HSRP help

imunoze00 · ‎10-22-2012

I'm trying to configure a couple of routers for HSRP functionality and this is all new to me. I has the chance to look at a config for the other router on the HRSP "cluster" or however you wanto to call it. I'm not entirely sure that the config is ok so any help will be much appreciated. Will post configs and diagram

This is the config for the main HSRP router (most left blue router):

class-map match-any DATOS-P2

match access-group name CLASE2

class-map match-any DATOS-P3

match access-group name CLASE3

class-map match-any DATOS-P4

match access-group name CLASE4

class-map match-any Precedencia3

match ip precedence 3

class-map match-all Precedencia2

match ip precedence 2

!

policy-map LAN

class DATOS-P3

set ip precedence 3

class DATOS-P2

set ip precedence 2

class class-default

set ip precedence 1

policy-map WAN

class Precedencia3

priority percent 25

police cir 7500000 bc 125000 be 125000

conform-action transmit

exceed-action drop

class Precedencia2

bandwidth percent 20

queue-limit 4096

police cir 6000000 bc 500000 be 500000

conform-action transmit

exceed-action transmit

class DATOS-P4

police cir 16500000 bc 1250000 be 1250000

conform-action transmit

exceed-action drop

class class-default

fair-queue

queue-limit 4096

!

interface Tunnel0

description INTERFACE PARA DETECTAR LA CAIDA DEL L2L

ip address 170.100.100.1 255.255.255.252

keepalive 3 2

tunnel source GigabitEthernet0/1

tunnel destination 192.168.112.2

!

interface GigabitEthernet0/0

description CONEXION A LA WAN-ROUTER DF INFONAVIT Fe0/0

bandwidth 30000

ip address 201.161.31.249 255.255.255.252 secondary

ip address 10.0.0.1 255.255.255.252

ip accounting output-packets

load-interval 30

duplex full

speed 100

no cdp enable

max-reserved-bandwidth 100

service-policy output WAN

!

interface GigabitEthernet0/1

description CONEXION A LA LAN MUNOZ LEON SWITCH CATALYST 3750 PTO 1

ip address 201.161.31.254 255.255.255.252 secondary

ip address 172.31.47.252 255.255.255.0

no ip proxy-arp

duplex full

speed 100

no cdp enable

standby 1 ip 172.31.47.254

standby 1 timers 5 10

standby 1 priority 105

standby 1 preempt delay minimum 5

standby 1 track Tunnel0

service-policy input LAN

!

ip classless

ip route 0.0.0.0 0.0.0.0 172.31.47.253 name MONITOREO-EQUIPOS-MAXCOM

ip route 10.90.0.0 255.255.255.0 10.0.0.2 name RED-INFONAVIT-10

ip route 10.90.1.0 255.255.255.0 10.0.0.2 name RED-INFONAVIT-1

ip route 10.90.8.0 255.255.255.0 10.0.0.2 name RED-INFONAVIT-2

ip route 10.90.124.0 255.255.255.0 10.0.0.2 name RED-INFONAVIT-9

ip route 10.100.1.0 255.255.255.0 10.0.0.2 name RED-INFONAVIT-3

ip route 10.100.4.0 255.255.255.0 10.0.0.2 name RED-INFONAVIT-4

ip route 172.17.0.0 255.255.0.0 10.0.0.2 name RED-INFONAVIT-5

ip route 172.17.6.242 255.255.255.255 172.31.47.253 name EQUIPO-PRUEBAS

ip route 192.168.107.0 255.255.255.0 10.0.0.2 name RED-INFONAVIT-6

ip route 192.168.108.0 255.255.255.0 10.0.0.2 name RED-INFONAVIT-7

ip route 192.168.112.0 255.255.255.252 10.0.0.2 name RED-INFONAVIT-8

ip route 201.161.6.40 255.255.255.255 201.161.31.253 name MONITOREO-ENLACEMAX-30

MBPS

!

no ip http server

!

ip access-list extended CLASE2

permit ip 172.31.47.0 0.0.0.255 host 192.168.112.2

permit ip 172.31.47.0 0.0.0.255 host 10.90.1.37

permit ip 172.31.47.0 0.0.0.255 host 10.90.1.38

permit ip 172.31.47.0 0.0.0.255 host 10.90.1.39

permit ip 172.31.47.0 0.0.0.255 host 10.90.1.168

permit ip 172.31.47.0 0.0.0.255 host 10.90.1.141

permit ip 172.31.47.0 0.0.0.255 host 10.90.1.20

permit ip 172.31.47.0 0.0.0.255 host 10.90.1.187

permit ip 172.31.47.0 0.0.0.255 host 10.90.0.200

permit ip 172.31.47.0 0.0.0.255 host 10.90.0.115

permit ip 172.31.47.0 0.0.0.255 host 10.90.0.107

permit ip 172.31.47.0 0.0.0.255 host 10.90.0.130

permit ip 172.31.47.0 0.0.0.255 host 10.100.4.83

permit ip 172.31.47.0 0.0.0.255 host 172.17.5.28

permit ip 172.31.47.0 0.0.0.255 host 10.100.4.130

permit ip 172.31.47.0 0.0.0.255 host 10.100.4.131

permit ip 172.31.47.0 0.0.0.255 192.168.107.0 0.0.0.255

permit ip 172.31.47.0 0.0.0.255 192.168.108.0 0.0.0.255

permit ip 172.31.47.0 0.0.0.255 host 10.90.0.85

permit ip host 172.16.4.100 any

ip access-list extended CLASE3

permit tcp any any eq 1720

permit udp any any range 16384 32767

ip access-list extended CLASE4

permit ip 172.31.47.0 0.0.0.255 host 10.100.4.132

!

This is the config for grayed out router on the left:

hidekeys

!

class-map match-any DATOS-P2

match access-group name CLASE2

class-map match-any DATOS-P3

match access-group name CLASE3

class-map match-any DATOS-P4

match access-group name CLASE4

class-map match-any Precedencia3

match ip precedence 3

class-map match-all Precedencia2

match ip precedence 2

!

policy-map LAN

class DATOS-P3

set ip precedence 3

class DATOS-P2

set ip precedence 2

class class-default

set ip precedence 1

policy-map WAN

class Precedencia3

priority percent 25

police cir 7500000 bc 125000 be 125000

conform-action transmit

exceed-action drop

class Precedencia2

bandwidth percent 20

queue-limit 4096 packets

police cir 6000000 bc 500000 be 500000

conform-action transmit

exceed-action transmit

class DATOS-P4

police cir 16500000 bc 1250000 be 1250000

conform-action transmit

exceed-action drop

class class-default

fair-queue

queue-limit 4096 packets

!

interface Tunnel0

description INTERFACE PARA DETECTAR LA CAIDA DEL L2L

ip address 170.100.101.1 255.255.255.252

keepalive 3 2

tunnel source FastEthernet0/1

tunnel destination 192.168.114.2

!

interface FastEthernet0/0

description // WAN INFONAVIT //

ip address 10.1.1.1 255.255.255.252

duplex auto

speed auto

service-policy output WAN

!

interface FastEthernet0/1

description // LAN INTERFACE //

ip address 172.31.47.251 255.255.255.0

duplex auto

speed auto

standby 1 ip 172.31.47.254

standby 1 timers 5 10

standby 1 priority 90

standby 1 preempt delay minimum 5

standby 1 track Tunnel0

service-policy input LAN

!

interface Serial0/0/0

no ip address

shutdown

clock rate 2000000

!

no ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 172.31.47.253

ip route 10.90.0.0 255.255.255.0 10.1.1.2 name RED-INFONAVIT-10

ip route 10.90.1.0 255.255.255.0 10.1.1.2 name RED-INFONAVIT-1

ip route 10.90.8.0 255.255.255.0 10.1.1.2 name RED-INFONAVIT-2

ip route 10.90.124.0 255.255.255.0 10.1.1.2 name RED-INFONAVIT-9

ip route 10.100.1.0 255.255.255.0 10.1.1.2 name RED-INFONAVIT-3

ip route 10.100.4.0 255.255.255.0 10.1.1.2 name RED-INFONAVIT-4

ip route 172.17.0.0 255.255.0.0 10.1.1.2 name RED-INFONAVIT-5

ip route 172.17.6.242 255.255.255.255 172.31.47.253 name EQUIPO-PRUEBAS

ip route 192.168.107.0 255.255.255.0 10.1.1.2 name RED-INFONAVIT-6

ip route 192.168.108.0 255.255.255.0 10.1.1.2 name RED-INFONAVIT-7

ip route 192.168.112.0 255.255.255.252 10.1.1.2 name RED-INFONAVIT-8

!

no ip http server

!

ip access-list extended CLASE2

permit ip 172.31.47.0 0.0.0.255 host 192.168.114.2

permit ip 172.31.47.0 0.0.0.255 host 10.90.1.37

permit ip 172.31.47.0 0.0.0.255 host 10.90.1.38

permit ip 172.31.47.0 0.0.0.255 host 10.90.1.39

permit ip 172.31.47.0 0.0.0.255 host 10.90.1.168

permit ip 172.31.47.0 0.0.0.255 host 10.90.1.141

permit ip 172.31.47.0 0.0.0.255 host 10.90.1.20

permit ip 172.31.47.0 0.0.0.255 host 10.90.1.187

permit ip 172.31.47.0 0.0.0.255 host 10.90.0.200

permit ip 172.31.47.0 0.0.0.255 host 10.90.0.115

permit ip 172.31.47.0 0.0.0.255 host 10.90.0.107

permit ip 172.31.47.0 0.0.0.255 host 10.90.0.130

permit ip 172.31.47.0 0.0.0.255 host 10.100.4.83

permit ip 172.31.47.0 0.0.0.255 host 172.17.5.28

permit ip 172.31.47.0 0.0.0.255 host 10.100.4.130

permit ip 172.31.47.0 0.0.0.255 host 10.100.4.131

permit ip 172.31.47.0 0.0.0.255 192.168.107.0 0.0.0.255

permit ip 172.31.47.0 0.0.0.255 192.168.108.0 0.0.0.255

permit ip 172.31.47.0 0.0.0.255 host 10.90.0.85

permit ip host 172.16.4.100 any

ip access-list extended CLASE3

permit tcp any any eq 1720

permit udp any any range 16384 32767

ip access-list extended CLASE4

permit ip 172.31.47.0 0.0.0.255 host 10.100.4.132

!

This is the config for grayed out router on the right:

ip subnet-zero

no ip routing

no ip cef

!

no ftp-server write-enable

!

controller E1 0/1

!

class-map match-any DATOS-P2

match access-group name CLASE2

class-map match-any DATOS-P3

match access-group name CLASE3

class-map match-any Precedencia3

match ip precedence 3

class-map match-all Precedencia2

match ip precedence 2

!

policy-map LAN

class DATOS-P3

set ip precedence 3

class DATOS-P2

set ip precedence 2

class class-default

set ip precedence 1

policy-map WAN

class Precedencia3

priority percent 25

police cir 7500000 bc 125000 be 125000

conform-action transmit

exceed-action drop

class Precedencia2

police cir 18000000 bc 500000 be 500000

conform-action transmit

exceed-action set-prec-transmit 1

bandwidth percent 50

queue-limit 96

class class-default

fair-queue

queue-limit 4096

!

interface Tunnel0

description INTERFACE PARA DETECTAR LA CAIDA DEL L2L

ip address 170.100.101.2 255.255.255.252

keepalive 3 2

tunnel source FastEthernet0/1

tunnel destination 172.31.47.251

!

interface FastEthernet0/0

description // WAN INTERFACE //

ip address 10.1.1.2 255.255.255.252

service-policy output WAN

no ip route-cache

duplex auto

speed auto

no mop enabled

!

interface Serial0/0

no ip address

no ip route-cache

shutdown

!

interface FastEthernet0/1

description // LAN INTERFACE //

ip address 192.168.114.2 255.255.255.252

service-policy input LAN

no ip route-cache

duplex auto

speed auto

!

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.114.1

ip route 10.90.0.0 255.255.255.0 192.168.114.1 name RED-INFONAVIT-9

ip route 10.90.1.0 255.255.255.0 192.168.114.1 name RED-INFONAVIT-1

ip route 10.90.8.0 255.255.255.0 192.168.114.1 name RED-INFONAVIT-2

ip route 10.90.124.0 255.255.255.0 192.168.114.1 name RED-INFONAVIT-8

ip route 10.100.1.0 255.255.255.0 192.168.114.1 name RED-INFONAVIT-3

ip route 10.100.4.0 255.255.255.0 192.168.114.1 name RED-INFONAVIT-4

ip route 172.16.4.31 255.255.255.255 10.0.0.1 name RED-MUNOZ-4

ip route 172.16.4.100 255.255.255.255 10.0.0.1 name RED-MUNOZ-3

ip route 172.17.0.0 255.255.0.0 192.168.114.1 name RED-INFONAVIT-5

ip route 172.17.6.242 255.255.255.255 10.0.0.1 name EQUIPO-PRUEBAS-MUNOZ

ip route 172.31.47.0 255.255.255.0 10.0.0.1 name RED-MUNOZ-1

ip route 172.31.48.0 255.255.255.0 10.0.0.1 name RED_KAPPA_DRP

ip route 192.168.107.0 255.255.255.0 192.168.114.1 name RED-INFONAVIT-6

ip route 192.168.108.0 255.255.255.0 192.168.114.1 name RED-INFONAVIT-7

no ip http server

!

ip access-list extended CLASE2

permit ip host 192.168.114.2 172.31.47.0 0.0.0.255

permit ip host 10.90.1.37 172.31.47.0 0.0.0.255

permit ip host 10.90.1.38 172.31.47.0 0.0.0.255

permit ip host 10.90.1.39 172.31.47.0 0.0.0.255

permit ip host 10.90.1.168 172.31.47.0 0.0.0.255

permit ip host 10.90.1.141 172.31.47.0 0.0.0.255

permit ip host 10.90.1.20 172.31.47.0 0.0.0.255

permit ip host 10.90.1.187 172.31.47.0 0.0.0.255

permit ip host 10.90.0.200 172.31.47.0 0.0.0.255

permit ip host 10.90.0.115 172.31.47.0 0.0.0.255

permit ip host 10.90.0.107 172.31.47.0 0.0.0.255

permit ip host 10.90.0.130 172.31.47.0 0.0.0.255

permit ip host 10.100.4.83 172.31.47.0 0.0.0.255

permit ip host 172.17.5.28 172.31.47.0 0.0.0.255

permit ip host 10.100.4.130 172.31.47.0 0.0.0.255

permit ip host 10.100.4.131 172.31.47.0 0.0.0.255

permit ip host 10.100.4.132 172.31.47.0 0.0.0.255

permit ip 192.168.107.0 0.0.0.255 172.31.47.0 0.0.0.255

permit ip 192.168.108.0 0.0.0.255 172.31.47.0 0.0.0.255

permit ip host 10.90.0.85 172.31.47.0 0.0.0.255

permit ip host 192.168.114.2 172.31.48.0 0.0.0.255

permit ip host 10.90.1.37 172.31.48.0 0.0.0.255

permit ip host 10.90.1.38 172.31.48.0 0.0.0.255

permit ip host 10.90.1.39 172.31.48.0 0.0.0.255

permit ip host 10.90.1.168 172.31.48.0 0.0.0.255

permit ip host 10.90.1.141 172.31.48.0 0.0.0.255

permit ip host 10.90.1.20 172.31.48.0 0.0.0.255

permit ip host 10.90.1.187 172.31.48.0 0.0.0.255

permit ip host 10.90.0.200 172.31.48.0 0.0.0.255

permit ip host 10.90.0.115 172.31.48.0 0.0.0.255

permit ip host 10.90.0.107 172.31.48.0 0.0.0.255

permit ip host 10.90.0.130 172.31.48.0 0.0.0.255

permit ip host 10.100.4.83 172.31.48.0 0.0.0.255

permit ip host 172.17.5.28 172.31.48.0 0.0.0.255

permit ip host 10.100.4.130 172.31.48.0 0.0.0.255

permit ip host 10.100.4.131 172.31.48.0 0.0.0.255

permit ip host 10.100.4.132 172.31.48.0 0.0.0.255

permit ip 192.168.107.0 0.0.0.255 172.31.48.0 0.0.0.255

permit ip 192.168.108.0 0.0.0.255 172.31.48.0 0.0.0.255

permit ip host 10.90.0.85 172.31.48.0 0.0.0.255

ip access-list extended CLASE3

permit tcp any any eq 1720

permit udp any any range 16384 32767

Javier Portuguez · ‎10-22-2012

Hi,

This is basically what you need to join an HSRP group:

interface GigabitEthernet0/1

description CONEXION A LA LAN MUNOZ LEON SWITCH CATALYST 3750 PTO 1

ip address 201.161.31.254 255.255.255.252 secondary

ip address 172.31.47.252 255.255.255.0

!

standby 1 ip 172.31.47.254

standby 1 timers 5 10

standby 1 priority 105

standby 1 preempt delay minimum 5

standby 1 track Tunnel0

!

standby 1 ---> "1" is the specific HSRP group number.

standby 1 priority 105 ---> The priority indicates whether this device may become the "Active" unit, the highest priority wins the election.

standby 1 track Tunnel0 ---> If tunnel0 comes down the priority is = 105 - 10

HSRP Features

Yo hablo español y no tengo ningún problema en darte una mano con este post en Español.

Portu.

Please rate any helpful posts

imunoze00 · ‎10-22-2012

so basically it should work the way it is configured right now, am I right?

Sent from Cisco Technical Support iPad App

Javier Portuguez · ‎10-23-2012

The settings on this Router are OK, assuming the other one is properly configured, you should be in good shape.

Let me know if your have any other questions, otherwise please mark this post as answered.

Thanks.

Portu.

Please rate any helpful posts

imunoze00 · ‎10-23-2012

Well, the config for the other router for the HSRP functionality is this:

interface Tunnel0
description INTERFACE PARA DETECTAR LA CAIDA DEL L2L
ip address 170.100.101.1 255.255.255.252
keepalive 3 2
tunnel source FastEthernet0/1
tunnel destination 192.168.114.2
!
interface FastEthernet0/0
description // WAN INFONAVIT //
ip address 10.1.1.1 255.255.255.252
duplex auto
speed auto
service-policy output WAN
!
interface FastEthernet0/1
description // LAN INTERFACE //
ip address 172.31.47.251 255.255.255.0
duplex auto
speed auto
standby 1 ip 172.31.47.254
standby 1 timers 5 10
standby 1 priority 90
standby 1 preempt delay minimum 5
standby 1 track Tunnel0
service-policy input LAN

So lets just hope everything works OK once they're both plugged in later today, or tonight.

Sent from Cisco Technical Support iPad App

Javier Portuguez · ‎10-23-2012

Sounds good.

Portu.

Please rate any helpful posts

mlund · ‎10-24-2012

Hi

I have one notice to this.

As Portu already has pointed out, the track command decreases the priority with 10.

This means that if tunnel0 goes down the priority will be 105 -10 = 95

95 is still higher than the second routers configured priority that is 90, which leads to the fact that the primary router is still tha active one.

If the goal is that the second router shall take over in case of tunnelfailure on the primary router, then my suggesstion is that You configure the secoond router with priority 100 ( wich actually is the default value ).

/Mikael

imunoze00 · ‎10-24-2012

I didn't know that, the 10 point deduction on failure. So I'll just have to configure the routers to have a 5 point spread and should do it.

Sent from Cisco Technical Support iPad App

Javier Portuguez · ‎10-24-2012

Thanks for the input Mikael, I appreciate it !!

Let us know how it goes!

edward237 · ‎11-20-2013

There is a mistake on the hsrp config

priority 105

and the other is

priority 90

the default valeu is 10

so, 105 - 10 = 95

95 > 90

so, there is no convergence between the routers.

my suggestion

set the Active router with priority 105 and the Standby let the default(100)

as the decrement is 10 by default, it will converge.