hsrp track 2 LAN

marellisergio · ‎02-26-2014

hallo , i have a question if my configuration for dual HSRP is correct, and if the HSRP failover works with nat

thank you

ROUTER 1
========
..
track 10 interface GigabitEthernet0/1 line-protocol
track 20 interface GigabitEthernet0/0 line-protocol
!
interface GigabitEthernet0/0
ip address 172.16.1.11 255.255.0.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
standby 10 ip 172.16.1.10
standby 10 priority 110
standby 10 preempt
standby 10 authentication
standby 10 track 10 decrement 20
!
!
interface GigabitEthernet0/1
ip address 87.248.47.37 255.255.255.224
ip access-group 116 in
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
standby 20 ip 87.248.47.36
standby 20 priority 110
standby 20 preempt
standby 20 authentication
standby 20 track 20 decrement 20
!
!

ROUTER 2
========
..
track 10 interface GigabitEthernet0/1 line-protocol
track 20 interface GigabitEthernet0/0 line-protocol
!
interface GigabitEthernet0/0
ip address 172.16.1.12 255.255.0.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
standby 10 ip 172.16.1.10
standby 10 priority 95
standby 10 preempt
standby 10 authentication
standby 10 track 10 decrement 20
!
!
interface GigabitEthernet0/1
ip address 87.248.47.38 255.255.255.224
ip access-group 116 in
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
standby 20 ip 87.248.47.36
standby 20 priority 95
standby 20 preempt
standby 20 authentication
standby 20 track 20 decrement 20
!
!

FOR ANY ROUTER
==============
ip forward-protocol nd
!
ip nat pool xxx
ip nat inside source list 56 pool .... overload
ip nat inside source static a.a.a.a b.b.b.b
..
..
ip route x.x.x.x 255.255.252.0 87.248.47.xx
..
..
ip route y.y.y.y 255.255.255.255 87.248.47.xx
!
access-list 56 permit any
access-list 116 permit tcp host ..............
..
access-list 116 permit ......................
access-list 116 deny ip any any

Richard Burts · ‎02-26-2014

I do not see anything that is "incorrect" in the syntax of this config for HSRP. I will comment that you may not get the results that you expect if you track the line protocol of the GigEthernet interfaces, especially on the LAN side. Since the router connections are through a switch it is quite possible that you will lose the ability to communicate between HSRP peers but that the interface line protocol will stay up on the active router. I will also question if the connections on G0/1 are really through a router how you will get both interfaces into the same subnet. It is not an issue on router 1 or router 2 but how does the other router have 2 routed ports in the same subnet?

I am slightly confused about your second question. You seem to be asking does HSRP work when you are running NAT. I can not think of anything about NAT that would impact HSRP failover. But if your question is really about whether running NAT is impacted when you run HSRP then I believe that the answer is that if traffic has been running through router 1 and a set of translations have been built on router 1 and then you failover to router 2 then there will not be the same set of translations on that router. So there would be some impact on traffic in that case.

HTH

Rick

HTH

Rick

marellisergio · ‎02-26-2014

ok, sorry for my english. I need to have two routers with two virtual IP failover on both networks. Using the GE because they are connected to the switch, both in my network in that set. so I wanted to know if I should track both or not. for the second question because I already active in the connection, but where I only have the virtual address on the network and when I switch failover servizo an HTTP is blocked. for this service calls arriving from the network exposed, while the chiamte from my inside to the exposed running properly

below as they are actually connected the router thanks