cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
256
Views
5
Helpful
11
Replies
Highlighted
Participant

HSRP + router-on-a-stick for isr 4331

Hello for everybody.

We are going to try next scheme - stack from two 2960 swithces and HSRP with two router-on-a-stick 4331. Has anyone tried to implement this a scheme? If yes, please share your experience.

 

We have two isr 4331, which connected with etherchannel to stack from two 2960. Each from etherchannels is divided into subinterfaces. 

For example, on first isr 4331 (i write approximately, because there is no router to check it)

Po1.6 10.19.6.2 YES NVRAM up up
Po1.10 10.19.10.2 YES NVRAM up up
Po1.12 10.19.12.2 YES NVRAM up up

on second isr 4331

Po1.6 10.19.6.3 YES NVRAM up up
Po1.10 10.19.10.3 YES NVRAM up up
Po1.12 10.19.12.3 YES NVRAM up up

 

And HSRP adresses with .1 fro every subinterface, which is the gateway for internal networks.

 

11 REPLIES 11
Highlighted
VIP Mentor

I do not see any issue here :

 

see the below thread for similar GLBP- your HSRP

 

https://community.cisco.com/t5/network-management/glbp-2-router-2-l3-switch/m-p/4147930#M136206

BB
*** Rate All Helpful Responses ***
Highlighted

I saw similar themes. Its basic for ccna exam.

But my question is a little bit another. Is it possible to reserve router-on-a-stick using a second router of the same type, setting up hsrp on the required subinterfaces. This scheme may be incorrect, but the purchase of an l3 switch (for intervlan routing) for this site was refused.

Highlighted
Hall of Fame Guru

We do not have much detail to work with on this question. So we can respond only in general terms. It is a bit unusual to do router on a stick with 2 routers but I do not see any reason why it would not work, assuming that they are correctly configured.

 

The basic requirements for HSRP are these (they would be for each vlan/subnet/subinterface):

- 2 layer 3 devices doing routing for the vlan/subnet/subinterface

- a layer 2 connection from each L3 device that allows each L3 device to be locally connected to the other L3 device and to hosts connected in the vlan/subnet

- configuration on the interface/subinterface of its own IP address in the subnet and of a shared/virtual address to be used as default gateway for the hosts connected in the vlan/subnet and other appropriate HSRP parameters

 

Assuming that the configuration satisfies these conditions I do not see any reason why it being router on a stick would make any difference.

HTH

Rick
Highlighted

Today i made lab on real hardware - isr 4331, ist 2821 and catalyst 2960. It looks, like it works.

But, i create hsrp only for one subinterface - po1.60.

 

ISR 4331

 

ISR-4331#sh run | b interface Port-channel1
interface Port-channel1
no ip address
no negotiation auto
!
interface Port-channel1.60
description wired_lan
encapsulation dot1Q 60
ip address 10.197.60.3 255.255.255.0
ip nat inside
standby 60 ip 10.197.60.1
standby 60 priority 90
standby 60 preempt
!
interface Port-channel1.127
description wifi
encapsulation dot1Q 127
ip address 10.197.127.3 255.255.255.0
ip nat inside
!
interface Port-channel1.196
description wifi_mgmt
encapsulation dot1Q 196
ip address 10.197.196.3 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/0/0
no ip address
negotiation auto
channel-group 1
!
interface GigabitEthernet0/0/1
no ip address
negotiation auto
channel-group 1

 

ISR 2821

 

ISR-2821#sh run | b interface Port-channel1
interface Port-channel1
no ip address
!
interface Port-channel1.60
description wired_lan
encapsulation dot1Q 60
ip address 10.197.60.2 255.255.255.0
ip nat inside
ip virtual-reassembly in
standby 60 ip 10.197.60.1
standby 60 priority 105
standby 60 preempt
!
interface Port-channel1.127
description wifi
encapsulation dot1Q 127
ip address 10.197.127.2 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Port-channel1.196
description wifi_mgmt
encapsulation dot1Q 196
ip address 10.197.196.2 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
channel-group 1
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
channel-group 1

Highlighted
VIP Mentor

Hello,

 

what are the two routers connected to ? If these are your edge routers connected to ISPs, here is the problem: if the ISP fails, the HSRP will still use the router connected to the failed ISP, which effectively blackholes your traffic. You need to configure an IP SLA on both routers, have HSRP track the status of that IP SLA, and lower the HSRP priority if the IP SLA is down.  

Highlighted

Hello

@Georg Pauwen  Have to disagree you wont require ip sla & tracking or just tracking on both rtrs, Just the primary would suffice, as long as hsrp preemption is enabled on both rtrs all should be good



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future
Highlighted

You are absolutely correct. IP SLA is only needed on the primary router.

 

To OP: make sure you are not tracking the interface, because that can stay up/up, but an IP address, e.g.:

 

track 1 ip sla 1
!
interface GigabitEthernet0/1
ip address 192.168.1.2 255.255.255.0
standby version 2
standby 1 timers msec 100 msec 300
standby 1 ip 192.168.1.1
standby 1 priority 150
standby 1 preempt delay minimum 60
standby 1 track 1 decrement 60
!
ip sla 1
icmp-echo 8.8.8.8
frequency 5
!
ip sla schedule 1 life forever start-time now

Highlighted

Two these routers should be connected to two different ISP from external side and l2 core switch from internal side.

Highlighted

Hello,

 

it doesn't matter if both routers are connected to different ISPs. The HSRP tracking in combination with the IP SLA will work.

Highlighted

Hello.

 

Of course, ip sla required in this situation. 

 

I think that ip sla needs to be configured so that it checks the availability of 8.8.8.8 through the main provider,and in case of unavailability, shutdown the internal interfaces so that everything works completely through the second router (standby hsrp) and the backup provider.

Highlighted
VIP Mentor

Hello

It seems  a viable solution, Just like to add to the other recommendations that the primary rtr will require tracking of its upstream connection so it that fails or reachabilty is lost tracking will notice this failure and then the primary rtrs hsrp priorities will decrement, preemption will initiate and the secondary hsrp rtr will take over, At the same time the lan stack will update its cam table accordingly from receiving a gratuitous arp request from the wan rtrs of the port and mac address now servicing the hsrp vip.



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future