Re: HSRP with VLANs in Router-on-a-Stick model

jose cortes · ‎02-23-2011

Hi everybody,

Currently I'm working on the design of a customer network that has a HQ some Branches and almost the 90% of the services and servers are deployed on a Datacenter. The HQ, all the branches and the Datacenter are interconnected throuhgout an ISP MPLS WAN.

Every branch and the HQ will be segmented with VLANs to reduce the LAN broadcast. Some branches and the HQ have redundancy of routers by means of HSRP. (Se the figure below or attached file to get an approach).

My questions are:

It is possible to user HSRP with multiple VLANs and a Router-on-a-Stick model?
If the answer to the quetion 1. is "yes" ¿How could I use HSRP with different VLANs knowing that every vlan has its own Default Gateway IP address (i.e: VLAN 10 DG: 10.10.10.1 and VLAN 30 DG: 30.30.30.1)?
If the answer to the question 1. is "No" ¿How could I implement high availability or redundancy for the WAN link?

Thanks in Advance

mmirrotto · ‎02-23-2011

Your core switch is a single point of failure. You may want to reconsider.

For wan redundancy you could make trunks between the wan routers and core switch and create sub interfaces on the wan routers for each vlan using hsrp or vrrp addressing of the default gateway for each vlan.

Sent Cisco Technical Support iPhone App

jose cortes · ‎02-24-2011

Hi,

Thanks for the advice about the core switch. By now I only have this one available, but even if I have another core switch:

Should I connect the two routers to the two switches (Like full-mesh)? or
Should I connect each router with a different switch (SW1<->Router1 and SW2<->Router2)??

I have this doubt because if I user the option 2 then: I know that if my Primary Router fails, the Secondary goes up. But imagine the failure is on the Core Switch, that doesn't mean the Primary router failed, so can I assure that the Secondary Router starts to work to keep my WAN connection??

If the option is the number 1 then: I don't have free interfaces on the routers to do redundant connection to the two core switches.

Also could you send me some information about the configuration and deployment of HSRP o VRRP??

Thanks

mmirrotto · ‎02-24-2011

If you add a second switch in the core you would just do what you call option 2. That way if either your core switch or your wan router go down it will use the backup path. Your single core switch will work for now.

Here is a link that discusses HSRP configuration:

http://www.cisco.com/en/US/tech/tk648/tk362/technologies_configuration_example09186a0080094e90.shtml

What you want to consider is you will be doing subinterfaces on each of your WAN routers - IE interface fastethernet 0/0.1; interface fastethernet 0/0.2 and interface fastethernet 0/0.3 etc for each VLAN. You dont have to make the ethernet 0/0.# number match the VLAN, but I would suggest it just to make troubleshooting easier. You would put the standby commands for each VLAN that you want HSRP to run on under the subinterface. I will show you one example - lets say you want to use 10.1.1.254 as the default gateway for vlan 1 - you could do something like this:

On router A

interface ethernet 0/0.1

ip address 10.1.1.252 255.255.255.0

standby 1 preempt

standby 1 ip 10.1.1.254

standby 1 priority 210

standby 1 track serial 0/0

On router B

interface ethernet 0/0.1

ip address 10.1.1.253 255.255.255.0

standby 1 preempt

standby 1 ip 10.1.1.254

standby 1 priority 200

standby 1 track serial 0/0

And of course you would do the same for each subinterface on each router.

To verify it is working, you could just type 'show standby' on the routers.

VRRP is configured similarly to HSRP, except it doesn't use the third IP address like HSRP does.

I am assuming you have the MPLS / WAN redundancy worked out via routing protocols???

Hope this helps!! Rate it if it does

renemenalopes · ‎08-27-2013

I have installed on my core two Catalyst 4506, and would like to configuration the HSRP using a only one default gateway IP shared between all my VLANs (Subnets), this is possible?

acpattawi · ‎08-22-2015

if i may understand it, are you asking if it is possible to use one default gateway to beused by multiple vlans? well that is not possible as each vlan represents 1 network which and every network has its own default gateway which is within its network.

stamador · ‎01-13-2015

Yes, It is possible, This is the setup example in that case: Basic configuration

Setup Sub Interfaces on a Router: (do the same for each VLAN)
en
conf t
int gi 0/1
no ip address
int gi 0/1.10
encapsulation dot1q 10
ip address 192.168.10.1 255.255.255.0

HSRP Setup: (do the same for each VLAN)
int gi 0/1.10
standby 10 ip 192.168.10.10

DHCP Setup: (do the same for each VLAN)
ip dhcp pool vlan10
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1

SWITCH port configuration (TRUNK)
interface FastEthernet0/1
switchport trunk allowed vlan 1-99
switchport trunk encapsulation dot1q
switchport mode trunk.

That is just the basic setup in order to have HSRP woriking on Router on a stick set up.

All the connections between Switches and Routers will be on VLAN1 (default) the Access ports will be assigned to the correct VLANs.

willowklan1 · ‎10-15-2015

hi stamador, thank you for the answer.

I`m pretty new to IT so forgive me if my question is totally newbie...

reading your answer, I noticed you wrote on the DHCP setup:

"DHCP Setup: (do the same for each VLAN)
ip dhcp pool vlan10
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1"

but doesn`t the DHCP need to give the fake-IP address created by the HSRP (i.e. 192.168.10.10)?

isn`t the whole point to avoid the need to mess with the client`s DG configuration? if DHCP gives them the REAL physical IP address and the router fails, won`t we have to configure their new DG manually? I think the whole point of HSRP is to give a virtual-IP and the clients don`t need to know what physical interface is actually behind it...am I wrong?

can you elaborate why you made the DHCP give the "real" IP and not the standby IP?

thanx a-lot