Solved: Inter-vlan routing and HSRP

Steve_Oake · ‎10-21-2011

I'm hoping someone can help me with a lab project I'm am trying to figure out. I am running a router (A) as a DHCP server, Nat translation to the internet, and inter-vlan routing. The problem with this set up is, if the router goes out, it knocks out the whole network. I've done a little research and discovered a possible solution, which is to set up an identical router off the core switch, and use HSRP. But, I am unsure how to do so. I have done a very basic diagram below, leaving of the irrelivant details such as redundant core switch and stp priorities. All links pictured are trunked with dot1q. Below that, I have copied the config file for router A. Currently, router b is just sitting there with nothing programmed on it, as I'm not quite sure what to program. Each of the vlans' default-gateway is set to 200.100.50.1 255.255.255.240. Any help will be appreciated.

Router A Router B

2811 2811

| |

| core |

----------------2950--------------------

| |

2950------------ ---------------2950

Vlan 1 native vlan 1 native

vlan 10 vlan10

vlan 20 vlan 20

vlan 30 vlan 30

Router A Config file

en

conf t

hostname Core_Router

!

ip dhcp pool vlan10

network 200.100.50.16 255.255.255.240

default-router 200.100.50.17

dns-server 164.106.1.1

ip dhcp pool vlan20

network 200.100.50.32 255.255.255.240

default-router 200.100.50.33

dns-server 164.106.1.1

ip dhcp pool vlan30

network 200.100.50.48 255.255.255.240

default-router 200.100.50.49

dns-server 164.106.1.1

exit

ip nat inside source list 1 interface FastEthernet0/1 overload

!

access-list 1 permit any

!

interface fa0/0

no shut

!

interface fa0/0.1

encapsulation dot1Q 1 native

ip address 200.100.50.1 255.255.255.240

ip nat in

NO shut

!

interface fa0/0.10

encapsulation dot1Q 10

ip address 200.100.50.17 255.255.255.240

ip nat in

No shut

!

interface fa0/0.20

encapsulation dot1Q 20

ip address 200.100.50.33 255.255.255.240

ip nat in

No shut

!

interface fa0/0.30

encapsulation dot1Q 30

ip address 200.100.50.49 255.255.255.240

ip nat in

no shut

!

interface FastEthernet0/1

ip address 192.168.0.200 255.255.255.0

ip nat outside

no shutdown

!

interface Vlan1

no shut

!

router eigrp 1

network 200.100.50.0 0.0.0.15

network 200.100.50.16 0.0.0.15

network 200.100.50.32 0.0.0.15

network 200.100.50.48 0.0.0.15

!

ip route 0.0.0.0 0.0.0.0 200.100.50.8

!

line con 0

logging syn

end

kozorezdi · ‎10-21-2011

Hi Steve,

I suppose it should look like this:

############## router A ############

!

ip dhcp pool vlan10

network 200.100.50.16 255.255.255.240

default-router 200.100.50.17

dns-server 164.106.1.1

!

ip dhcp pool vlan20

network 200.100.50.32 255.255.255.240

default-router 200.100.50.33

dns-server 164.106.1.1

!

ip dhcp pool vlan30

network 200.100.50.48 255.255.255.240

default-router 200.100.50.49

dns-server 164.106.1.1

!

ip dhcp excluded-address 200.100.50.17

ip dhcp excluded-address 200.100.50.30

ip dhcp excluded-address 200.100.50.29

!

ip dhcp excluded-address 200.100.50.33

ip dhcp excluded-address 200.100.50.46

ip dhcp excluded-address 200.100.50.45

!

ip dhcp excluded-address 200.100.50.49

ip dhcp excluded-address 200.100.50.30

ip dhcp excluded-address 200.100.50.29

!

ip dhcp pool vlan10

network 200.100.50.16 255.255.255.240

default-router 200.100.50.17

dns-server 164.106.1.1

!

ip dhcp pool vlan20

network 200.100.50.32 255.255.255.240

default-router 200.100.50.33

dns-server 164.106.1.1

!

ip dhcp pool vlan30

network 200.100.50.48 255.255.255.240

default-router 200.100.50.49

dns-server 164.106.1.1

!

interface FastEthernet0/0.1

encapsulation dot1Q 1 native

ip address 200.100.50.14 255.255.255.240

ip nat inside

standby 1 ip 200.100.50.1

standby 1 priority 150

standby 1 preempt delay minimum 30

!

interface FastEthernet0/0.10

encapsulation dot1Q 10

ip address 200.100.50.30 255.255.255.240

ip nat inside

standby 10 ip 200.100.50.17

standby 10 priority 150

standby 10 preempt delay minimum 30

!

interface FastEthernet0/0.20

encapsulation dot1Q 20

ip address 200.100.50.46 255.255.255.240

ip nat inside

standby 20 ip 200.100.50.33

standby 20 priority 150

standby 20 preempt delay minimum 30

!

interface FastEthernet0/0.30

encapsulation dot1Q 30

ip address 200.100.50.62 255.255.255.240

ip nat inside

standby 30 ip 200.100.50.49

standby 30 priority 150

standby 30 preempt delay minimum 30

!

############# Router B ################

!

interface FastEthernet0/0.1

encapsulation dot1Q 1 native

ip address 200.100.50.13 255.255.255.240

ip nat inside

standby 1 ip 200.100.50.1

standby 1 priority 120

standby 1 preempt delay minimum 30

!

interface FastEthernet0/0.10

encapsulation dot1Q 10

ip address 200.100.50.29 255.255.255.240

ip nat inside

standby 10 ip 200.100.50.17

standby 10 priority 120

standby 10 preempt delay minimum 30

!

interface FastEthernet0/0.20

encapsulation dot1Q 20

ip address 200.100.50.45 255.255.255.240

ip nat inside

standby 20 ip 200.100.50.33

standby 20 priority 120

standby 20 preempt delay minimum 30

!

interface FastEthernet0/0.30

encapsulation dot1Q 30

ip address 200.100.50.61 255.255.255.240

ip nat inside

standby 30 ip 200.100.50.49

standby 30 priority 120

standby 30 preempt delay minimum 30

!

tracking:

on R1:

int fas0/0.1

standby 1 track fastEthernet 0/1 40

! 150-40=110 < 120 on R2 - R2 will be Active.

--

Dimitry

View solution in original post

Vaibhava Varma · ‎10-22-2011

Hi Steve

I have few additional inputs regarding this setup

The problem with this set up is, if the router goes out, it knocks out the whole network. I've done a little research and discovered a possible solution, which is to set up an identical router off the core switch, and use HSRP. But, I am unsure how to do so.

HSRP provides Gateway Level Redundancy for the end users by having two gateway routers operate in Active/Standby mode of operation and by providing a shared virtual mac to the end users so that the end user GW is always reachable. Below is a link to Cisco Documentation for same

http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.1_12c_ea1/configuration/guide/swhsrp.html

The only important thing to remember with HSRP is to track the WAN interface under HSRP for no traffic-blackholing if the WAN is down else we need to run routing between the two routers to provide an alternate routing path when the WAN of HSRP Master is down.

Each of the vlans' default-gateway is set to 200.100.50.1 255.255.255.240. Any help will be appreciated.

"Every VLAN will have a separate default-gateway which will be the VLAN's Interface IP in case of Single Router A or HSRP IP in case of Dual Routers A & B "

I'm hoping someone can help me with a lab project I'm am trying to figure out. I am running a router (A) as a DHCP server, Nat translation to the internet, and inter-vlan routing.

When using HSRP we also need to look for the redundancy for the NAT being done for which we have a feature of Stateful NAT which provides stateful nat switchover when using HSRP. You will need to check for the support of same on c2811 and your current IOS.Below is a link to Cisco Documentation for same

http://www.cisco.com/en/US/products/ps6600/products_white_paper09186a0080118b04.shtml

Now from my understanding there is no option available yet for DHCP stateful switchover in IPv4 except for Stateful DHCP Relaying so that would be a challenge as we are using only Router A as DHCP server. If we even make Router B also as DHCP Server Same time there DHCP Binding Database would not be in Sync and there might be IP Conflicts . I think better option would be keep Router A as DHCP Server and configured DHCP relay on Router B and keep two routing paths between Router A and Router B to provide reachability to the DHCP Server on Router A.

Hope this helps you to answer your queries.

Regards

Varma

View solution in original post

kozorezdi · ‎10-22-2011

Hi Steve,

Tracking will allow to switch Router A to Standby mode when Up-link down and Router B will be Active.

I think, better to read manual first:

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_35_se/configuration/guide/swhsrp.pdf

Probably, better to check another solution IP SLA for it.

--

Dimitry

View solution in original post

Steve_Oake · ‎10-21-2011

I'm thinking that if I set up HSRP on fa0/0.1, it should be enough to shut down the redundant router from acting as a DHCP server, inter-vlan routing or internet access since vlan 1 on router b would be on standby, and everything happens through vlan 1. I also was worried that conflicts in addresses might happen if router b's dhcp came up, but had no database of which addresses had been leased, but then I found out that the DHCP server (on Cisco equipment) will ping an address before assigning it to see if it is already in use, so this should not be an issue.

Anyways, I believe on interface fa0/0.1, I could change the address to an unused address (such as 200.100.50.10/28) and use the default address as the standy (standby 1 200.100.50.1). So, my think is, on router A, the config would go something like this:

int fa0/0.1

ip add 200.100.50.10 255.255.255.240

standby 1 ip 200.100.50.1 standby 1 preempt standby 1 priority 100

Router b:

int fa0/0.1

ip add 200.100.50.11 255.255.255.240

standby 1 ip 200.100.50.1 standby 1 preempt standby 1 priority 90

If my theories are wrong, let me know

kozorezdi · ‎10-21-2011

Hi Steve,

I suppose it should look like this:

############## router A ############

!

ip dhcp pool vlan10

network 200.100.50.16 255.255.255.240

default-router 200.100.50.17

dns-server 164.106.1.1

!

ip dhcp pool vlan20

network 200.100.50.32 255.255.255.240

default-router 200.100.50.33

dns-server 164.106.1.1

!

ip dhcp pool vlan30

network 200.100.50.48 255.255.255.240

default-router 200.100.50.49

dns-server 164.106.1.1

!

ip dhcp excluded-address 200.100.50.17

ip dhcp excluded-address 200.100.50.30

ip dhcp excluded-address 200.100.50.29

!

ip dhcp excluded-address 200.100.50.33

ip dhcp excluded-address 200.100.50.46

ip dhcp excluded-address 200.100.50.45

!

ip dhcp excluded-address 200.100.50.49

ip dhcp excluded-address 200.100.50.30

ip dhcp excluded-address 200.100.50.29

!

ip dhcp pool vlan10

network 200.100.50.16 255.255.255.240

default-router 200.100.50.17

dns-server 164.106.1.1

!

ip dhcp pool vlan20

network 200.100.50.32 255.255.255.240

default-router 200.100.50.33

dns-server 164.106.1.1

!

ip dhcp pool vlan30

network 200.100.50.48 255.255.255.240

default-router 200.100.50.49

dns-server 164.106.1.1

!

interface FastEthernet0/0.1

encapsulation dot1Q 1 native

ip address 200.100.50.14 255.255.255.240

ip nat inside

standby 1 ip 200.100.50.1

standby 1 priority 150

standby 1 preempt delay minimum 30

!

interface FastEthernet0/0.10

encapsulation dot1Q 10

ip address 200.100.50.30 255.255.255.240

ip nat inside

standby 10 ip 200.100.50.17

standby 10 priority 150

standby 10 preempt delay minimum 30

!

interface FastEthernet0/0.20

encapsulation dot1Q 20

ip address 200.100.50.46 255.255.255.240

ip nat inside

standby 20 ip 200.100.50.33

standby 20 priority 150

standby 20 preempt delay minimum 30

!

interface FastEthernet0/0.30

encapsulation dot1Q 30

ip address 200.100.50.62 255.255.255.240

ip nat inside

standby 30 ip 200.100.50.49

standby 30 priority 150

standby 30 preempt delay minimum 30

!

############# Router B ################

!

interface FastEthernet0/0.1

encapsulation dot1Q 1 native

ip address 200.100.50.13 255.255.255.240

ip nat inside

standby 1 ip 200.100.50.1

standby 1 priority 120

standby 1 preempt delay minimum 30

!

interface FastEthernet0/0.10

encapsulation dot1Q 10

ip address 200.100.50.29 255.255.255.240

ip nat inside

standby 10 ip 200.100.50.17

standby 10 priority 120

standby 10 preempt delay minimum 30

!

interface FastEthernet0/0.20

encapsulation dot1Q 20

ip address 200.100.50.45 255.255.255.240

ip nat inside

standby 20 ip 200.100.50.33

standby 20 priority 120

standby 20 preempt delay minimum 30

!

interface FastEthernet0/0.30

encapsulation dot1Q 30

ip address 200.100.50.61 255.255.255.240

ip nat inside

standby 30 ip 200.100.50.49

standby 30 priority 120

standby 30 preempt delay minimum 30

!

tracking:

on R1:

int fas0/0.1

standby 1 track fastEthernet 0/1 40

! 150-40=110 < 120 on R2 - R2 will be Active.

--

Dimitry

Steve_Oake · ‎10-22-2011

Thanks for replying.

The last couple of lines are confusing me.

tracking:

on R1:

int fas0/0.1

standby 1 track fastEthernet 0/1 40

! 150-40=110 < 120 on R2 - R2 will be Active.

What is tracking?

The rest of it I think I get, but I want to confirm that router A will be the main router.

Vaibhava Varma · ‎10-22-2011

Hi Steve

I have few additional inputs regarding this setup

The problem with this set up is, if the router goes out, it knocks out the whole network. I've done a little research and discovered a possible solution, which is to set up an identical router off the core switch, and use HSRP. But, I am unsure how to do so.

HSRP provides Gateway Level Redundancy for the end users by having two gateway routers operate in Active/Standby mode of operation and by providing a shared virtual mac to the end users so that the end user GW is always reachable. Below is a link to Cisco Documentation for same

http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.1_12c_ea1/configuration/guide/swhsrp.html

The only important thing to remember with HSRP is to track the WAN interface under HSRP for no traffic-blackholing if the WAN is down else we need to run routing between the two routers to provide an alternate routing path when the WAN of HSRP Master is down.

Each of the vlans' default-gateway is set to 200.100.50.1 255.255.255.240. Any help will be appreciated.

"Every VLAN will have a separate default-gateway which will be the VLAN's Interface IP in case of Single Router A or HSRP IP in case of Dual Routers A & B "

I'm hoping someone can help me with a lab project I'm am trying to figure out. I am running a router (A) as a DHCP server, Nat translation to the internet, and inter-vlan routing.

When using HSRP we also need to look for the redundancy for the NAT being done for which we have a feature of Stateful NAT which provides stateful nat switchover when using HSRP. You will need to check for the support of same on c2811 and your current IOS.Below is a link to Cisco Documentation for same

http://www.cisco.com/en/US/products/ps6600/products_white_paper09186a0080118b04.shtml

Now from my understanding there is no option available yet for DHCP stateful switchover in IPv4 except for Stateful DHCP Relaying so that would be a challenge as we are using only Router A as DHCP server. If we even make Router B also as DHCP Server Same time there DHCP Binding Database would not be in Sync and there might be IP Conflicts . I think better option would be keep Router A as DHCP Server and configured DHCP relay on Router B and keep two routing paths between Router A and Router B to provide reachability to the DHCP Server on Router A.

Hope this helps you to answer your queries.

Regards

Varma

Steve_Oake · ‎10-22-2011

Thanks for the help.

kozorezdi · ‎10-22-2011

Hi Steve,

Tracking will allow to switch Router A to Standby mode when Up-link down and Router B will be Active.

I think, better to read manual first:

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_35_se/configuration/guide/swhsrp.pdf

Probably, better to check another solution IP SLA for it.

--

Dimitry

Steve_Oake · ‎10-22-2011

Thanks for the help.