Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
459
Views
0
Helpful
2
Replies

HSRP

musumani.woods
Level 1
Level 1

‎04-08-2011 12:21 AM - edited ‎03-04-2019 12:01 PM

I currently have two internet routers and one serves as a standby using hsrp. Currently only I have one switch connecting both to my lan (fw). I want to place another switch to allow me full redundancy, so config is :

Old Config

internet router 1 & 2  ----  switch 1 ---  FW1 & 2

New config:

internet router 1 ----  switch 1 ---  FW1

internet router 2 (standby) ------ switch2 ----- FW2.

My fw uses vip so I am certain that I do not have to make any changes on the fw, however I am not certain if any changes need to be made on the routers. Any insight will be appreciated. 

Labels:
0 Helpful
2 Replies 2

Latchum Naidu
VIP Alumni
VIP Alumni

‎04-08-2011 12:44 AM

Hi,

You need to have configure HSRP like below on the both routers and switches to have full redundancy. I hope the switches are L3 ones.

ON Active Router:

interface FastEthernet0/1
ip address 10.10.10.12 255.255.255.0
ip nat inside
ip virtual-reassembly
ip route-cache flow
speed 100
full-duplex
standby 0 ip 10.10.10.10
standby 0 priority 110
standby 0 preempt
standby 0 track FastEthernet0/0 30


ON Standby Router:

interface FastEthernet0/1
ip address 10.10.10.11 255.255.255.0
ip flow egress
ip nat inside
ip virtual-reassembly
ip route-cache flow
speed 100
full-duplex
standby 0 ip 10.10.10.10
standby 0 priority 90
standby 0 track FastEthernet0/1 30

ON Active Switch:

interface Vlan1
ip address 10.12.1.2 255.255.0.0
standby 0 ip 10.12.1.1
standby 0 priority 105
standby 0 preempt


ON Standby Switch:

interface Vlan1
ip address 10.12.1.3 255.255.0.0
standby 0 ip 10.12.1.1
standby 0 preempt


Hope the above will help you.

Please rate the helpfull posts.
Regards,
Naidu.

0 Helpful

mvsheik123
Level 7
Level 7
In response to Latchum Naidu

‎04-08-2011 07:30 AM

Hi,

Check the below. FW using vip, I guess FW also doing the nat. The Internet switches can be pure L2.

Active rtr:

interface FastEthernet0/1

description: switch1
ip address 10.10.10.2 255.255.255.0
speed 100
full-duplex

no ip redirects

no ip unreachables

no ip proxy-arp

standby 10 ip 10.10.10.1 < vip for the fw>
standby 10 priority 110
standby 10 preempt delay minimum 10
standby 10 track FastEthernet0/0

Stdby rtr:

interface FastEthernet0/1

description: switch2
ip address 10.10.10.3 255.255.255.0
speed 100
full-duplex

no ip redirects

no ip unreachables

no ip proxy-arp

standby 10 ip 10.10.10.1 < vip for the fw>
standby 10 priority 105
standby 10 preempt

You can change the priority values to any number as long as 'decrement number' covered by 'tack' command as mentioned in earlier post. default decrement 10.

*replace 10.10.10.x with the public ips.

switches:

1. Create port channel between both switches.

2. Place the both switch ports that connects to firewall outside interface and Internet router inside interface in the same vlan and allow the vlan via port channel (incase if you restrict vlans. Default allow all) .

This should give you router/switch and ISP down redundancy.

hth

MS

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card