/32 receive
192.168.23.136/32 receive
192.168.23.137/32 receive
192.168.23.138/32 receive
192.168.23.139/32 receive
192.168.23.140/32 receive
192.168.23.141/32 receive
192.168.23.142/32 receive
192.168.23.143/32 receive
192.168.23.144/32 receive
192.168.23.150/32 receive
192.168.23.151/32 receive
192.168.23.152/32 receive
192.168.23.153/32 receive
192.168..23.154/32 receive
192.168.23.160/32 receive
192.168.23.161/32 receive
192.168.23.162/32 receive
192.168.23.163/32 receive
192.168.23.164/32 receive
192.168.23.250/32 receive
192.168.23.255/32 receive
224.0.0.0/4 drop
224.0.0.0/24 receive
240.0.0.0/4 drop
255.255.255.255/32 receive
SydPrimary01#sh ip cef vrf TEST 192.168.23.141 detail
192.168.23.141/32, version 50, epoch 0, receive
Cheers, David
__________________________________________________________________________________
Find local businesses and services in your area with Yahoo!7 Local.
Get started: http://local.yahoo.com.au
More information about the cisco-nsp
mailing list