Solved: HSRP with NAT & VRF & Dot1Q--Is this possible?

Tracey Foster · ‎03-14-2012

Hello,

I started with one switch, S1, and one router with 20 VLANs trunking from switch to router. Router, R1, interface has 20 sub-interfaces for each VLAN that is then NAT and VRF. This works well. Now I have to add some redundancy.

I plan on having a second switch, S2, (both 3560) to split the 20 VLAN's across. I have a second router, R2 (both are 2911's). Both R1 and R2 will be connected to R3, my connection to everything else on the global side. At this time R3 is confirgured with static routes.

I have established the connectivity from S1 to R2 as a trunk. I have configured R2 with a sub-interface, NAT, VRF, Standby. R1 interface has the standby configurations also, see below for all of them.

When I do a show standby on R1, I can see the it as active, but standby is unknown. On R2, it shows it as standby and active unknow. When I pull the plug between R1 and S1, I see the standby swap, but it is not routing. I assumed that I would have to make a static route change for the next hop router IP to be R2 instead of R1, but that didn't seem to bring the ping back.

I know I am missing something, just not sure what? Also want to confirm that what I am trying to do can happen: NAT, VRF, Static Routes, HSRP.

Configs:

S1:

interface GigabitEthernet0/1

description trunk to R2

switchport trunk encapsulation dot1q

switchport mode trunk

interface GigabitEthernet0/9

description trunk to R1

switchport trunk encapsulation dot1q

switchport mode trunk

R1:

ip vrf VLAN12

interface GigabitEthernet0/0.12

encapsulation dot1Q 12

ip vrf forwarding VLAN12

ip address 192.168.26.99 255.255.255.0

ip nat inside

ip virtual-reassembly in

standby 0 ip 192.168.26.100

standby 0 priority 120

standby 0 preempt

interface GigabitEthernet0/1

ip address 172.16.1.1 255.255.255.0

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

ip nat inside source static network 192.168.26.0 172.16.12.0 /24 vrf VLAN12

ip route vrf VLAN12 0.0.0.0 0.0.0.0 172.16.1.3 global

R2:

ip vrf VLAN12

interface GigabitEthernet0/1

description link to R3

ip address 172.16.5.2 255.255.255.0

duplex auto

speed auto

interface GigabitEthernet0/2.12

encapsulation dot1Q 12

ip address 192.168.26.98 255.255.255.0

ip nat inside

ip virtual-reassembly in

standby 0 ip 192.168.26.100

standby 0 priority 110

standby 0 preempt

ip nat inside source static network 192.168.26.0 172.16.12.0 /24 vrf VLAN12

ip route vrf VLAN12 0.0.0.0 0.0.0.0 172.16.5.1 global

ip route 10.0.0.0 255.0.0.0 172.16.5.1

R3:

interface GigabitEthernet0/0

ip address 10.0.0.1 255.255.255.0

duplex auto

speed auto

!

interface GigabitEthernet0/1

ip address 172.16.1.3 255.255.255.0

duplex auto

speed auto

!

interface GigabitEthernet0/2

ip address 172.16.5.1 255.255.255.0

duplex auto

speed auto

ip route 172.16.12.0 255.255.255.0 172.16.5.2

ip route 172.16.12.0 255.255.255.0 172.16.1.1

Matthew Blanshard · ‎03-14-2012

You are missing the vrf on the R2 subinerface. For the standby issue, can you send the output of show interface trunk and show vtp status on S1?

-Matt

View solution in original post

Matthew Blanshard · ‎03-14-2012

You are missing the vrf on the R2 subinerface. For the standby issue, can you send the output of show interface trunk and show vtp status on S1?

-Matt

Tracey Foster · ‎03-14-2012

Thank you Matt!

I added the IP VRF to R2 G0/2.12.

I also added the IP NAT Outside to R2 G0/1

As you can see below, there are other VLAN's on this switch, but I figure if I can get it to work with Vlan12, I can get the rest to work.

R3 has static route

ip route 172.16.12.0 255.255.255.0 172.16.1.1

at this time I have to manually change it to

ip route 172.16.12.0 255.255.255.0 172.16.5.2

If I do this, everything works! Drops a ping or two, but it works. Now I need to figure out how to do this with the static routes.

If I do HSRP on R1 G0/1 and R2 G0/1, can I then use the Standby Tracking option and this will expand the redundancy capabilies and eliminate the static route problem?

I am still have a problem understanding the Standby groups also.... I am going to have to do HSRP for 22 different VLANs that are getting NAT and VRF. I think I will have to use a stanby group for each VLAN correct?

Thanks for all the help!

Tracey

switch1#sh int trunk

Port        Mode             Encapsulation Status        Native vlan
Gi0/1       on               802.1q         trunking      1
Gi0/9       on               802.1q         trunking      1
Gi0/11      on               802.1q         trunking      1
Gi0/12      on               802.1q         trunking      1

Port        Vlans allowed on trunk
Gi0/1       1-4094
Gi0/9       1-4094
Gi0/11      1-4094
Gi0/12      1-4094

Port        Vlans allowed and active in management domain
Gi0/1       1,10-13,50
Gi0/9       1,10-13,50
Gi0/11      1,10-13,50
Gi0/12      1,10-13,50

Port        Vlans in spanning tree forwarding state and not pruned
Gi0/1       1,10-13,50
Gi0/9       1,10-13,50
Gi0/11      1,10-13,50

Port Vlans in spanning tree forwarding state and not pruned
Gi0/12 1,10-13,50

sh vtp status

VTP Version : running VTP1 (VTP2 capable)

Configuration Revision : 7

Maximum VLANs supported locally : 1005

Number of existing VLANs : 10

VTP Operating Mode : Server

VTP Domain Name :

VTP Pruning Mode : Disabled

VTP V2 Mode : Disabled

VTP Traps Generation : Disabled

MD5 digest : 0x20 0x3D 0xAD 0xFE 0x3A 0x3E 0x8C 0x14

Configuration last modified by 172.16.50.5 at 3-1-93 02:49:15

Local updater ID is 192.168.26.101 on interface Vl12 (lowest numbered VLAN inter

face found)sh vtp status
VTP Version                     : running VTP1 (VTP2 capable)
Configuration Revision          : 7
Maximum VLANs supported locally : 1005
Number of existing VLANs        : 10
VTP Operating Mode              : Server
VTP Domain Name                 :
VTP Pruning Mode                : Disabled
VTP V2 Mode                     : Disabled
VTP Traps Generation            : Disabled
MD5 digest                      : 0x20 0x3D 0xAD 0xFE 0x3A 0x3E 0x8C 0x14
Configuration last modified by 172.16.50.5 at 3-1-93 02:49:15
Local updater ID is 192.168.26.101 on interface Vl12 (lowest numbered VLAN inter
face found)