Re: HSRP design help: 2 6509s, 1721 & 2621 router

dmayne · ‎09-28-2004

Inventory:

2 Catalyst 6509s (SUP1A, MSFC2 & PFC) - the supervisors are interconnected and both have 16 port GBIC modules.

1 2621 Router - frame relay connection

1 1721 Router - VPN connection over highspeed internet

Connections:

The 2621 & 1721 routers will be connected to separate Cat 3500 switches. Each switch has 2 GBICs which connect back to each 6509

We would like to configure HSRP for the following scenario: The primary route outside of the internal network is to go through the 2621 router, and if that router goes down...the active route outside fails over to the 1721 router.

Can anyone assist me with this design?

pflunkert · ‎09-28-2004

Okay, you have several ways to setup this. I would configure one vlan for both routers. This vlan is on both 3550 and the 6509 also. This mean that the router are in one broadcast doamin. On the router i would configure hsrp with interface tracking. This means when the outgoing interface is going down, the 2621 sent a HSRP message to the 1721 and now this interface would be active.

Between the tow switches you should have a channel also. The root bridge is on the cat 6509 and the secondary root is on the second 6509. The MSFCs could also works as HSRP Pair. The ip address from the default gateway on the switch, is the routers hsrp address.

Regards

Peter

dmayne · ‎09-29-2004

Peter,

When you mentioned that there should be a channel between the two switches, are you referring to the Cat 3500s? To clarify, we are actually using the Catalyst 3500XL series switches, not the 3550s.

Thank you for your previous response.

Regards,

Doug

Craig Norborg · ‎09-29-2004

That shouldn't change his configuration at all for the most part. Still put all the routers into one VLAN and make sure both switches have it configured. This VLAN ideally should be separate from any other VLAN.

Note that if you are running a dynamic routing protocol on your WAN across both links, that running the HSRP on the router VLAN isn't that important, the routing protocol will establish what it believes to be the best routes using the actual interface IP addresses for each router. If you want to favor one of the links (ie: not the VPN) be sure to make adjustments in your routing protocol to favor it the way you want.

For example: if you're using EIGRP on everything and the frame-relay circuit you have is 256K, yet the VPN circuit is 512K. Be sure to do something such as increase the bandwidth statement on the frame-circuit to favor it if desired. Otherwise the routing protocol will favor whichever circuit it thinks is best (ie: the fastest in most cases).

pflunkert · ‎09-29-2004

Craig ansered corect. In your configuration it doesn't matter if you use a cat 3500xl or a cat 3550.

Regards

Peter

kyri-k · ‎10-06-2004

Another thing to bear in mind is your layer 2 topology with the preference router connection being your root bridge for that vlan.

Cheers,

Kyri.

dmayne · ‎10-07-2004

To all, thank you for your responses. We recently implemented the 2 routers by placing them in the same VLAN, applying bandwidth statements to make the frame connection the favored route and are using EIGRP between the 6509's and the routers.