|
Posted by Mr_Huang on November 12, 2007, 5:21 am
If you were Registered and logged in, you could reply and use other advanced thread options
Dear guru,
Is there a way to check if we are using the same Virtual MAC for two
HSRP group?
Will our L3Switch notice that two of the HSRP groups are using the
same MAC?
Will there be any conflict error message occurs like IP conflict?
Please advise,
SEan
|
 
| |
Posted by Trendkill on November 12, 2007, 7:15 am
If you were Registered and logged in, you could reply and use other advanced thread options
> Dear guru,
> Is there a way to check if we are using the same Virtual MAC for two
> HSRP group?
> Will our L3Switch notice that two of the HSRP groups are using the
> same MAC?
> Will there be any conflict error message occurs like IP conflict?
> Please advise,
> SEan
The only way to check is to do a show standby on the active hsrp
router and look at the two separate vlans. As you will see, the mac
addresses are the same for all hsrp addresses in the same group number
(which you specify in configuration). As for your second question,
the answer is no. First, it does not matter that two macs have two
different IP addresses provided they are on two different networks. A
mac can have multiple IPs, but an IP cannot have multiple MACs. For
this reason, the routers only map the mac to a switched virtual
interface.
As an example, when a node talks to its gateway, it goes to hsrp which
say is in standby group 1. The router then forwards it out as
necessary. But when the reply traffic comes, the router will either
need to arp for the destination IP, or look it up via its routing
table. Either way, it will find out that the host is in a particular
vlan, and forward that traffic appropriately, and doesn't need to care
at all about the hsrp address.
http://searchwarp.com/swa60080.htm
Lastly, there is no IP conflict, as no two nodes will have the same
IP, therefore no issue.
|
|
Posted by zzz on November 12, 2007, 9:32 am
If you were Registered and logged in, you could reply and use other advanced thread options
> Dear guru,
> Is there a way to check if we are using the same Virtual MAC for two
> HSRP group?
You don't even need to check. By default, the virtual MAC address depends
only on the HSRP group number, and has this format:
0000.0c07.acxx
where xx is the group number.
You can change it with the command "standby mac-address" (IIRC).
So yes, it's possible that two HSRP groups (in different L2 networks) using
the same group number use the same virtual MAC addresss.
> Will our L3Switch notice that two of the HSRP groups are using the
> same MAC?
> Will there be any conflict error message occurs like IP conflict?
Two devices can use the same MAC, as long as they are in different L2
networks. So you have no problem, since you can't have two HSRP groups
using the same group number in the same L2 network: they would be all part
of a single group (hence only one virtual MAC).
|
|
Posted by Mr_Huang on November 12, 2007, 8:23 pm
If you were Registered and logged in, you could reply and use other advanced thread options
The reason why I asked such questions are, I encountered a strange
occassionally service disconnection when the traffic/packet passing
through my firewall gateway, my connections (tcp and icmp *ping*) got
disconnected for 5 packets and it will resume automatically and my
gateway have 3 interfaces, External_net, Internet_net and DMZ, where
the Ext_net and Int_net are connecting to a HSRP group, when capturing
the packets from the gateway, it showed "TCP ACKed lost segment" or "
Topology
My_PC -> Internal_r1 (HSRP) -> Internal_r2 (HSRP) VLAN40-> Gateway ->
External_router (HSRP)
Since the routers have been set up for ages by others, just discovered
the Internal_r1 and External_router is sharing the same multicast
virtual MAC.
Guess the duplicated HSRP setting maybe one of reasons, but it seems
"not related"
|
|
Posted by Thrill5 on November 13, 2007, 12:19 am
If you were Registered and logged in, you could reply and use other advanced thread options > Thanks for both of you,that's very helpful,
>
> The reason why I asked such questions are, I encountered a strange
> occassionally service disconnection when the traffic/packet passing
> through my firewall gateway, my connections (tcp and icmp *ping*) got
> disconnected for 5 packets and it will resume automatically and my
> gateway have 3 interfaces, External_net, Internet_net and DMZ, where
> the Ext_net and Int_net are connecting to a HSRP group, when capturing
> the packets from the gateway, it showed "TCP ACKed lost segment" or "
>
> Topology
> My_PC -> Internal_r1 (HSRP) -> Internal_r2 (HSRP) VLAN40-> Gateway ->
> External_router (HSRP)
>
> Since the routers have been set up for ages by others, just discovered
> the Internal_r1 and External_router is sharing the same multicast
> virtual MAC.
>
> Guess the duplicated HSRP setting maybe one of reasons, but it seems
> "not related"
>
This is not your problem. MAC addresses are layer 2 addresses, which are
striped off when received by the firewall. The firewall software is only
seeing the IP packet which has a source and destination IP addresses, which
have nothing to do with the router. The only modification the router does
to an IP packet is to decrement the TTL field and recompute the CRC.
|
| Similar Threads | Posted | | HSRP virtual IP on a different subnet as physical interfaces | July 20, 2005, 5:55 am |
| virtual template and virtual access for ADSL circuits | April 28, 2005, 3:22 pm |
| "Virtual" IOS? | August 22, 2006, 12:08 pm |
| Virtual router. | July 4, 2005, 10:01 pm |
| virtual-dot11radio what for? | September 29, 2006, 6:41 pm |
| Floating Virtual IP | July 14, 2007, 9:52 am |
| Cisco ACS on MS Virtual Server? | February 16, 2005, 8:23 am |
| Do you want your own free virtual mall?? Come here... | February 15, 2006, 12:42 am |
| Cisco 871 : NAT virtual interface | May 16, 2006, 7:57 am |
| Cisco PIX 515: Map virtual ip to real one | September 1, 2006, 4:31 pm |
|
|
NewsGroups 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map