For those of you who don’t know what HSRP is, here is a quick explanation (for those who do, just skip to the 2nd paragraph). HSRP is ‘Hot Standby Router Protocol’. It is a Cisco-proprietary redundancy protocol for establishing a fault-tolerant default gateway–basically, redundancy for routers.
It is crucial for all devices communicating with routers in an HSRP setup to use the HSRP’s Virtual IP (or VIP) and to make sure there is no access enabled to the physical IP of those routers/interfaces.
The problem is that when the router goes down, the physical IP goes down with it and all those devices that are configured to use this physical IP (and not the VIP) will not be able to switch over to other routers in the HSRP setup. In most cases, this happens because before you enabled HSRP, all your network devices used the physical IP of this router’s NIC. Since we’re all human, we may forget to change some of those devices to use the Virtual IP.
I wrote a signature (indeni’s Dynamic Knowledge checks: See all checks here) to check for this specific setup. indeni will automatically verify that all indeni-monitored devices are using Virtual IP. In order to do this, I used the following commands:
- “show standby” – to get the Virtual IP
- “show ip interface brief” – to get the IP of the NIC
Once we have collected all the relevant information, we go over all the devices and check whether they are using a physical IP instead of a Virtual IP. If indeni finds any physical IPs, then indeni alerts that “HSRP Virtual IP Is Not Used as Next Hop on Some Devices”, with detailed information of our findings, for example:
indeni found that 10.0.0.1 has a route “10.50.1.0/24 nexthop 192.168.1.2”; however, you have HSRP configured with the Virtual IP address 192.168.1.1.