6 Common Errors Engineers See Using HSRP
by Darin Knobbe, on May 1, 2020 10:30:00 AM
This article covers common issues network engineers face with HSRP and ways to troubleshoot those problems. Hot Standby Router Protocol (HSRP) is a Cisco proprietary protocol, which provides redundancy for a local subnet. In HSRP, two or more routers give an illusion of a single virtual router. This allows you to configure two or more routers as standby routers and only a single router as the active router.
Your network traffic can be tremendous. Having a backup router already in your system makes the transition smooth, keeping your network up and running. The active router is responsible for forwarding traffic. If it fails, the standby router takes up all the responsibilities of the active router continuing traffic forwarding. Though, most HSRP-related problems are not true HSRP issues. Instead, they are network problems that affect the behavior of HSRP.
In regards to the diagram above, we have designed the network according to an HSRP environment. If one Nexus goes down, then the other will be up and running taking on all responsibilities of the down router. We have designed this network for Cisco Nexus vPC troubleshooting (PivIT-website) focusing on HSRP troubleshooting. Today, we will discuss the troubleshooting cases most common to network engineers so that you can resolve the issues in a timely matter within your production networks.
Troubleshoot HSRP in 6 Practical Case Studies
- Standby SUPADDR Error
- Active Change State Error
- If HSRP Does NOT Recognize the Peer
- HSRP State Changes
- RTD-1-ADDR_FLAP in Syslog
- MLS-4-MOVEOVERFLOW: Too many moves
HSRP Error 1: Standby SUPADDR Error
This first error is a misleading message as it does not indicate a direct HSRP problem. The Standby SUPADDR error message indicates a Spanning Tree Protocol loop or possibly a router and switch configuration issue. Where this doesn’t directly relate to an HSRP error, this message shows the triggering of another problem. A few of those common problems are as follows:
- Momentary STP loops
- Ether-Channel configuration issues
- Duplicated frames
HSRP Error 2: Active Change State Error
The Active Change State Error is the most common error network engineers run into when troubleshooting HSRP systems. The messages show a situation in which a standby HSRP router/switch is not receiving three successive HSRP hello packets from its HSRP peer.
The error shows that the standby switch moves from the Standby state to the Active state. Presently, the switch comes back to the standby state except if this blunder message happens during the underlying establishment. In this case, an HSRP issue most likely doesn't cause the error message.
The error messages imply the loss of HSRP between the peer links. Whenever we are investigating this issue, first we should check the communication between the HSRP peers through ping command. In order to increase the Selective Packet Discard (SPD) size, go to the configuration mode and execute these commands. This example shows the commands on the Cat6500 switches:
PivIT-Switch (Config)# IP spd queue max-threshold 600
PivIT-Switch (Config)# IP spd queue min-threshold 500
HSRP Error 3: If HSRP Does NOT Recognize the Peer
If the switch is configured for HSRP but does not recognize its HSRP peers, the switch fails to receive HSRP hellos from the neighbor switch. When you troubleshoot this issue, perform the following steps:
- Check HSRP Verify Physical Layer Connectivity (You can check PivIT website article
- Check HSRP configurations
- Check for the mismatched VTP modes.
HSRP Error 4: HSRP State Changes
In software version 5.5.2 and later for the Catalyst 4500/4000, 2948G, and Cisco Nexus series, reports host a MAC address that moves. If the host MAC address moves twice within 15 seconds, the reasoning is the STP loop in your network.
The switch discards packets from this host for about 15 seconds in an effort to minimize the impact of an STP loop. If you observed the MAC address move between two different ports due to the HSRP virtual MAC address, the problem is the issue in which both HSRP switches go into the active state. When you troubleshoot this error message, complete the following steps:
- Find the correct source (port) of the MAC address in which the error message reports.
- Disconnect the port that must not source the host MAC address and check for HSRP stability.
- Note down and check the STP topology on each VLAN and check for STP failure.
- Verify the port-channel configuration.
HSRP Error 5: RTD-1-ADDR_FLAP in Syslog
If you observed this error in your production network, resolve this issue in a timely manner as many engineers have experienced the network outage error.
These error messages signify that a MAC address moves consistently between different ports. If you are using port-channel, then it could be moving between different port-channels. These error messages are only applicable on the Catalyst 2900XL, 3500XL and Cisco Nexus switches. The messages can indicate that two or more HSRP switches have become active. The messages can indicate the source of an STP loop, duplicated frames, or reflected packets.
In order to gather more information about the error messages, issue this debug command:
PivIT-switch# debug ethernet-controller address
Ethernet Controller Addresses debugging is on l
HSRP Error 6: MLS-4-MOVEOVERFLOW: Too Many Moves
These messages indicate that the switch learns the same MAC address on two different ports. This message is only reported on Catalyst 5500/5000 switches. Issue these commands in order to gather additional information about the problem:
Note The commands that this section mentions are not documented. You must enter them completely. The show MLS notification command provides a table address (TA) value. The show look table TA-value command returns a possible MAC address that you can trace to the root of the problem.
Switch (enable) show mls notification
1: (0004e8e6-000202ce) Noti Chg TA e8e6 OI 2ce (12/15) V 1
!--- This is the mod/port and VLAN. The MAC address is !--- seen on this module 12, port 15 in VLAN 1.
2: (0004e8e6-000202cd) Noti Chg TA e8e6 OI 2cd (12/14) V 1
!--- This is the mod/port and VLAN. The next is seen on !--- module 12, port 14 in VLAN 1.
Write down the four-digit/letter combination that appears after Chg TA in this command output. In the example above you’ll see it as e8e6. The
show looktable command gives the MAC address that causes the MLS TOO MANY MOVES error message:
150S_CR(S2)> (enable) show looktable e8e6
Table address: 0xe8e6, Hash: 0x1d1c, Page: 6
Entry Data[3-0]: 0x000002cd 0x00800108 0x0008c790 0x215d0005, Entry Map 
Router-Xtag QOS SwGrp3 Port-Index
0 0 0x0 0x2cd
Fab AgeByte C-Mask L-Mask Static SwSc HwSc EnSc AL Trap R-Mac
0 0x01 0x0000 0x0000 0 0 0 0 0 0 0 MacAge Pri-In Modify Notify IPX-Sw IPX-Hw IPX-En Valid SwGrp2 Parity2 0 0 1 0 0 0 0 1 0x0 0
Entry-Mac-Address FID SwGrp1 Parity1
00-08-c7-90-21-5d 1 0x0 1
HSRP Show Commands
Show HSRP, Show HSRP Interface, Show HSRP brief, Show HSRP all.
Leave a comment, question, or concern below, or get in touch with a PivIT Global Representative here. We created the Tech Corner to connect with you on HSRP errors, product discussions, configurations, product comparisons, and provide you with information about the industry! Subscribe to the Tech Corner today!