Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2132
Views
0
Helpful
2
Replies

Connect two 3560 Switches running HSRP with two ISR1841 also Running HSRP

jose cortes
Level 1
Level 1

‎03-03-2011 07:44 PM - edited ‎03-06-2019 03:53 PM

Hi,

I want to know if is possible this scenario:

My ISP give me High Availability for my WAN connection by means of HSRP (Active/Standby) so currently I have the two routers connected to two diffents switches catalyst 3560. I'm working on the LAN segmentation using VLANs, so I had this Idea to user the two 3560 switches to route my intervlan traffic and use the routers only to route the external traffic, but, I want to user the two Switches Active/Active using also HSRP. This way, the half of the vlans will be active for one switch and standby for anothers and viceversa. (figure 1.)

HSRP.png

                                              Figure 1. Full Topology

With the changes described before, I will have two routers running HSRP (Active/Standby) and two Switches running HSRP (Active/Active), so I have doubts about how to configure the subnet between the routers and the switches so the topology virtually looks like one Router connected with One Switch. (Figure .2)

Do I Need to user for example VLAN100 on the switch ports that are connected to each router an do HSRP or this ports could be Layer-3 ports??

HSRP2.png

                                                Figure 2. Virtual Topology

thanks and Regards,

Jose

Labels:
0 Helpful
2 Replies 2

Chad Peterson
Cisco Employee
Cisco Employee

‎03-04-2011 08:55 AM

Hi Jose,

If you are running a routing protocol with your ISP, then no need for them to do HSRP and you can use L3 links from each router to the switch.  However it seems that they are running HSRP and I am assuming you have a default rout pointing to them as well.  This is fine too.

With them running HSRP, you will need to configure the switchport facing the router in the same vlan on each, and create and SVI on each switch for this vlan and carry it across both switches.

The only thing I would suggest with this type of setup is to set your ARP timeout to something lower than your CAM aging timer.  So you could raise CAM aging to > 4hr, or lower ARP timeout to < 5min.  I usually suggest to lower ARP.

The reason for this is to prevent unicast flooding.  Because you cannot control the path the traffic will come back into your network, you may find that the switch that needs to route the packet to your hosts has an ARP entry but no MAC entry (this can happen if its the standby router for the vlan with the host).  Take a look at this doc, it describes this in more detail (Cause #1):

0 Helpful

jose cortes
Level 1
Level 1
In response to Chad Peterson

‎03-04-2011 12:29 PM

Hi Chad,

To clarify, mi two siwtches are running HSRP facing the LAN (VLANS) so I have i.e: VLAN10 VLAN20 VLAN30 VLAN40. The inter-vlan routing is configured on these two switches (Cat 3560G) and the SVIs created for each VLAN are also configured on the both switches in an Active/Active deployment.

VLANSWITCHHSRP ROLEINTERFACE SVIIP ADDRESSVIRTUAL IP ADDRESS
2Switch-AActiveinterface vlan 22.2.2.22.2.2.1
2Switch-BStandbyinterface vlan 22.2.2.32.2.2.1
3Switch-AActiveinterface vlan 33.3.3.23.3.3.1
3Switch-BStandbyinterface vlan 33.3.3.33.3.3.1
4Switch-AStandbyinterface vlan 44.4.4.24.4.4.1
4Switch-BActiveinterface vlan 44.4.4.34.4.4.1
5Switch-AStandbyinterface vlan 55.5.5.25.5.5.1
5Switch-BActiveinterface vlan 55.5.5.35.5.5.1

So, as you can see with this model I have Active/Active HSRP for my LAN.

now, If any VLAN wants to go outside the LAN I have the ISP Virtual Routers, so I create a default route to route the traffic to the WAN this way:

ip route 0.0.0.0 0.0.0.0 20.20.20.1

You said I should configure my Switch's interfaces that are connected to the routers as Access for a vlan say, VLAN 20. so my switches will be configure this way:

Switch-A SVI interface vlan 20 with IP address 20.20.20.4 255.255.255.0

Swtich-B SVI interface vlan 20 with IP address 20.20.20.5 255.255.255.0

Ok this way which will be the ip that the ISP will use to route the traffic from the WAN to the LAN. For example, assume the ISP configure all the routing from WAN to LAN using the Switch-A. The static routes will be:

ip route 2.2.2.0 255.255.255.0 20.20.20.4

ip route 3.3.3.0 255.255.255.0 20.20.20.4

ip route 4.4.4.0 255.255.255.0 20.20.20.4

ip route 5.5.5.0 255.255.255.0 20.20.20.4

now imagine my Switch-A fails, because of HSRP the LAN will keep routing traffic between vlans and also will send packets outside through the Switch-B. But the traffic coming from the WAN won't reach the ip 20.20.20.4 so the traffic probably will drop.

Then I thought that using HSRP faceing my ISP i will let the ISP to see one IP (my HSRP virtual IP). In this deployment the ISP will route all the traffic from the WAN to one only IP address. i.e:

Switch-A SVI interface vlan 20 with IP address 20.20.20.4 255.255.255.0

Swtich-B SVI interface vlan 20 with IP address 20.20.20.5 255.255.255.0

And using the HSRP the virtual IP will be, say 20.20.20.6

so the statics routes at the Router ISP will be:

ip route 2.2.2.0 255.255.255.0 20.20.20.6

ip route 3.3.3.0 255.255.255.0 20.20.20.6

ip route 4.4.4.0 255.255.255.0 20.20.20.6

ip route 5.5.5.0 255.255.255.0 20.20.20.6

Please correct me if I'm wrong

Regards

Jose Manuel Cortes Hurtado

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card