05-21-2013 02:50 AM - edited 03-07-2019 01:28 PM
Hi all ,
1 ) What is exactly the relavance of HSRP group ?
2) What is exactly the best practise when configuring HSRP groups - Each group for each vlan or Same group for all VLANs ?
Regards,
Anup
Solved! Go to Solution.
05-21-2013 08:01 AM
1 ) What is exactly the relavance of HSRP group ?
Routers that provide redundancy for a given gateway address are assigned to a common HSRP group-
So you can create a single group with 10 Routers for one VLAN interface- one router becomes Active, otherone becomes standby and rest stay in listen state
Or you can create multiple groups for the same VLAN interface and use the groups for load balancing traffic across uplinks
2) What is exactly the best practise when configuring HSRP groups - Each group for each vlan or Same group for all VLANs ?
HSRP groups are locally significant, so you can use the same group number for all the VLAN interfaces but if you have a bigger switch that supports more than 16 group number then its better to match the group number with VLAN number for simplicity and for troubleshooting purposes.
Siddhartha
05-21-2013 06:30 AM
Hi Anup,
I dont know, it is the right answer for u or not:
HSRP groups
When using the standby command to setup HSRP, one optional parameter is to use a group number. When I configure it, I typically always use one, even though I never really had a good reason to do it.
One thing to keep in mind is dealing with the virtual MAC address HSRP uses. By default, this MAC address is 0000.0c07.ac00, if no group number is specified. If a group number is used, it is added to the last word. For example, group three becomes 0000.0c07.ac03.
In general, you will usually only use one HSRP group per vlan, so this isn't a problem. But if you have another device spanning multiple vlans that needs to talk to multiple HSRP speakers simultaneously, this can create MAC address conflicts if the same HSRP groups are used.
it’s a good idea to use different numbers if you have a more complex topology with multiple VLANs. There can be only one Active and one Standby router per HSRP group. The Standby router will only step in if the Active fails.
Hope it helps.
Regards
05-21-2013 06:53 AM
Hi,
in the past the IOS even did not allow to use the same HSRP group within different VLANs on the same device.
It's allowed nowadays, but don't forget there might be other devices running HSRP managed by somebody else within the LAN.
If you leave your devices to run HSRP in the default group, they might interact with the other devices.
So IMHO, the best practice is to use non-default HSRP groups.
And secure your HSRP using an authentication (MD5 or text password at least) if supported by your IOS.
Regards,
Milan
05-21-2013 07:42 AM
Thank you Sandeep and Milan for your valuable feedbacks !
Actually I started looking into the relavance of HSRP Group numbers and it 's effect on the nodes when I started getting lot of alerts like these
04214: .May 20 06:31:01.460: %STANDBY-3-DUPADDR: Duplicate address 172.19.17.10 on Vlan713, sourced by 0000.0c07.ac1b
According to Cisco documentation ( http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a0080094afd.shtml#t20)
this can happen if there is
Momentary STP loops
EtherChannel configuration issues or
Duplicated frames
So when I checked the HSRP configurations , different group numbers were used for each VLAN in the infrastructure.
Regards,
Anup
05-21-2013 08:01 AM
1 ) What is exactly the relavance of HSRP group ?
Routers that provide redundancy for a given gateway address are assigned to a common HSRP group-
So you can create a single group with 10 Routers for one VLAN interface- one router becomes Active, otherone becomes standby and rest stay in listen state
Or you can create multiple groups for the same VLAN interface and use the groups for load balancing traffic across uplinks
2) What is exactly the best practise when configuring HSRP groups - Each group for each vlan or Same group for all VLANs ?
HSRP groups are locally significant, so you can use the same group number for all the VLAN interfaces but if you have a bigger switch that supports more than 16 group number then its better to match the group number with VLAN number for simplicity and for troubleshooting purposes.
Siddhartha
05-21-2013 08:25 AM
Thanks for the information , Siddhartha !
I never knew you I could use more than two routers when configuring HSRP !
So I can use different group numbers for the same VLAN interface as well ? Wouldn't that cause the single Standby IP to have different MAC addresses ?
Regards,
Anup
05-21-2013 09:01 AM
So I can use different group numbers for the same VLAN interface as well ? Wouldn't that cause the single Standby IP to have different MAC addresses ?
you are right if you use the same standby IP for both groups.
But you will use different standby and different VIP if you define multiple groups for the same VLAN- this for loadbalancing host across multiple uplinks- some of the hosts will have Group1's VIP and other hosts will have Group2's VIP as their DG
Siddhartha
05-04-2017 02:20 AM
The notion of matching group numbers with the VLAN ID is fine until you want to dual-stack your network. You can't use IPv4 and IPv6 addresses in the same HSRP group, so you are probably forced to use common group numbers, covering multiple VLANs, exclusively for IPv6.
This is a rather unpleasant surprise to people who have made a nice, neat HSRP configuration where everything matches, and then start looking at v6 deployment.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide