cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
622
Views
0
Helpful
4
Replies

HSRP Redundancy

Joseph Janning
Level 1
Level 1

Hey everyone!

My company has two C4507 switches configured for its core infrastructure.  Each core has 5 identical modules installed and everything is cabled for redundancy. The cores also have HSRP configured for all the vlans.  It's a pretty typical core setup.  However, there are some redundant connections in this setup that caused me to raise an eyebrow.

As I mentioned, each core has 5 modules.  The previous network admin ran 5 redundant trunk connections between the cores.  However, the 5 redundant connections are not one-to-one between the modules.  For example, module 1 on SWA has a trunk to module 1 and a trunk to module 2 on SWB; but module 2 on SWA doesn't have any connections to SWB.

So here are my questions:

1. Are 5 redundant connections really necessary and can these multiple redundancies affect HSRP functionality?

2. Is there any reason the redundant connections are not one-to-one between modules other than poor attention to detail on the old network admin's part?

I should probably mention there is no etherchannel running anywhere.

Thanks!

1 Accepted Solution

Accepted Solutions

Joe

The other advantage of using etherchannel is that this usually means that the interconnect is left unblocked by STP because of a lower cost.

So on the access switches one of the uplinks will be blocked per vlan.

If you are using single trunks and you haven't explicity set the STP root and secondary be the 4500s then STP may well go via your access switches because all the interconnect trunk links are blocked.

Difficult to say without knowing the full topology and STP configuration.

Personally i would -

1) check the trunk links to see which vlans are allowed

2) check STP to see if any (or even all - see above) trunk links are blocked

if you cannot see any reason for individual links i would look to use an etherchannel trunk link instead.  It's not going to cost anything as you already have the links and would simplify your setup considerably.

Jon

View solution in original post

4 Replies 4

Jon Marshall
Hall of Fame
Hall of Fame

You don't say whether different vlans are allowed on different trunks which could make a difference.

If the same vlans are allowed on all the trunk links then all but one of them would be blocked by STP.

1) regardless of whether it is different vlans per trunk or the same on all trunks it should not affect HSRP as long as all vlans you are running HSRP for are allowed on the trunk links. In terms of whether it is necessary see below.

2) it's not so much whether the connections match between modules, it's more a question of why it has been done this way at all.

By far the most common solution is to use an etherchannel trunk between the switches. You would probably spread the etherchannel across modules in both switches.

There may be a reason why it has been setup like this but from the details provided it is not obvious.

Jon
 

Good point on the VLANs John.

All trunk links are carrying all VLANs.  I just noticed, however, that one of the 5 redundant links isn't trunked and has one of our server names in the description field.  This, among other things, leads me to believe inexperience configured it this way.  However, it is possible that at one point in time each redundant link was configured for an individual vlan.  Unfortunately, no one here can provide me with that information.

We are about to swap out one of the cores later this month and I would love to reconfigure the HSRP setup to use etherchannel but I want to make sure I don't break anything at the same time.

From what I have been told, the previous admin was able to succesfully perform an HSRP failover but ran into issues on the failback.  Apparently, the other switches had a problem reconnecting back to the original HSRP master (I have no other details on what exactly that means). To Glen's point, I'm willing to bet STP had something to do with it and the failback was just taking longer than expected.

Thank you very much for your replies, if anyone else has additional insight or experience with this type of redundant configuration it would be appreciated.  Otherwise, I think I'll throw on my salesman suit and sell some etherchannel to management. wink

Joe

The other advantage of using etherchannel is that this usually means that the interconnect is left unblocked by STP because of a lower cost.

So on the access switches one of the uplinks will be blocked per vlan.

If you are using single trunks and you haven't explicity set the STP root and secondary be the 4500s then STP may well go via your access switches because all the interconnect trunk links are blocked.

Difficult to say without knowing the full topology and STP configuration.

Personally i would -

1) check the trunk links to see which vlans are allowed

2) check STP to see if any (or even all - see above) trunk links are blocked

if you cannot see any reason for individual links i would look to use an etherchannel trunk link instead.  It's not going to cost anything as you already have the links and would simplify your setup considerably.

Jon

glen.grant
VIP Alumni
VIP Alumni

  If it's not etherchanneled i'm not sure what their thinking was if they are straight trunk links .  You probably have a bunch of blocked spanning tree  ports if they are only trunk and not channels.  It doesn't really matter which modules you attach to as long  they aren't in contiguous ports  . At the time maybe the ports on each side were taken already for some reason and he just used what he had available. 

Review Cisco Networking for a $25 gift card