Re: HSRP Conversion

Mark Graham · ‎04-10-2013

can i do this similiar to spanning tree? i know i have to have 2 HSRP capabale devices. only reason i ask is because i had an issue yesterday morning where i had to take down our L3 switch with all of our routes.

i want to slowly convert my network(s) to HSRP and i need to know if i can setup the slave first, get it cabled up, then slowly change IP's and standby ip's on the primary?

does it matter if the trunk between the two is gig or 100 megabit? HSRP is just talking to eachother on that link right?

i'm going to be using a 3750 metro series as our primary, and i'm not sure what i'll be using as our secondary yet. we do have a 2811 that is our voice gateway, i dont know if i want to use this persae, however, what do you guys think? i'm open to suguestions.

should i put it on our core switch? our core is a 4507R with dual supervisors. or should i put in another switch or router to seperate the core switch and route?

Bilal Nawaz · ‎04-10-2013

Hello, In my view HSRP should 'live' where the SVI's live. Normally at the core/distribution level. You haven't provided information about whether the 4507R is in a pair or just stand-alone. Ideally they should be in pairs for redundancy - even though you have the redundant SUP. I think its important to first understand why the 'issue' took place and what caused it.

Once you have configured HSRP, i'm sure its active, however if the IP is being used elsewhere - you could always configure but leave the interface / SVI shut. And perhaps out of hours have a maintenance window where you can shut the interfaces with the active IP and bring the new HSRP addresses

I don't recommend laying off the HSRP on the voice gateway - that has its own purpose, to serve and host telephony services, not routing. Although it might be fully capable of doing the job.

If you dont have the pair of 4507's then the 3750 would probably make sense to pair up with the 4500. It doesnt matter if the trunk is gig or 100mb - as long as you have the correct vlans that are trunking with STP in a healthy state and correct HSRP configuration, the setup should be pretty safe.

Hope this helps

Please rate useful posts and remember to mark any solved questions as answered. Thank you.

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

Mark Graham · ‎04-10-2013

yes! it did help.

the 4507 is a standalone switch with SSO supervisors.

the issue that caused this was a late hours mistake :/ i pasted a command into the 3750 that was meant for a switch i was testing AAA tacacs commands with.

needless to say, i locked myself out and i couldnt sustain a reboot untill early morning.

right now, all my vlans with RSTP are primary roots with the 4507, secondary with the 3750. routing is not setup on the 4507, however, i can do this if needed. can i make a /30 routed interface and configure the SVI's and plan for the HSRP? or should it just be a Dot1q trunk?

Bilal Nawaz · ‎04-10-2013

Between the 4500 and the 3750, all you need is a trunk and SVI's

When you create the SVI's on the 4500, make sure you shut the SVI's down first and then configure it. So as I understand it you will have something that looks like this?

Green links are forwarding, the black are inactive / blocking, between the two the 4500 will be primary, the 3750 will be backup.

Hope this helps

Please rate useful posts and remember to mark any solved questions as answered. Thank you.

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

Mark Graham · ‎04-11-2013

actually, the distrobution switches never touch the 3750. they all get trunked off the 4500

if i bring a 3650 in to make the 3750 redundant that would work right?

so it would look like this

3750 ------------------ 3650

| |

|-------------4500------------|

|

distro switches (and making them redundtant in the future, since rapid is in place)

edit:

i dont really want the failover to be all 100 meg, which is the reason i dont really want them to be on ethernet. our 4 gbics are full on the 3750, and its just 100m switching.

plus we have limitations in terms of cable leginth for some floors.

Bilal Nawaz · ‎04-11-2013

Oh, I see. So the 3750 is doing the routing right? Yes you can do this between the 3750 and 3560. But if the 4500 is the root bridge you might want to consider STP paths.

Yes it would work:

Hope this helps

Please rate useful posts and remember to mark any solved questions as answered. Thank you.

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

Mark Graham · ‎04-11-2013

yeah, pretty much thats how it would look.

in regards to stp paths should i change any timers? i'm sure priority may come into play as well.

Bilal Nawaz · ‎04-11-2013

RSTP convergance times are pretty good, however you could tweak the timers if you wish.

On the 3560 you would increase the cost that is going towards the 4500 like this and the priority higher that the 4500 and the 3750.

Lets say this was the config on the 4500

spanning-tree vlan 1,2,3,4,5,6,7,8 priority 4096

and the 3750

spanning-tree vlan 1,2,3,4,5,6,7,8 priority 8192

3560

e.g.

spanning-tree vlan 1,2,3,4,5,6,7,8 priority 16384

!

interface gi0/1

spanning-tree cost 10

Hope this helps.

Please rate useful posts and remember to mark any solved questions as answered. Thank you.

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

Mark Graham · ‎04-11-2013

thanks!

one last question, in regards to the STP from the router trunks, anything i have to set there? i would assume not since it will not be blocking. just making sure so i can start configuring!

Bilal Nawaz · ‎04-11-2013

Hello, Not that I can think of anything more.

As long as you have the costs and priorities in order, everything should be good! Trunks will be active from

1) 3750 to 3560

2) 3750 to 4500

1) this will provide your trunks and HSRP

2) this is the primary uplink being used, since 3750 will be active HSRP makes sense and more efficient.

By the way, where I stated cost for the 3560 i meant 100 so like this:

3560

e.g.

spanning-tree vlan 1,2,3,4,5,6,7,8 priority 16384

!

interface gi0/1

spanning-tree cost 100

Reason is because of the spanning-tree port costs and to really nail it! : http://packetlife.net/blog/2008/sep/5/spanning-tree-port-costs/

As long as these are in root or forwarding states, (achievable by config similar to my previous post) then this is all that needs to be done imho.

Stage 1 can be physicals - connecting up the 3560 (leaving ports shut)

Stage 2 - Configure 3560 with trunk ports shut.

Stage 3 - Configure spanning-tree priorities on all devices (out of hours)

Stage 4 - Configure trunks and the cost on the 3560

Out of hours

Stage 5 - HSRP config on both 3750 and 3560 and bring up trunk links.

Stage 5a - make sure spanning-tree topology is as expected i.e. blocking/alternate blocking on the 3560 towards the 4500 and forwarding/root ports for everything else.

Switch#show spanning-tree brief
VLAN100
  Spanning tree enabled protocol IEEE
  ROOT ID    Priority 32768
             Address 0030.7172.66c4
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
VLAN100
  Spanning tree enabled protocol IEEE
  ROOT ID    Priority 32768
             Address 0030.7172.66c4
Port                           Designated
Name    Port ID Prio Cost Sts  Cost  Bridge ID      Port ID
------- ------- ---- ---- ---  ----  -------------- -------
Gi0/1   128.17  128  100  BLK  100    0404.0400.0001 128.17

Stage 5b - make sure HSRP is working -

'show standby brief'

3750# show standby brief

Interface   Grp     Prio P       Active addr     Standby addr    Group addr

VLAN100  100   120       10.0.0.2    100.0.0.3   100.0.0.1

or 'show standby neighbors'

Stage 6 - Test away!

Just thought I'd put an example configuration of HSRP while im here just in case it becomes useful

3750 - primary

Interface vlan 100

IP address 100.0.0.2 255.255.255.0

Standby 100 ip 100.0.0.1

Standby 100 preempt

Standby 100 priority 105

Standby 100 track Gi1/0/1 10

Switch 2

Interface vlan 100

IP address 100.0.0.3 255.255.255.0

Standby 100 ip 100.0.0.1

Standby 100 preempt

Standby 100 track Gi0/1

With the tracking commands - not really needed but its a benefit. Just incase the 3750 was to go down for any reason.

Here's how it works - you probably know already:

On switch 3750 you have hsrp with a priority of 105 which is better than switch 3560 (default priority of 100). On 3750, If the link to the router went down - we have the track command which says, if the Gi1/0/1 interface goes down, take away 10 from the priority. This becomes 95.

3560 will say, I have a better priority than you, (preempt enabled) I will become active, I have 100 whereas you have 95.

If the link was to return on 3750 then it would preempt and say, 'hey, I have a better priority now, I'll take back the active role'

Hope this helps

More info here:

http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a0080094e8c.shtml

Please rate useful posts and remember to mark any solved questions as answered. Thank you.

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

Mark Graham · ‎04-11-2013

thanks!

now i have to get a gameplan going