Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2644
Views
0
Helpful
13
Replies

HSRP with vPC

Go to solution
mohankumarm
Level 1
Level 1

‎05-03-2013 08:17 AM - edited ‎03-07-2019 01:09 PM

Hello,

Just want to check if you can use the burned-in MAC option on HSRP on VLAN interfaces in the current NX-OS version 6.x. testing shows that nothing seems to break during failover if this option is configured .

Thanks and Regards.

Labels:
0 Helpful
4 Accepted Solutions

Accepted Solutions

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame

‎05-03-2013 11:35 AM

Hi Mohan,

This issue can only happns if you are using IPv6.

Packet Forwarding in a vPC with a HSRP V6 Group

In a vPC, packets that are forwarded through an HSRP virtual IP address (VIP) or virtual MAC address (VMAC) might fail. This situation can occur if a VLAN that is in a vPC has a HSRP V6 group and has the use-bia option enabled on an interface. Layer 3 traffic will be disrupted and packets might not reach the VIP. Removing the use-bia option from the interface in the vPC should correct this issue.

http://www.cisco.com/en/US/docs/switches/datacenter/sw/5_x/nx-os/release/notes/51_nx-os_release_note.html

HTH

View solution in original post

0 Helpful

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame
In response to mohankumarm

‎05-03-2013 02:54 PM

Hi Mohan,

I would just go with traditional virtual MAC which is default and no need for an additional command. I really could not find what benefit this command provides.

Just my opinion.

HTH

Reza

View solution in original post

0 Helpful

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame
In response to mohankumarm

‎05-03-2013 03:10 PM

Hi Mohan,

With traditional, there is no need to configure any mac address at all.  It is all done for you when you create your HSRP group.  Make sure to use HSRP version 2, as it provides the benefit of having the same vlan id matching your HSRP group because ver 2 supports up to 4094 groups.  I think, ver 1 is only up to 255.

So, it is nice and convenient to have for example vlan 425 and HSRP group 425.  You couldn't do this with ver 1 since the max number of HSRP group is 255. You also want to make sure what ever device is your primary vPC to be the active HSRP and the secondary vPC to be the backup HSRP.

HTH

Reza

View solution in original post

0 Helpful

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame
In response to mohankumarm

‎05-03-2013 03:18 PM

Here is sample config of HSRP on your primary vPC

interface Vlan517

  ip address 192.xx.xx.67/27

  hsrp version 2

  hsrp 517

  hsrp version 2

  priority 110

   ip 192.xx.xx.65

  no shutdown

HTH

Reza

View solution in original post

0 Helpful
13 Replies 13

Go to solution
InayathUlla Sharieff
Cisco Employee
Cisco Employee

‎05-03-2013 10:00 AM

Hi Mohan,

To configure HSRP to use the burned-in MAC address of the interface for the virtual MAC address, use the following command in interface configuration mode:

Command

Purpose

hsrp use-bia[scope interface]

Example:

switch(config-if)# hsrp use-bia

Ref;http://www.cisco.com/en/US/docs/switches/datacenter/sw/5_x/nx-os/unicast/configuration/guide/l3_hsrp.html

HTH

Regards

Inayath

*Plz rate all usefull posts.

0 Helpful

Go to solution
mohankumarm
Level 1
Level 1
In response to InayathUlla Sharieff

‎05-03-2013 02:39 PM

Hi Inayath,

Thanks very much indeed, but is there any caveat when you use this is the question now..which according to Reza is a bug for v6 HSRP groups.

Thanks and Regards

Mohan

0 Helpful

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame

‎05-03-2013 11:15 AM

Hi Mohan,

I have never used the use-bia command, but Is there a reason for not using the virtual mac address?

Reza

0 Helpful

Go to solution
mohankumarm
Level 1
Level 1
In response to Reza Sharifi

‎05-03-2013 02:30 PM

Hi Reza,

The thought process here to use this command was because the layer 2 uplinks to the core will have two forwarding entries always in the mac table if "use-bia" is used  and also if you are using special servers like NetApp, which need mac address sourced of the Burned in address.  So just wondering if it is safe to use the floating virtual vs use-bia.

0 Helpful

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame

‎05-03-2013 11:35 AM

Hi Mohan,

This issue can only happns if you are using IPv6.

Packet Forwarding in a vPC with a HSRP V6 Group

In a vPC, packets that are forwarded through an HSRP virtual IP address (VIP) or virtual MAC address (VMAC) might fail. This situation can occur if a VLAN that is in a vPC has a HSRP V6 group and has the use-bia option enabled on an interface. Layer 3 traffic will be disrupted and packets might not reach the VIP. Removing the use-bia option from the interface in the vPC should correct this issue.

http://www.cisco.com/en/US/docs/switches/datacenter/sw/5_x/nx-os/release/notes/51_nx-os_release_note.html

HTH

0 Helpful

Go to solution
mohankumarm
Level 1
Level 1
In response to Reza Sharifi

‎05-03-2013 02:37 PM

Great! so applying this command affects v6 but was going through the 6.x release notes last night and using ":use-bia" was not recommended ..cannot find that now...but may be due to the above reason...

But which is better to use then?

Thanks and Regards,

Mohan

0 Helpful

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame
In response to mohankumarm

‎05-03-2013 02:54 PM

Hi Mohan,

I would just go with traditional virtual MAC which is default and no need for an additional command. I really could not find what benefit this command provides.

Just my opinion.

HTH

Reza

0 Helpful

Go to solution
mohankumarm
Level 1
Level 1
In response to Reza Sharifi

‎05-03-2013 03:00 PM

Hi Reza,

With the traditional one, is it required to hard code mac's on both primary and secondary or is it just dont anything and the defaults will take care of itself..for Virtual MAC i mean.

0 Helpful

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame
In response to mohankumarm

‎05-03-2013 03:10 PM

Hi Mohan,

With traditional, there is no need to configure any mac address at all.  It is all done for you when you create your HSRP group.  Make sure to use HSRP version 2, as it provides the benefit of having the same vlan id matching your HSRP group because ver 2 supports up to 4094 groups.  I think, ver 1 is only up to 255.

So, it is nice and convenient to have for example vlan 425 and HSRP group 425.  You couldn't do this with ver 1 since the max number of HSRP group is 255. You also want to make sure what ever device is your primary vPC to be the active HSRP and the secondary vPC to be the backup HSRP.

HTH

Reza

0 Helpful

Go to solution
mohankumarm
Level 1
Level 1
In response to Reza Sharifi

‎05-03-2013 03:14 PM

Hi Reza,

All done, we have everything configured as above, v2 groups, priorities for active etc, but we had the additional "use-bia" which we will remove to go traditional.

Thanks very much again..

Best Regards,

Mohan

0 Helpful

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame
In response to mohankumarm

‎05-03-2013 03:18 PM

Here is sample config of HSRP on your primary vPC

interface Vlan517

  ip address 192.xx.xx.67/27

  hsrp version 2

  hsrp 517

  hsrp version 2

  priority 110

   ip 192.xx.xx.65

  no shutdown

HTH

Reza

0 Helpful

Go to solution
mohankumarm
Level 1
Level 1
In response to Reza Sharifi

‎05-03-2013 03:26 PM

Thanks a tonne mate. we are using v2 as well which makes it easy to match those vlan interfaces with the group numbers..thanks a lot again.

Best Regards,

Mohan

0 Helpful

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame
In response to mohankumarm

‎05-03-2013 03:32 PM

Glad to help Mohan.

Good luck and thanks for the ratings

Reza

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card