HSRP on Secondary IP address - Cisco 2900

thiago.dacruz · ‎02-21-2013

Hello guys,

I have a few old 2600 routers (2621, different IOS's) which I'm now replacing for new one's from the 2900 series (2901, Version 15.1(4)M4).

In my configuration I have two IP addresses in my LAN interface and I have HSRP configured within the secondary IP subnet range. It would be something like this:

interface GigabitEthernet0/1

ip address 172.x.x.x x.x.x.x secondary

ip address 10.z.z.z z.z.z.z

...

standby 10 ip 172.x.x.x

These routers are connected to a common use switch, so I have to keep an acl for control. In my old acl, regardless of the secondary IP address and HSRP IP, the HSRP hello packets were always sent with source in the primary IP address, so I had to allow the primary IP address in my acl like this:

permit udp 10.z.z.z z.z.z.z host 224.0.0.2 eq 1985

Now, in the new 2900 routers, my interface configuration hasn't changed however I can see that the hello packets are now sent with the source within the respective HSRP IP subnet so I had to edit my acl for that:

permit udp 172.x.x.x x.x.x.x host 224.0.0.2 eq 1985

Is this the expected behaviour? Is there a way I can force the HSRP to work as it previously did in the old IOS's?

Thanks a lot

mhnedirli · ‎02-22-2013

hello, in configuration guide it says :

HSRP Configuration Changes

With CSCsv12265, an HSRP group may be configured with a virtual IP address that matches the subnet of an IP address of a secondary interface.

When the virtual IP address of an HSRP group is configured with the same network ID as a secondary interface IP address, the source address of HSRP messages is automatically set to the most appropriate interface address. This configuration change allows the following configuration:

interface Ethernet1/0
 ip address 192.168.1.1 255.255.255.0
 ip address 192.168.2.1 255.255.255.0 secondary
 standby 1 ip 192.168.1.254
 standby 1 priority 105
 standby 1 preempt
 standby 2 ip 192.168.2.254 !Same network ID as secondary interface

Prior to CSCsv12265, an HSRP group remained in INIT state unless the HSRP virtual IP address had the same network ID as the primary interface address.

In addition, the following warning message is displayed if an HSRP group address is configured when no interface addresses are configured:

% Warning: address is not within a subnet on this interface

http://www.cisco.com/en/US/docs/ios-xml/ios/ipapp_fhrp/configuration/15-mt/fhp-hsrp.html

PramodKashid · ‎05-05-2015

You can either create separate hsrp groups for primary and secondary addresses, or configure secondary virtual IP in same hsrp group.

Case 1 -

interface GigabitEthernet0/1
ip address 172.16.1.2 255.255.255.0 secondary
ip address 10.1.1.2 255.255.255.0
standby 10 ip 10.1.1.1
standby 20 ip 72.16.1.1

Case 2-

interface GigabitEthernet0/1
ip address 172.16.1.2 255.255.255.0 secondary
ip address 10.1.1.2 255.255.255.0
standby 10 ip 10.1.1.1
standby 10 ip 72.16.1.1 secondary

mlund · ‎02-25-2013

Hi

You can use the keyword Secondary in the hsrp command.

example

int g0/1

ip addr 172.1.1.1 255.255.255.0 secondary

ip addr 10.1.1.1 255.255.255.0

stand 10 ip 10.1.1.254

stand 10 ip 172.1.1.254 secondary

/Mikael

jawad-mukhtar · ‎02-25-2013

int g0/1

ip addr 172.1.1.1 255.255.255.0 secondary

ip addr 10.1.1.1 255.255.255.0

stand 10 ip 10.1.1.254

stand 20 172.1.1.254

You can Make different Standby Groups for each subnet.

Jawad