12-30-2020 01:52 AM
I would like to check the feasibility of using HSRP between 3 Cisco devices ?
Is it technically feasible to have 3 L3 devices to be part of the same HSRP ?
Attached is the diagram for reference.
VLAN 141 is available in Router#1, Router#2 & Layer 3 switch.
With HSRP I want Router#1 to be primary, Router#2 will be secondary & Layer3# will be tertiary.
Is it technically possible possible to achieve this ?
12-30-2020 02:16 AM
Hello,
no problem at all. Each HSRP group can have up to 16 layer 3 interfaces. So with the config below:
Router#1
interface GigabitEthernet0/0
description Link to GigabitEthernet0/0 on L3 Switch
ip address 192.168.200.11 255.255.255.0
standby 1 ip 192.168.200.1
standby 1 priority 110
standby 1 preempt
Router#2
interface GigabitEthernet0/0
description Link to GigabitEthernet0/1 on L3 Switch
ip address 192.168.200.12 255.255.255.0
standby 1 ip 192.168.200.1
standby 1 priority 100
standby 1 preempt
L3 Switch
interface GigabitEthernet0/0
description Link to Router#1
switchport mode access
switchport access vlan 141
!
interface GigabitEthernet0/2
description Link to Router#2
switchport mode access
switchport access vlan 141
!
interface Vlan141
ip address 192.168.200.10 255.255.255.0
standby 1 ip 192.168.200.1
standby 1 priority 90
This is the 'sh standby' output from the L3 switch:
Switch#sh standby
Vlan141 - Group 1
State is Listen
2 state changes, last state change 00:00:27
Virtual IP address is 192.168.200.1
Active virtual MAC address is 0000.0c07.ac01 (MAC Not In Use)
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Preemption disabled
Active router is 192.168.200.11, priority 110 (expires in 10.064 sec)
Standby router is 192.168.200.12, priority 100 (expires in 9.936 sec)
Priority 90 (configured 90)
Group name is "hsrp-Vl141-1" (default)
12-30-2020 02:29 AM - edited 12-30-2020 02:55 AM
yes it is possible, But only 2 in the Active participant, rest all will be in Listening mode based on priority setup done.
So you need to be very careful while doing this config, and decide which one you like to part Active / Standby and Listening mode.
12-30-2020 02:36 AM - edited 12-30-2020 06:32 AM
Hello
If you had a 3rd rtr then yes you could have an 3 hsrp rtr in the same HSRP group as tertiary but looking at your topology at present having the L3 switch in HSRP wouldn’t be viable as you wouldn’t require it.
The L3 switch will use the HSRP vip address provided from rtr1& 2 for vlan141 and it will use rtr1 as its egress primary path and if that became unavailable HSRP would preempt over to rtr 2 so the vip address for that vlan/ group would still be available to the L3 switch
12-30-2020 08:51 AM
I see a couple of issues in the drawing attached to the original post:
- the host shown has the same IP address as the L3 switch 192.168.200.10. The host needs a unique address.
- the picture shows the host in the same IP subnet but in vlan 10 while the other devices are in vlan 141. The host needs to be in the same vlan as the other devices for this to work.
@paul driver brings up an interesting point about having a layer 3 switch as part of this design. From the standpoint of syntax it is certainly possible to configure HSRP using 2 routers and a layer 3 switch. And show standby would show correct relationships about which device is the active router. But as I think about it I agree that this probably would not work as the original poster intends. I believe that there are at least 2 issues here:
- Even if the router with the highest priority might be the active router and have the HSRP mac address, and even though the IP packet from the host would have the HSRP mac address as the destination mac address, when the IP packet gets to the SVI of the layer 3 switch it is likely that the switch would process the destination IP address and forward the packet rather than sending the packet on to the HSRP active router.
- Since the path from the host to either of the routers goes through the layer 3 switch, if there was some problem with the layer 3 switch would the packet be able to reach one of the routers?
12-30-2020 09:01 AM
The way I 'interpreted' (I know that this word is always tricky) is that all three devices are connected to the layer 2 switch. If that is not the case, what sense at all would make HSRP then ? If both routers are only reachable through the L3 switch, a failure of the L3 switch would result in no reachability at all. So my best guess if all three devices are connected to the L2 switch, giving the host(s) the redundant gateways.
12-30-2020 10:50 AM - edited 12-30-2020 10:51 AM
Hello
@Georg Pauwen wrote:
So my best guess if all three devices are connected to the L2 switch, giving the host(s) the redundant gateways.
I would say based on the topology provided it suggests different.
The host(s) resides on the L2 switch, the L2 switch is directly connected to the L3 switch , Which intern has two connected interfaces into two rtrs suggesting the rtrs are egress points for the lan host(s) and the l3 switch, thus HSRP applied for each rtrs lan facing interfaces into the L3 switch
12-30-2020 02:06 PM
The original post asks a direct question "Is it technically feasible to have 3 L3 devices to be part of the same HSRP". I believe that we would all agree that the answer to that question is that yes it is technically feasible to have 3 L3 devices be part of the same HSRP. Whether it will work in the local situation depends on some things about the topology that we do not know.
12-31-2020 09:47 AM - edited 12-31-2020 09:49 AM
"Even if the router with the highest priority might be the active router and have the HSRP mac address, and even though the IP packet from the host would have the HSRP mac address as the destination mac address, when the IP packet gets to the SVI of the layer 3 switch it is likely that the switch would process the destination IP address and forward the packet rather than sending the packet on to the HSRP active router."
BTW, I believe the L3 switch would bypass its SVI and send the packet to the router if that router had the active HSRP MAC. This because a L3 switch still also operates as a L2 switch. I.e. the L2 "portion" of the switch shouldn't forward a frame to its own SVI unless that SVI "owns" the MAC.
However HSRP can redirect. So, in some circumstances, the active HSRP gateway (still assuming its one of the routers) might redirect a host to the L3 switch's SVI (or the other router), if it also has a (different from router) virtual IP.
01-01-2021 07:10 PM
Dear All
Thanks. I have updated the diagram for reference.
I am highlighting more details regarding this.
I have 3 internet links, terminating in R1,R2 & L3.
R1,R2 & L3 will have SLA configured monitoring the Internet links.
If Internet link not available, HSRP value will be decreased.
Also in L3 , route map will be configured to set next hop as HSRP IP.
i am looking for this scenario to work,
Will it work ?
01-01-2021 09:40 PM
The new drawing provides some information that was not in the original drawing, and I believe it is significant. The original drawing showed 2 routers, 1 layer 3 switch, 1 layer 2 switch, and 1 host. All of the IP addresses shown were in network 192.168.200.0. There was a notation about vlan 10 but since there was no other information about vlan 10 I did not realize the significance of vlan 10. I discussed HSRP among the 3 devices in terms of the host being in that subnet (as I believe did my colleagues) and while HSRP certainly would operate with 3 devices that this particular HSRP implementation might be problematic.
The new drawing changes the IP address of the host connected to the layer 2 switch. Its IP address is now clearly not in vlan 141 but in vlan 10. And there is a notation that suggests that PBR is implemented on the vlan 10 interface of the L3 switch, and that PBR is setting the next hop to be the HSRP virtual address. This is a very significant change. In this different environment HSRP should work quite well. An IP packet from the host will arrive on the vlan 10 interface of the L3 switch, PBR will make a forwarding decision and set the next hop, the L3 switch will look for the mac address of the HSRP active router, and will forward the packet as the original poster wants it to do. Also new in this version of the drawing is information about using IP SLA to monitor connections to ISP on each device and to lower HSRP priority if there is a problem.
In this implementation I do not see any issue about having 3 devices participate in HSRP. As noted in a previous response one device will be active, one device will be standby, and one device will be listening. But all 3 devices will participate, active router designation will be affected if one or more Internet connections fail, and the active router designation should be in the order desired.
01-02-2021 08:36 AM
I agree with Rick, at least for VLAN 10, this should work as you intend.
That said, at your VLAN 141 is a /24, and since you have 3 Internet connections, unless your SLAs also insure the lost path's default route is also changed and other traffic isn't routed to the device(s) with the lost Internet path, your could black hole other traffic other than VLAN 10's.
You might also consider HSRP switch over time, i.e. decrease the hello timers. BTW, later variants of HSRP support BFD.
BTW, your approach is a bit novel, as most, I would think, would manage this need at L3, not L2. However your approach does avoid the difficultly of doing failure processing using PBR.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide