HSRP Sim

You have been asked by your customer to help resolve issues in their routed network. Their network engineer has deployed HSRP. On closer inspection HSRP doesn’t appear to be operating properly and it appears there are other network problems as well. You are to provide solutions to all the network problems.

Question 1

You have received notification from network monitoring system that link between R1 and R5 is down and you noticed that the active router for HSRP group 1 has not failed over to the standby router for group 1. You are required to troubleshoot and identify the issue.

A. There is an HSRP group track command misconfiguration
B. There is an HSRP group priority misconfiguration
C. There is an HSRP authentication misconfiguration
D. There is an HSRP group number mismatch
E. This is not an HSRP issue; this is routing issue.

Answer: A

Explanation

Check the configuration of R1 with the “show running-config” command:

R1 connects to R5 via E0/1 interface but R1 is tracking E0/0 which connects to R2 -> when the link between R1 & R5 fails the HSRP priority of R1 is still the same. To correct this problem we have to change the tracking interface to E0/1.

Question 2

The following debug messages are noticed for HSRP group 2. But still neither R1 nor R2 has identified one of them as standby router. Identify the reason causing the issue.
Note: only show commands can be used to troubleshoot the ticket.

R1# ‘Mar 26 11:17:39.234: HSRP: Et1/0 Grp 2 Hello out 172.16.20.2 Active pri 100 vIP 172.16.20.254 ‘Mar 26 11:17:40.034: HSRP: Et0/0 Grp 1 Hello out 172.16.10.2 Active prj 130 vIP 172.16.10.254 R1# ‘Mar 26 11:17:40.364: HSRP: Et0/0 Grp 1 Hello in 172.16.10.1 Standby pri 100 vIP 172.16.10.254 R1# ‘Mar 26 11:17:41.969: HSRP: Et1/0 Grp 2 Hello out 172.16.20.2 Active pri 100 vIP 172.16.20.254 ‘Mar 26 11:17:42.719: HSRP: Et0/0 Grp 1 Hello out 172.16.10.2 Active pri 130 vIP 172.16.10.254 ‘Mar 26 11:17:42.918: HSRP: Et0/0 Grp 1 Hello in 172.16.10.1 Standby pri 100 vIP 172.16.10.254 R1# ‘Mar 26 11:17:44.869: HSRP: Et1/0 Grp 2 Hello out 172.16.20.2 Active pri 100 vIP 172.16.20.254 ‘Mar 26 11:17:45.485: HSRP: Et0/0 Grp 1 Hello out 172.16.10.2 Active pri 130 vIP 172.16.10.254 ‘Mar 26 11:17:45.718: HSRP: Et0/0 Grp 1 Hello in 172.16.10.1 Standby pri 100 vIP 172.16.10.254 R1# ‘Mar 26 11:17:47.439: HSRP: Et1/0 Grp 2 Hello out 172.16.20.2 Active pri 100 vIP 172.16.20.254 ‘Mar 26 11:17:48.252: HSRP: Et0/0 Grp 1 Hello in 172.16.10.1 Standby pri 100 vIP 172.16.10.254 ‘Mar 26 11:17:48.322: HSRP: Et0/0 Grp 1 Hello out 172.16.10.2 Active pri 130 vIP 172.16.10.254 R1# ‘Mar 26 11:17:50.389: HSRP: Et1/0 Grp 2 Hello out 172.16.20.2 Active pri 100 vIP 172.16.20.254 ‘Mar 26 11:17:50.735: HSRP: Et0/0 Grp 1 Hello in 172.16.10.1 Standby pri 100 vIP 172.16.10.254 ‘Mar 26 11:17:50.921: HSRP: Et0/0 Grp 1 Hello out 172.16.10.2 Active pri 130 vIP 172.16.10.254 R1# ‘Mar 26 11:17:53.089: HSRP: Et1/0 Grp2 Hello out 172.16.20.2 Active pri 100 vIP 172.16.20.254 ‘Mar 26 11:17:53.338: HSRP: Et0/0 Grp 1 Hello out 172.16.10.2 Active pri 130 vIP 172.16.10.254 ‘Mar 26 11:17:53.633: HSRP: Et0/0 Grp 1 Hello in 172.16.10.1 Standby pri 100 vIP 172.16.10.254

A. HSRP group priority misconfiguration
B. There is an HSRP authentication misconfiguration
C. There is an HSRP group number mismatch
D. This is not an HSRP issue: this is DHCP issue.
E. The ACL applied to interface is blocking HSRP hello packet exchange

Answer: E

Explanation

Check the link between R1 & R2 where HSRP group 2 is running (interface E1/0)

As we see R1 is using access-list 102 to filter traffic coming to interface E1/0 (inbound direction). Continue checking the access-list 102 of R1:

R1 is blocking any traffic send to 224.0.0.102. Notice that in the syntax of an access-list, the source address is always defined before the destination address. “224.0.0.102” is the muticast address which HSRP version 2 uses to send Hello packets to (instead of 224.0.0.2 of HSRP version 1). Therefore all HSRP sent from neighbor (R2 in this case) to R1 is dropped. R1 keeps sending HSRP Hello packets and think it is the active HSRP router.

Question 3

Examine the configuration on R4. The routing table shows no entries for 172.16.10.0/24 and 172.16.20.0/24. Identify which of the following is the issue preventing route entries being installed on R4 routing table?

A. HSRP issue between R4 and R2
B. This is an OSPF issue between R4 and R2
C. This is a DHCP issue between R4 and R2
D. The distribute-list configured on R4 is blocking route entries
E. The ACL configured on R4 is blocking inbound traffic on the interface connected to R2

Answer: D

Explanation

Checking what is preventing the two networks 172.16.10.0/24 & 172.16.20.0/24 from learning on R4.

There is a distribute-list applied on R4. Notice that a distribute-list is often used to control which routing updates should be sent or received on a router. So we should check what this distribute-list is used for. This distribute-list is based on access-list 1 so we will continue checking this access-list:

This access-list explicitly blocks the two networks 172.16.10.0/24 & 172.16.20.0/24 from populating into R4 routing table.

Question 4

Examine the configuration on R5. Router R5 do not see any route entries learned from R4; what could be the issue?

A. HSRP issue between R5 and R4
B. There is an OSPF issue between R5 and R4
C. There is a DHCP issue between R5 and R4
D. The distribute-list configured on R5 is blocking route entries
E. The ACL configured on R5 is blocking traffic for the subnets advertised from R4.

Answer: B or D

Explanation

We don’t have enough information to solve this question. But check the OSPF neighbor between R4 and R5 via the command “show ip ospf neighbors” we will not see any entries so we can conclude there is a OSPF issue between R5 & R4 or a distribute-list configured on R5 is blocking the multicast address of OSPF (224.0.0.5 & 224.0.0.6) so you should check the configs of R4 & R5 carefully.