The standby does have routes to the corporate network. When I added the standby I initially copied the configuration from my primary to my standby and then made the specific changes for the HSRP. What happens is when the standby takes over the sub-interfaces (GE 0/0), the interface on the corporate side (GE 0/1) shows that my primary router is still the active router for that interface (GE 0/1) and the same interface on the standby (GE 0/1) is still the standby router. I thought either the standby would become the active router on all interfaces or it would forward packets to the active router. I can't figure out why neither of these are happening.

Are you running HSRP on the gi0/1 interfaces ?

If not see my last post.

If you are can you confirm ?

Jon

Yes, HSRP in on for the GE 0/1. If I lose communications on all interface to my primary router, the standby becomes the active router for all interfaces. It's just when I only lose 1 interface (GE 0/0 or GE 0/1) that I lose communication between my sub-interfaces and my corporate network.

What are the IP subnets for the subinterfaces ie. the networks and subnet masks.

Jon

10.128.0.0/9

10.3.0.0/24

10.4.0.0/18

10.7.0.0/24

Okay, so no summarisation possible with those.

I'm not sure how this would work with tracking.

You can track multiple interfaces so gi0/1 could track all the subinterfaces and the subinterfaces could track gi0/1.

If a subinterface failed then gi0/1 would switch to the standby router as would the failed subinterface. But the other subinterfaces are still on the active router and even though gi0/1 has switched over the actual interface hasn't failed so again you lose connectivity for the subinterfaces still up on the previous primary router for  gi0/1.

Possible alternatives -

1) an EEM script could probably sort this out. It could monitor the router and if it sees a HSRP change on gi0/1 it would automatically shutdown the subinterfaces.

Could get a little complicated.

2) using  a router to router link whether that be another subinterface or a separate interface if you have one.

Then on each router run a dynamic routing protocol to advertise the subinterface networks to each router.

These routes won't show up in the routing table because the router will have a directly connected interface but as soon as a subinterface fails it should then install the route via the other router.

I can't help feeling I'm missing something but I can't see what at the moment.

Perhaps others can offer a better solution.

I have to log off now but I will try and lab this up later if you don't get a better answer and see which one works the best.

Jon

I appreciate it. You seem to feel like I did when I set this up and it didn't work. Anything you can add would be great.

Hi Deni. You have clients connecting to a switch and then to gateways on the 2 2901s set up with HSRP right?

How does the Gi0/1 interfaces on the 2901s connect to your corporate network? Via another switch? Or to a router? Or a layer 3 switch?

The GE 0/1 interface IP's are part of the corporate network which connect to a switch and then to the core router for the corporate network. As a reference on the networks:

Corp = 10.44.12.0/23

primary router = 10.44.12.102

standby router = 10.44.12.103

HSRP virtual router = 10.44.12.101

I tested this in a lab and you can do it all with HSRP.

Firstly if a single subinterface fails I couldn't find a way with HSRP to move everything across to the other router but you don't need to.

All you need to do is if a single subinterface fails you must move the WAN interface across.

If you do then everything will work although obviously both routers will be active and standby for different interfaces.  I am happy to explain how it works although it's easier to see it in action to be honest.

However that said it is unlikely you will get a single subinterface failure ie. the main interface or the switch port it is connected to will fail.

So you can either set it up for just the main interface failing or you can do it on a per subinterface failure, it's really up to you.

What you need to do is -

LAN interface is one with subinterfaces
WAN interface is gi0/1

1) create a tracked object tracking the line protocol of the WAN interface.

If you want to track just the main LAN interface created another tracked object, again tracking line protocol, for the LAN interface.

If you want to track per subinterface then you need to create a unique tracked object per subinterface.

You need to make sure that if the track is activated it takes enough off the HSRP priority on the active router so that the standby router now has a higher priority.

2) on each of the LAN subinterfaces you need to add the tracked object for the WAN interface to the HSRP configuration.

On the WAN interface you either add just the LAN tracked object or you add multiple tracked objects, one per subinterface depending on which you want to track.

3) you need to modify the HSRP configuration on all interfaces so that on both the active and standby router you add  "standby <group> preempt" .

The above should work.

I tested in the lab using tracking per subinterface and as long as you move the WAN interface across whenever there is a failure of anything it worked.

Like i say if you do get a failure then i suspect it will be the entire interface in which case everything would switch to the standby router.

In the unlikely event of a single or multiple subinterfaces failing but some still staying up you won't move everything across but it will still work.

If you really do want to guarantee everything moves in every scenario then i think you would need EEM but i don't think it is worth it as it just complicates things.

Happy to explain how it would work and if you need a hand with the configuration just let me know.

Jon

Thanks for the help! So if I follow, my configuration should look like this:

!primary router

conf term
interface gigabitethernet 0/0
ip address 10.44.12.2 255.255.254.0
standby 1 ip 10.44.12.1
standby track gigabitethernet 0/1
standby 1 preempt
exit

interface gigabitethernet 0/1
standby track gigabitethernet 0/0
exit

interface gigabitethernet 0/0.3
ip address 10.3.0.2 255.255.255.0
standby 3 ip 10.3.0.1
standby 3 preempt
exit

interface gigabitethernet 0/0.4
ip address 10.4.0.2 255.255.192.0
standby 4 ip 10.4.0.1
standby 4 preempt
exit

!repeat for sub-interfaces ge 0/0.7 & 0/0.128

cntrl+Z

!standby router

conf term
interface gigabitethernet 0/0
ip address 10.44.12.3 255.255.254.0
standby 1 ip 10.44.12.1
standby track gigabitethernet 0/1
standby 1 preempt
exit

interface gigabitethernet 0/1
standby track gigabitethernet 0/0
exit

interface gigabitethernet 0/0.3
ip address 10.3.0.3 255.255.255.0
standby 3 ip 10.3.0.1
standby 3 preempt
exit

interface gigabitethernet 0/0.4
ip address 10.4.0.3 255.255.192.0
standby 4 ip 10.4.0.1
standby 4 preempt
exit

!repeat for sub-interfaces ge 0/0.7 & 0/0.128

cntrl+Z

Hopefully I'm on the right track here. Please let me know if I'm off on anything. Again, I appreciate all of your help.

Hi. Is this the full interface configs? If so. Do you have any HSRP/IP address config on the Gi0/1 interfaces?

I noticed that you do not specify a priority for each group either. If so, the default will be to use the highest IP address, if I'm not mistaken. And your highest ip per group is your Standby router.

Do you need the active router to be active for all vlans, and have the standby take over in case of failure?

How does your Corp router send traffic to the Vlan sub interfaces?

HI. I don't know when Jon will be online again so I'll post an amended config for you to try :-)

Please remember that to reach the vlans behind the routers you need a route on the corporate router pointing to 10.44.12.101 for your next hop.

See below

!primary router

conf term
interface gigabitethernet 0/0
no ip address
exit

interface gigabitethernet 0/1
standby 1 track gigabitethernet 0/0
ip address 10.44.12.102 255.255.254.0
standby 1 ip 10.44.12.101
standby 1 preempt
standby 1 priority 105
exit

interface gigabitethernet 0/0.3
ip address 10.3.0.2 255.255.255.0
standby 3 ip 10.3.0.1
standby 3 preempt
standby 3 priority 105
standby 3 track gigabitethernet 0/1
exit

interface gigabitethernet 0/0.4
ip address 10.4.0.2 255.255.192.0
standby 4 ip 10.4.0.1
standby 4 priority 105
standby 4 preempt
standby 4 track gigabitethernet 0/1
exit

!repeat for sub-interfaces ge 0/0.7 & 0/0.128

cntrl+Z

!standby router

conf term
interface gigabitethernet 0/0
no ip address
exit

interface gigabitethernet 0/1
standby 1 track gigabitethernet 0/0
ip address 10.44.12.103 255.255.254.0
standby 1 ip 10.44.12.101
standby 1 preempt
exit

interface gigabitethernet 0/0.3
ip address 10.3.0.3 255.255.255.0
standby 3 track gigabitethernet 0/1
standby 3 ip 10.3.0.1
standby 3 preempt
exit

interface gigabitethernet 0/0.4
ip address 10.4.0.3 255.255.192.0
standby 4 track gigabitethernet 0/1
standby 4 ip 10.4.0.1
standby 4 preempt
exit

!repeat for sub-interfaces ge 0/0.7 & 0/0.128