We have completed the upgrade of IEOC! All posts, comments and user profiles have been migrated. For security reasons, we have reset all passwords. To set a new password please Click Here. Further updates soon to follow.

Task 4.3 DMVPN Routing

Hi all,

Not sure if anyone is having this issue but I cannot ping default gateway "172.27.192.254" or any of the servers from R15 VRF server1. HSRP is setup correctly and I can see the MAC address and IP in the arp table of R15. I can also ping R19 and R20 interfaces on that shared interface but not the HSRP VIP. The VIP MAC and IP is in the arp table.

 

R20#sh run int g1.192
Building configuration...

Current configuration : 306 bytes
!

interface GigabitEthernet1.192
 encapsulation dot1Q 192
 ip address 172.27.192.20 255.255.255.0
 standby 123 ip 172.27.192.254
 standby 123 priority 150
 standby 123 preempt
 standby 123 authentication md5 key-string SERVER_VIP
 standby 123 track 1 decrement 60
 ipv6 address 2001:172:27:192::20/64

 

R20#sh standby
GigabitEthernet1.192 - Group 123
  State is Active
    5 state changes, last state change 01:53:17
  Virtual IP address is 172.27.192.254
  Active virtual MAC address is 0000.0c07.ac7b (MAC In Use)
    Local virtual MAC address is 0000.0c07.ac7b (v1 default)
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 0.800 secs
  Authentication MD5, key-string
  Preemption enabled
  Active router is local
  Standby router is 172.27.192.19, priority 100 (expires in 10.320 sec)
  Priority 150 (configured 150)
    Track object 1 state Up decrement 60
  Group name is "hsrp-Gi1.192-123" (default)

 

R15%server1#sh ip route

Routing Table: server1
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override

Gateway of last resort is 172.27.192.254 to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via 172.27.192.254, GigabitEthernet1.192
      172.27.0.0/16 is variably subnetted, 2 subnets, 2 masks
C        172.27.192.0/24 is directly connected, GigabitEthernet1.192
L        172.27.192.100/32 is directly connected, GigabitEthernet1.192
R15%server1#

 

R20#sh ip arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  172.27.182.18         104   0050.56b5.21e9  ARPA   GigabitEthernet1.182
Internet  172.27.182.20           -   0050.56b5.1481  ARPA   GigabitEthernet1.182
Internet  172.27.192.19         103   0050.56b5.12b1  ARPA   GigabitEthernet1.192
Internet  172.27.192.20           -   0050.56b5.1481  ARPA   GigabitEthernet1.192
Internet  172.27.192.100          2   0050.56b5.287e  ARPA   GigabitEthernet1.192
Internet  172.27.192.254          -   0000.0c07.ac7b  ARPA   GigabitEthernet1.192

 

R15%server1#ping 172.27.192.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.27.192.254, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
R15%server1#ping 172.27.192.19
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.27.192.19, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 ms
R15%server1#ping 172.27.192.20
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.27.192.20, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 ms
R15%server1#

 

Comments

  • Does it work if you change the HSRP to use-bia for the MAC of the active router instead of the multicast MAC?

  • That did it! Weird, should work without configuring bia. I am using CSR1000v and wonder if anyone else came across this issue. This maybe be specific to the CSR`s.

    Also to note when configured the command does not show up in configuration under interface but does show HSRP using bia.


    R20(config-subif)#standby use-bia
    R20(config-subif)#do sh stand
    R20(config-subif)#do sh stand
    GigabitEthernet1.192 - Group 123
      State is Active
        5 state changes, last state change 07:22:41
      Virtual IP address is 172.27.192.254
      Active virtual MAC address is 0050.56b5.1481 (MAC In Use)
        Local virtual MAC address is 0050.56b5.1481 (bia)

      Hello time 3 sec, hold time 10 sec
        Next hello sent in 2.768 secs
      Authentication MD5, key-string
      Preemption enabled
      Active router is local
      Standby router is 172.27.192.19, priority 100 (expires in 9.968 sec)
      Priority 150 (configured 150)
        Track object 1 state Up decrement 60
      Group name is "hsrp-Gi1.192-123" (default)

    R20(config-subif)#do sh run int g1.192
    Building configuration...

    Current configuration : 306 bytes
    !
    interface GigabitEthernet1.192
     encapsulation dot1Q 192
     ip address 172.27.192.20 255.255.255.0
     standby 123 ip 172.27.192.254
     standby 123 priority 150
     standby 123 preempt
     standby 123 authentication md5 key-string SERVER_VIP
     standby 123 track 1 decrement 60
     ipv6 address 2001:172:27:192::20/64

    Thanks for the suggestion bengood24.

  • You probably have some sort of underlying multicast issue on whatever layer 2 device is connecting your VMs. I'm not too familiar with the CSR1000v setup. I know IOU is broken when IGMP snooping is enabled. That's what led me to suggest just trying the unicast address.

  • Just to add an observation here, the "use-bia" option is strictly necessary to meet the following restriction/requirement on this task: "R19 and R20 should use their burnt-in MAC address to respond to ARP requests coming from the LAN segment." If they put the restriction there to hide a possible software issue, I really have no idea. However, without that short command, in the real exam you would lose the points for the whole task.

Sign In or Register to comment.