Filter
Top Products
Configuring IP Services
Configuring the Hot Standby Router Protocol
IPC-105
Cisco IOS IP Configuration Guide
Verifying HSRP Support for MPLS VPNs
The following example shows how to use show EXEC commands to verify that the HSRP virtual IP
address is in the correct ARP and CEF tables:
Router# show ip arp vrf vrf1
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.2.0.1 - 00d0.bbd3.bc22 ARPA Ethernet0/2
Internet 10.2.0.20 - 0000.0c07.ac01 ARPA Ethernet0/2
Router# show ip cef vrf vrf1
Prefix Next Hop Interface
0.0.0.0/0 10.3.0.4 Ethernet0/3
0.0.0.0/32 receive
10.1.0.0/16 10.2.0.1 Ethernet0/2
10.2.0.0/16 attached Ethernet0/2
10.2.0.1/32 receive
10.2.0.20/32 receive
224.0.0.0/24 receive
255.255.255.255/32 receive
Enabling HSRP Support for ICMP Redirect Messages
Previously, ICMP redirect messages were automatically disabled on interfaces configured with HSRP.
ICMP is a network layer Internet protocol that provides message packets to report errors and other
information relevant to IP processing. ICMP provides many diagnostic functions and can send and
redirect error packets to the host. See the section “Enabling ICMP Redirect Messages” earlier in this
chapter for more information on ICMP redirect messages.
When running HSRP, it is important to prevent hosts from discovering the interface (or real) MAC
addresses of routers in the HSRP group. If a host is redirected by ICMP to the real MAC address of a
router, and that router later fails, then packets from the host will be lost.
With Cisco IOS Release 12.1(3)T and later, ICMP redirect messages are automatically enabled on
interfaces configured with HSRP. This functionality works by filtering outgoing ICMP redirect messages
through HSRP, where the next hop IP address may be changed to an HSRP virtual IP address.
Redirects to Active HSRP Routers
The next-hop IP address is compared to the list of active HSRP routers on that network; if a match is
found, then the real next-hop IP address is replaced with a corresponding virtual IP address and the
redirect message is allowed to continue.
If no match is found, then the ICMP redirect message is sent only if the router corresponding to the new
next hop IP address is not running HSRP. Redirects to passive HSRP routers are not allowed (a passive
HSRP router is a router running HSRP, but which contains no active HSRP groups on the interface).
For optimal operation, every router in a network that is running HSRP should contain at least one active
HSRP group on an interface to that network. Every HSRP router need not be a member of the same
group. Each HSRP router will snoop on all HSRP packets on the network to maintain a list of active
routers (virtual IP addresses versus real IP addresses).
Consider the network shown in Figure 18, which supports the HSRP ICMP redirection filter.