in
IEOC CCIE Forums

IEOC - INE's Online Community

Welcome to INE's Online Community - IEOC - a place for CCIE and CCENT candidates to connect, share, and learn. Our Online Community features CCIE forums and discussions for all tracks including Routing & Switching, Voice, Security, Service Provider, Wireless,, and Storage. Through these online communities you can discuss your questions with thousands of your peers, hundreds of CCIE's and INE's own team of world renowned CCIE instructors and authors, Brian Dennis - Quintuple CCIE #2210, Brian McGahan – Triple CCIE #8593, Petr Lapukhov - Quad CCIE #16379, and Mark Snow - Dual CCIE #14073.
Latest post 05-22-2015 7:10 PM by dparag. 4 replies.
Page 1 of 1 (5 items)
Sort Posts: Previous Next
  • 10-16-2014 2:32 PM

    Task 4.3 DMVPN Routing

    Hi all,

    Not sure if anyone is having this issue but I cannot ping default gateway "172.27.192.254" or any of the servers from R15 VRF server1. HSRP is setup correctly and I can see the MAC address and IP in the arp table of R15. I can also ping R19 and R20 interfaces on that shared interface but not the HSRP VIP. The VIP MAC and IP is in the arp table.

     

    R20#sh run int g1.192
    Building configuration...

    Current configuration : 306 bytes
    !

    interface GigabitEthernet1.192
     encapsulation dot1Q 192
     ip address 172.27.192.20 255.255.255.0
     standby 123 ip 172.27.192.254
     standby 123 priority 150
     standby 123 preempt
     standby 123 authentication md5 key-string SERVER_VIP
     standby 123 track 1 decrement 60
     ipv6 address 2001:172:27:192::20/64

     

    R20#sh standby
    GigabitEthernet1.192 - Group 123
      State is Active
        5 state changes, last state change 01:53:17
      Virtual IP address is 172.27.192.254
      Active virtual MAC address is 0000.0c07.ac7b (MAC In Use)
        Local virtual MAC address is 0000.0c07.ac7b (v1 default)
      Hello time 3 sec, hold time 10 sec
        Next hello sent in 0.800 secs
      Authentication MD5, key-string
      Preemption enabled
      Active router is local
      Standby router is 172.27.192.19, priority 100 (expires in 10.320 sec)
      Priority 150 (configured 150)
        Track object 1 state Up decrement 60
      Group name is "hsrp-Gi1.192-123" (default)

     

    R15%server1#sh ip route

    Routing Table: server1
    Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
           D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
           N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
           E1 - OSPF external type 1, E2 - OSPF external type 2
           i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
           ia - IS-IS inter area, * - candidate default, U - per-user static route
           o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
           a - application route
           + - replicated route, % - next hop override

    Gateway of last resort is 172.27.192.254 to network 0.0.0.0

    S*    0.0.0.0/0 [1/0] via 172.27.192.254, GigabitEthernet1.192
          172.27.0.0/16 is variably subnetted, 2 subnets, 2 masks
    C        172.27.192.0/24 is directly connected, GigabitEthernet1.192
    L        172.27.192.100/32 is directly connected, GigabitEthernet1.192
    R15%server1#

     

    R20#sh ip arp
    Protocol  Address          Age (min)  Hardware Addr   Type   Interface
    Internet  172.27.182.18         104   0050.56b5.21e9  ARPA   GigabitEthernet1.182
    Internet  172.27.182.20           -   0050.56b5.1481  ARPA   GigabitEthernet1.182
    Internet  172.27.192.19         103   0050.56b5.12b1  ARPA   GigabitEthernet1.192
    Internet  172.27.192.20           -   0050.56b5.1481  ARPA   GigabitEthernet1.192
    Internet  172.27.192.100          2   0050.56b5.287e  ARPA   GigabitEthernet1.192
    Internet  172.27.192.254          -   0000.0c07.ac7b  ARPA   GigabitEthernet1.192

     

    R15%server1#ping 172.27.192.254
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 172.27.192.254, timeout is 2 seconds:
    .....
    Success rate is 0 percent (0/5)
    R15%server1#ping 172.27.192.19
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 172.27.192.19, timeout is 2 seconds:
    .!!!!
    Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 ms
    R15%server1#ping 172.27.192.20
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 172.27.192.20, timeout is 2 seconds:
    .!!!!
    Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 ms
    R15%server1#

     

    • Post Points: 20
  • 10-16-2014 4:57 PM In reply to

    Re: Task 4.3 DMVPN Routing

    Does it work if you change the HSRP to use-bia for the MAC of the active router instead of the multicast MAC?

    CCIE #45404 (R/S)

    • Post Points: 20
  • 10-16-2014 8:10 PM In reply to

    Re: Task 4.3 DMVPN Routing

    That did it! Weird, should work without configuring bia. I am using CSR1000v and wonder if anyone else came across this issue. This maybe be specific to the CSR`s.

    Also to note when configured the command does not show up in configuration under interface but does show HSRP using bia.


    R20(config-subif)#standby use-bia
    R20(config-subif)#do sh stand
    R20(config-subif)#do sh stand
    GigabitEthernet1.192 - Group 123
      State is Active
        5 state changes, last state change 07:22:41
      Virtual IP address is 172.27.192.254
      Active virtual MAC address is 0050.56b5.1481 (MAC In Use)
        Local virtual MAC address is 0050.56b5.1481 (bia)

      Hello time 3 sec, hold time 10 sec
        Next hello sent in 2.768 secs
      Authentication MD5, key-string
      Preemption enabled
      Active router is local
      Standby router is 172.27.192.19, priority 100 (expires in 9.968 sec)
      Priority 150 (configured 150)
        Track object 1 state Up decrement 60
      Group name is "hsrp-Gi1.192-123" (default)

    R20(config-subif)#do sh run int g1.192
    Building configuration...

    Current configuration : 306 bytes
    !
    interface GigabitEthernet1.192
     encapsulation dot1Q 192
     ip address 172.27.192.20 255.255.255.0
     standby 123 ip 172.27.192.254
     standby 123 priority 150
     standby 123 preempt
     standby 123 authentication md5 key-string SERVER_VIP
     standby 123 track 1 decrement 60
     ipv6 address 2001:172:27:192::20/64

    Thanks for the suggestion bengood24.

    • Post Points: 20
  • 10-17-2014 9:11 AM In reply to

    Re: Task 4.3 DMVPN Routing

    You probably have some sort of underlying multicast issue on whatever layer 2 device is connecting your VMs. I'm not too familiar with the CSR1000v setup. I know IOU is broken when IGMP snooping is enabled. That's what led me to suggest just trying the unicast address.

    CCIE #45404 (R/S)

    • Post Points: 20
  • 05-22-2015 7:10 PM In reply to

    Re: Task 4.3 DMVPN Routing

    Just to add an observation here, the "use-bia" option is strictly necessary to meet the following restriction/requirement on this task: "R19 and R20 should use their burnt-in MAC address to respond to ARP requests coming from the LAN segment." If they put the restriction there to hide a possible software issue, I really have no idea. However, without that short command, in the real exam you would lose the points for the whole task.

    • Post Points: 5
Page 1 of 1 (5 items)
IEOC CCIE Forums Internetwork Expert CCIE Training
About IEOC | Terms of Use | RSS | Privacy Policy
© 2010 Internetwork Expert, Inc. All Rights Reserved