Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
394
Views
1
Helpful
1
Replies

Active/Standby or dual HSRP on a single ASR router

gnijs
Level 4
Level 4

‎09-04-2023 04:25 AM - edited ‎09-04-2023 04:27 AM

Hello,

We have two firewalls (configured in failover cluster) which are each connected to a single C9500 inside switch.
Both switches are interconnected (L2 trunk).

We have one ASR1001X router running 15.5(3). It has a 4x1GE portchannel to one of these two switches.

But this makes the switch a SPOF. I want to improve the redundancy in this situation (even though i only have one router).

My options are:

- can i create another Portchannel in standby mode to the other C9500 switch and use the backup interface feature.
   I have always wondered why a router can't run two interfaces in Active/Standby teaming like a server can ?

- if backup interface is not supported, can i create another portchannel and connect it to the other switch, give it another ip in the same VLAN on the same router and run HSRP between two interfaces on the same router ?
sort of:


int po40
 ip address A subnet X
 hsrp C

int po41
 ip address B subnet X
 hsrp C

- i could put the C9500 in stackwise virtual config and split the Po channel across both switches. However, i would like to avoid
that because upgrading the SWV stack would cause downtime when both switches reboot even when the Po is split and even if i would put a second router with a split Po across both switches.

 

regards,

GN

0 Helpful
1 Reply 1

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎09-04-2023 07:16 AM

Hello @gnijs ,

the following

>>

- if backup interface is not supported, can i create another portchannel and connect it to the other switch, give it another ip in the same VLAN on the same router and run HSRP between two interfaces on the same router ?
sort of:


int po40
 ip address A subnet X
 hsrp C

int po41
 ip address B subnet X
 hsrp C

this is not supported you cannot have two interfaces with overlapping IP addresses in the same VRF / GRT

What you can do is :

use IRB and makes the two port channels members of the bridge domain and move the L3 config to the BDI interface.

I am not sure that port channels are supported as members of a bridge group

The best move would be either to add another router box to be a companion device for the ASR 1000 or to find a way to get it out of topology ( it depends what it is doing  if NAT is done on firewalls and so on you can consider to move the routing to the two cat 9500)

Hope to help

Giuseppe

 

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card