cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

HSRP/STP Design Question

francisco_1
Rising star
Rising star

see attachment - I have 3 switches. 2 core and 1 access layer. access1 connected to both cores via a single dot1q trunk. vlan 175 active on all switches. according to spanning-tree the root port (gi0/1) is towards CORE1 on access1 and blocking port (gi0/2) to CORE2. the problem is when the HSRP state changes between the CORES, say CORE2 is now the active HSRP peer, spanning-tree topology stay the same and traffic from access1 to CORE1 is blackhole. access1 cannot no longer access anthing on the network and the mac address for 192.168.175.254 is still pointing to CORE1 via gi0/1. any suggestions how to rectify this behaviour?

Francisco.

14 REPLIES 14

John Blakley
Advisor
Advisor

You may want to configure spanning-tree backbonefast on both cores, and spanning-tree uplinkfast on your access switch.

You just enable both at the prompt (if you haven't already done so. It helps with convergence time from a failure.

HTH,

John

HTH, John *** Please rate all useful posts ***

already part of the configs. I need to know how to influence spanning-tree when HSRP state changes if possible.

Francisco.

Jon Marshall
VIP Community Legend VIP Community Legend
VIP Community Legend

Francisco

This is a standard L2 -> L3 design. If the HSRP gateway changes to CORE 2 then traffic should just go from access1 to CORE1 across the L2 trunk to CORE2. Traffic should not be blackholed.

Either something else is happening when the HSRP gateway swaps over that you are not registering ie. what is making the gateway fail over.

Is the trunk link between the 2 core swithes allowing vlan 175 ?

Jon

yeah the trunk is allowing vlan 175. when CORE2 becomes the active, from access1 the port towards CORE1 is still in forwarding state and cannot ping any other vlans from access1.

configs

Core1

spanning-tree vlan 175 8192

interface Vlan175

description ServerManagement_Vlan

ip address 192.168.175.253 255.255.255.0

no ip redirects

arp timeout 300

standby 175 ip 192.168.175.254

standby 175 timers 1 3

standby 175 priority 115

standby 175 preempt delay minimum 60

standby 175 authentication secret

Interface Grp Prio P State Active addr Standby addr Group addr

Vl175 175 115 Active local 192.168.175.252 192.168.175.254

Core2

spanning-tree vlan 175 16384

interface Vlan175

description NetworkManagement_Vlan

ip address 192.168.175.252 255.255.255.0

no ip redirects

arp timeout 300

standby 175 ip 192.168.175.254

standby 175 timers 1 3

standby 175 priority 110

standby 175 preempt

standby 175 authentication secret

Interface Grp Prio P State Active addr Standby addr Group addr

Vl175 175 110 Standby 192.168.175.253 local 192.168.175.254

You need to look at your STP when this happens. Which port as blocked and which are active.

I'm assuming the other vlans are connected to both switches and they too are running HSRP ?

I have used this design in so many networks. It shouldn't matter that the HSRP active and STP root don't match, that is what the L2 trunk between the cores is for.

Can you confirm what happens to that L2 trunk when the HSRP gateway switches across.

Jon