HSRP on Nexus (first time)

Andrew White · ‎01-21-2019

Hello,

I'm just having a play with 2 Nexus switches (7.3) as I've not used this before.

Currently I have 1 Nexus setup with 1 laptop connected on an access port and I've configured VLAN30 as an an HSRP and I eventually what to use HSRP between the 2 Nexus switches for our user VLANs as I will be connecting some Cisco 2960x L2 switches to these as trunks.

I added the below config to 1 switch and the laptop can ping the physical IP for VLAN 30 (.252) but not the HSRP virtual IP (.254).

Config:

vlan 30
name USER30

vlan configuration 30

interface Vlan1

interface Vlan30
no shutdown
no ip redirects
ip address 172.18.30.252/24
hsrp 30
preempt delay minimum 60
priority 115
timers msec 250 msec 750
ip 172.18.30.254

HSRP is up for VLAN 30 (just 1 switch atm)

Vlan30 - Group 30 (HSRP-V1) (IPv4)
Local state is Active, priority 115 (Cfged 115), may preempt
Forwarding threshold(for vPC), lower: 1 upper: 115
Preemption Delay (Seconds) Minimum:60
Hellotime 250 msec, holdtime 750 msec
Next hello sent in 0.041000 sec(s)
Virtual IP address is 172.18.30.254 (Cfged)
Active router is local
Standby router is unknown
Authentication text "cisco"
Virtual mac address is 0000.0c07.ac1e (Default MAC)
2 state changes, last state change 00:03:02
IP redundancy name is hsrp-Vlan30-30 (default)

Form the switch the ping works to the laptop:

switch# ping 172.18.30.10
PING 172.18.30.10 (172.18.30.10): 56 data bytes
64 bytes from 172.18.30.10: icmp_seq=0 ttl=63 time=9.017 ms
64 bytes from 172.18.30.10: icmp_seq=1 ttl=63 time=1.952 ms

However the Laptop can only ping physical IP (172.18.30.252) and not the HSRP (172.18.30.254).

Am I missing something? I will connect the 2nd switch as part of the HSRP, but I should still be able to ping the virtual address.

Thanks

Georg Pauwen · ‎01-21-2019

Hello,

which Nexus is this on ? Have you gobally enabled the HSRP feature:

Nexus(config)#feature hsrp

?

Andrew White · ‎01-21-2019

Yes the feature is turned on.

I will try version 2 and let you know

Reza Sharifi · ‎01-21-2019

Hi,

Not that this should make any difference but can you configure hsrp version 2 and test again?

hsrp version 2

hsrp 30
preempt delay minimum 60
priority 115
timers msec 250 msec 750
ip 172.18.30.254

HTH

balaji.bandi · ‎01-21-2019

Below example configuration : we would like to know how they are connected each other.

If you building 2 nexus you need to build with vPC and allowed the requeired VLAN in vPC.

HSRP
========

N7K1
====
feature hsrp
!
interface Vlan9
description MGMT-NET HSRP
no shutdown
no ip redirects
ip address 10.10.9.2/24
no ipv6 redirects
hsrp 9
preempt
priority 150
timers 1 3
ip 10.10.9.1
!
end

N7K2
====
feature hsrp
interface Vlan9
description MGMT-NET HSRP
no shutdown
no ip redirects
ip address 10.10.9.3/24
no ipv6 redirects
hsrp 9
preempt
priority 130
timers 1 3
ip 10.10.9.1
!
end

You can verify show standby breif will show you HSRP working.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Andrew White · ‎01-22-2019

Hello,

I have not configure the vPC yet as the 2nd Nexus is not out of the box yet, but shouldn't the HSRP virtual IP still work? It's as if the 2nd switch is down so I'm essentially in DR mode :)

Do you have a example on configuring the vPC? Eventually I want to add a 3850 to both as portchannel but I think I need to add the vPC to it? something like this:

interface port-channel10

description Uplinkto3850

switchport mode trunk

switchport trunk native vlan 999

switchport trunk allowed vlan 9,999

spanning-tree port type normal

speed 10000

vpc 9

I guess something like this on the Nexus:?

balaji.bandi · ‎01-22-2019

here is config related to nexus and 3850, hope you have already have based vPC config between nexus 1 and nexus 2

Nexus 1

interface port-channel10
switchport mode trunk
switchport trunk native vlan 999
switchport trunk allowed vlan 9,900
vpc 10
no shutdown

interface Ethernet1/16
description to 3850
switchport mode trunk
switchport trunk native vlan 999
switchport trunk allowed vlan 9,900
channel-group 10 mode active
no shutdown

Nexus 2

interface port-channel10
switchport mode trunk
switchport trunk native vlan 999
switchport trunk allowed vlan 9,900
vpc 10
no shutdown

interface Ethernet1/16
description to 3850
switchport mode trunk
switchport trunk native vlan 999
switchport trunk allowed vlan 9,900
channel-group 10 mode active
no shutdown

3850
========

interface Port-channel10
switchport trunk native vlan 999
switchport trunk allowed vlan 9,900
switchport trunk encapsulation dot1q
switchport mode trunk
no shutdown

interface GigabitEthernet1/0/1
Description to Nexus 1
switchport trunk native vlan 999
switchport trunk allowed vlan 9,900
switchport mode trunk
channel-group 10 mode active
no shutdown
!
interface GigabitEthernet1/0/2
Description to Nexus 2
switchport trunk native vlan 999
switchport trunk allowed vlan 9,900
switchport mode trunk
channel-group 10 mode active
no shutdown
!

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Andrew White · ‎01-23-2019

Wow let me test this.

I see a vPC is basically an etherchannel for the Nexus am I right? It sort of makes them 1 logical switch and can help with no loops?

What is the reason to add the vPC to the port channel etc?

Thanks

Mark Malone · ‎01-23-2019

This i why you would use a VPC port-channel to your switches below , if there standalone and not FEXs which integrate like linecards you should use the VPC on Nexus side and standard PO config on switch side as they dont support VPC but can interact with it as balaji has shown above in sample configs

A vPC provides the following benefits:
• Allows a single device to use a PortChannel across two upstream devices
• Eliminates Spanning Tree Protocol blocked ports
• Provides a loop-free topology
• Uses all available uplink bandwidth
• Provides fast convergence if either the link or a device fails
• Provides link-level resiliency
• Helps ensure high availability

balaji.bandi · ‎01-23-2019

yes that is correct, you can find sample information vpc deployment guides, if not let me know we can offer one for you.

let me know how it goes ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Andrew White · ‎01-23-2019

Thanks guys,

can you provide the base vPC config between the 2 nexus switches too, I’m not sure I’ve done it right?

thanks

balaji.bandi · ‎01-23-2019

here is cisco official guide.

https://www.cisco.com/c/en/us/products/collateral/switches/nexus-5000-series-switches/configuration_guide_c07-543563.html

if you still have difficulties let me know.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Mark Malone · ‎01-23-2019

Heres a working setup of my switches you could tweak easily to your own , 4 links between both nexus devices portchannel 1 for VPC peer link , then a heartbeat link as well over a vlan at l3 between both switches

You need a hearbeat incase VPC ever crashed so it can come back up

VPC Config

vpc domain 200
role priority 200
system-priority 150
peer-keepalive destination x.x.x.x source x.x.x.x
delay restore 90

interface mgmt0
description OOB.TRUSTED.SERVER
vrf member management
ip address x.x.x.x

interface Vlan3003
description VPC Heartbeat
vrf member heartbeat
ip address 10.1.1.1/30

interface Ethernet1/44
description VPC Heartbeat
switchport access vlan 3003
logging event port link-status

interface port-channel1
description Peer_Link_To_xxxxxxxxx
switchport mode trunk
no lacp suspend-individual
switchport trunk allowed vlan 2,10-11,17-18,20,28,31,33-34,36-39,48,50,64-65,70,72,74,76,78,80,90-96,102-103,105,107,400,1226,2224
spanning-tree port type network
speed 10000
vpc peer-link

interface Ethernet1/45
description Peer_Link_1_of_4_to_xxxxxxxxxx
switchport mode trunk
switchport trunk allowed vlan 2,10-11,17-18,20,28,31,33-34,36-39,48,50,64-65,70,72,74,76,78,80,90-96,102-103,105,107,400,1226,2224
channel-group 1 mode active

interface Ethernet1/46
description Peer_Link_2_of_4_to_xxxxxxxxx
switchport mode trunk
switchport trunk allowed vlan 2,10-11,17-18,20,28,31,33-34,36-39,48,50,64-65,70,72,74,76,78,80,90-96,102-103,105,107,400,1226,2224
channel-group 1 mode active

interface Ethernet1/47
description Peer_Link_3_of_4_to_xxxxxxxxx
switchport mode trunk
switchport trunk allowed vlan 2,10-11,17-18,20,28,31,33-34,36-39,48,50,64-65,70,72,74,76,78,80,90-96,102-103,105,107,400,1226,2224
channel-group 1 mode active

interface Ethernet1/48
description Peer_Link_4_of_4_to_xxxxxxxxxxx
switchport mode trunk
switchport trunk allowed vlan 2,10-11,17-18,20,28,31,33-34,36-39,48,50,64-65,70,72,74,76,78,80,90-96,102-103,105,107,400,1226,2224
channel-group 1 mode active

##############################################################################

vpc domain 200
role priority 150
system-priority 150
peer-keepalive destination x.x.x.x source x.x.x.x
delay restore 90

interface mgmt0
description OOB.TRUSTED.SERVER
vrf member management
ip address x.x.x.x/x

interface Vlan3003
description VPC Heartbeat
vrf member heartbeat
ip address 10.1.1.2/30

interface Ethernet1/44
description VPC Heartbeat
switchport access vlan 3003
logging event port link-status