05-31-2018 11:29 AM - edited 03-08-2019 03:12 PM
Hello,
I have the following topology.
* I need to configure HSRP to allow redundacy in the network from my two ISP providers.
I just thinking do a vlan for my two isp and use the swich to make the hsrp for thar vlans. I have an isp router that is not management (not cisco) and other isp that is cisco and management.
Any advirse?
Thanks,
05-31-2018 11:38 AM
Hi,
Usually, the ISPs don't configure HSRP or VRRP with their customers. They just provide a /30 for each point-to-point connection. In your case, you can simply use a default route to each provider and that will provide redundancy and load balancing to you.
HTH
05-31-2018 11:40 AM
But I need to configure first HSRP in the switch L3, right? I have never configured hsrp.
05-31-2018 12:00 PM
The topology provided doesn't really indicate the need for HSRP. There is no place to run HSRP.
In a general sense, if there were two principal switches operating at Layer 3, with each connected to one ISP and switch 0, 1 and 2 had uplinks to each, then it would make sense to run HSRP between the two principal switches. So if one failed the other would take over.
Hope this helps, and if necessary please elaborate further on what you are trying to accomplish.
Regards
05-31-2018 01:39 PM
Thanks for reply.
Ok. I have a secundary isp because sometimes my primary isp is down. I want to have a redundant link that if my principal ISP is down, my secundary start working immediately (yes, with the respect relay).
I understand you about use two switch L3. But, why can't I use just one L3 with a vlan between ISP1 and ISP2?
Regards,
05-31-2018 05:02 PM
I understand you about use two switch L3. But, why can't I use just one L3 with a vlan between ISP1 and ISP2?
As I said before, the ISPs don't run HSRP or VRRP on their side and in this case you don't need it.
Ok. I have a secundary isp because sometimes my primary isp is down. I want to have a redundant link that if my principal ISP is down, my secundary start working immediately (yes, with the respect relay).
Run layer-3 on your switch and all you need is 2 /30s (one to each ISP) and 2 default routers (one to each ISP) configured on your switch. With this config, if the primary ISP fails the backup will take over without any downtime. When both ISPs are up and running, the traffic will be load balanced to both ISPs.
HTH
06-01-2018 08:57 AM
Ok understand.
Is this design better?
Two switch L3 for HSRP (one switch to ISP) and other switch L3(Switch 0) for connect my all network.
06-01-2018 09:08 AM
Yes, this design gives you redundancy. So, if the 3560 on the left side fails, you have another one on the right side to use. You can run HSRP or VRRP between the 2 3560s for outbound traffic exiting your network.
HTH
06-02-2018 07:39 PM - edited 06-02-2018 07:41 PM
Perfect!
But I have some doubts using HSRP:
1. I have multiple vlans. In this design I have 3, but in my real design I have 20 vlans. Question is, how the multiple vlans will work with HSRP if I have multiple gateway with the vlans?
Can I do multiple HSRP group for the different vlans?
Also, "In order to avoid possible problems when by accident two broadcast domains are joined I would use HSRP with authentication using a different password in each vlan", right?
PD: I don't use DHCP in my network for the Gateway IP
2. If I do a configuration in 3560 Multilayer SW-1, Do I have to do the same configuration in the other one?
Thanks,
06-02-2018 07:48 PM - edited 06-02-2018 07:49 PM
It does not matter how many vlans you have. You just create one HSRP instance per vlan and you make say the left side HSRP master by giving it a higher priority and keep the right side as default. All vlans would traverse the left side to get out and if the left side switch fails, the right side will take over packet forwarding. The config for both switches is the same except the physical IP address and the priority which only the master side need it.
HTH
06-03-2018 02:13 PM - edited 06-03-2018 02:20 PM
I did the configuration of the HSRP in both switch, but when I down the interface from the router1 -> sw1 is not working, because the packet must go from sw-2 -> router2.
This is the HSRP configuration, SW-1-L3
Vlan209 - Group 1
State is Active
7 state changes, last state change 00:15:58
Virtual IP address is 190.191.209.30
Active virtual MAC address is 0000.0C07.AC01
Local virtual MAC address is 0000.0C07.AC01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 2.893 secs
Preemption enabled
Active router is local
Standby router is 190.191.209.3
Priority 200 (configured 200)
Group name is hsrp-Vl2-1 (default)
SW-2-L3
Vlan209 - Group 1
State is Standby
3 state changes, last state change 00:16:21
Virtual IP address is 190.191.209.30
Active virtual MAC address is 0000.0C07.AC01
Local virtual MAC address is 0000.0C07.AC01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.829 secs
Preemption enabled
Active router is 190.191.209.2
Standby router is local
Priority 150 (configured 150)
Group name is hsrp-Vl2-1 (default)
Thanks,
06-03-2018 02:29 PM
I did the configuration of the HSRP, but is not working. I down the interface fa0/1 from SW-ISP-1 and not working.
This is my confguration in the sw-ISP-1
interface Vlan209
mac-address 00d0.bacc.1201
ip address 190.191.209.2 255.255.255.0
standby 1 ip 190.191.209.30
standby 1 priority 200
standby 1 preempt
and in the sw-isp-2
interface Vlan209
mac-address 0002.165b.5101
ip address 190.191.209.3 255.255.255.0
standby 1 ip 190.191.209.30
standby 1 priority 150
standby 1 preempt
!
What am I doing wrong?
Thanks,
06-03-2018 03:00 PM
So, a couple of comments regarding your config.
1-You don't need the "mac-address x.x.x" commands
2-Also, on the sw-isp-2 you don't need the preamp and priority commands:
here are the commands with changes:
sw-ISP-1
interface Vlan209
ip address 190.191.209.2 255.255.255.0
standby 1 ip 190.191.209.30
standby 1 priority 200
standby 1 preempt
and in the sw-isp-2
ip address 190.191.209.3 255.255.255.0
standby 1 ip 190.191.209.30
Questions:
Are you running a layer-3 link between the sw-isp-1 and sw-isp-2 (fa0/1)?
Can you ping all ips .2, .3 and 30?
If hsrp working as expected, try to shut down interface fa0/2 on sw-isp-1. Does the traffic failover to sw-isp-2?
What is the output of "sh standby"?
HTH
06-03-2018 03:20 PM
1. Yes, i am running a layer-3 link betwen both sw-1 and sw-2.
2. Yes, I can ping .2, .3, .30
3. I shut down interface fa0/2 on sw-isp-1 and the traffic failover to sw-isp-2 to ISP1.
I can ping ISP1 from host with vlan 209, but I can't ping ISP2.
here the standby output:
SW-1:
Vlan209 - Group 1
State is Active
7 state changes, last state change 00:00:21
Virtual IP address is 190.191.209.30
Active virtual MAC address is 0000.0C07.AC01
Local virtual MAC address is 0000.0C07.AC01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.017 secs
Preemption enabled
Active router is local
Standby router is 190.191.209.3, priority 150 (expires in 8 sec)
Priority 200 (configured 200)
Group name is hsrp-Vl2-1 (default)
SW-2:
Vlan209 - Group 1
State is Standby
8 state changes, last state change 00:00:40
Virtual IP address is 190.191.209.30
Active virtual MAC address is 0000.0C07.AC01
Local virtual MAC address is 0000.0C07.AC01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.166 secs
Preemption disabled
Active router is 190.191.209.2, priority 200 (expires in 8 sec)
MAC address is 0000.0C07.AC01
Standby router is local
Priority 150 (configured 150)
Group name is hsrp-Vl2-1 (default)
This's what I need. Fa0/1 Sw-ISP-1 is down, failover the traffic to SW-ISP-2 -> Router2
Thanks,
06-03-2018 05:07 PM
Ok, so all is working except when fa0/1 is shut down.
This's what I need. Fa0/1 Sw-ISP-1 is down, failover the traffic to SW-ISP-2 -> Router2
for this to work, you need to configure HSRP tracking.
Have a look at this link for config examples:
HTH
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide