Re: MHSRP on sub interfaces

eezergeezer · ‎04-20-2011

Hey Guys,

i have 2 x c3945 routers

Configured as follows:

router 1:

interface GigabitEthernet0/0
ip address 172.31.132.204 255.255.255.248
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 172.31.102.6 255.255.255.0
media-type sfp
standby 1 ip 172.31.102.5
standby 1 timers 1 2
standby 1 priority 110
standby 1 preempt
standby 1 track 1 decrement 50
standby 2 ip 172.31.102.4
standby 2 timers 1 2
standby 2 priority 95
standby 2 preempt
standby 2 track 1 decrement 50

router 2:

interface GigabitEthernet0/0
description
ip address 172.31.128.204 255.255.255.248
duplex auto
speed 1000
!
interface GigabitEthernet0/1
ip address 172.31.102.1 255.255.255.0
media-type sfp
standby 1 ip 172.31.102.5
standby 1 timers 1 2
standby 1 priority 95
standby 1 preempt
standby 1 track 1 decrement 50
standby 2 ip 172.31.102.4
standby 2 timers 1 2
standby 2 priority 110
standby 2 preempt
standby 2 track 1 decrement 50
!

layer 2 switch connected to router 1 has say 5 vlans configured. (will be many more in future)

1st question: In order the reach the router from each vlan a sub int needs to be created on the router interface right?

2nd question is: Im wondering what HSRP configuration needs to be changed to accomodate failover for each vlan. I dont want to create hsrp groups for each vlan as this would mean degradation in traffic when I have lots of vlans communicating with the router.

Would I need just specify the same standby groups created above for each VLAN?

Please give me an example if possible..

thanks in advance!

Richard Burts · ‎04-20-2011

Amar

Yes if the switch has 5 vlans and you want the router to route between the vlans then there must be at least 4 subinterfaces configured on the router (or 5 subinterfaces depending on how you do the native vlan).

If you want failover capability between routers for each vlan then each router subinterface needs to be configured with HSRP. I do not see that it makes much difference whether you use same HSRP group numbers or different. And I wonder if you really need 2 HSRP groups on each subinterface.

HTH

Rick

Sent from Cisco Technical Support iPhone App

HTH

Rick

eezergeezer · ‎04-20-2011

Hi Richard,

I dont want to route between the VLANS per se . Just for each to be able to reach the router..

eg each VLAN is for a customer.

vlan 1 = 10.115.11.0/28

vlan 2 = 10.115.11.16/28

etc

Customers need to connect to the router and access a server behind the router/firewalls sourcing from 172.31.102.0/24

would this mean I need to create a sub int with for each subnet for vlan??

gateway vlan 1 = 10.115.11.1 sub int .1

gateway vlan 2 = 10.115.11.17 sub int .2

etc

I understand the rest of your response.

what you are saying is I would need to add the same hsrp groups and settings for each sub int right?

(the reason I have 2 groups is due to load balancing on the links.) the routers are in differant locations and latency sensitive so clients in location A connect to the 1st router as primary.. clients in location B connect to 2nd router as primary..

something im still not clear on is whether the standby IP's would change or not? would the standby IP remain 172.31.102.5 and 172.31.102.4 for each sub interface?

thanks for your prompt response...

visitor68 · ‎04-20-2011

Yes, you need different standby addresses. How else are you going to be able to split the traffic? You also have to have half the clients pointing to one standby address as the VLAN DG and half to the other.

eezergeezer · ‎04-21-2011

What I mean is can I use the same standby addresses for each sub interface?

eg:

interface GigabitEthernet0/1
ip address 172.31.102.6 255.255.255.0
media-type sfp
standby 1 ip 172.31.102.5
standby 1 timers 1 2
standby 1 priority 110
standby 1 preempt
standby 1 track 1 decrement 50
standby 2 ip 172.31.102.4
standby 2 timers 1 2
standby 2 priority 95
standby 2 preempt
standby 2 track 1 decrement 50

interface gigabitethernet0/1.100

ip address 10.1.155.1 255.255.255.240

standby 1 ip 172.31.102.5
standby 1 timers 1 2
standby 1 priority 110
standby 1 preempt
standby 1 track 1 decrement 50
standby 2 ip 172.31.102.4
standby 2 timers 1 2
standby 2 priority 95
standby 2 preempt
standby 2 track 1 decrement 50

interface gigabitethernet0/1.200

ip address 10.1.155.17 255.255.255.240

standby 1 ip 172.31.102.5

standby 1 timers 1 2

standby 1 priority 110

standby 1 preempt

standby 1 track 1 decrement 50

standby 2 ip 172.31.102.4

standby 2 timers 1 2

standby 2 priority 95

standby 2 preempt

standby 2 track 1 decrement 5

etc???

Richard Burts · ‎04-21-2011

Amar

No you can not use the same IP addresses for each HSRP group. The address you use for standby must be in the same subnet as the address used on the subinterface. So if you have this subinterface:

interface gigabitethernet0/1.100

ip address 10.1.155.1 255.255.255.240

then the standby address must be in the 10.1.155.0 subnet.

HTH

Rick

HTH

Rick

Atif Awan · ‎04-21-2011

rburts wrote:

Amar

No you can not use the same IP addresses for each HSRP group. The address you use for standby must be in the same subnet as the address used on the subinterface. So if you have this subinterface:

interface gigabitethernet0/1.100

ip address 10.1.155.1 255.255.255.240

then the standby address must be in the 10.1.155.0 subnet.

HTH

Rick

Just to provide one additional piece of information, there is a feature called 'HSRP Multi Group Optimization' that lets you to have multiple HSRP instances follow the state of a master instance. This is useful in environment like yours where you have many subinterfaces configured on the same physical interface and you need to provide FHRP services on all of them. Following URL has configuration examples of this:

http://www.cisco.com/en/US/docs/ios/ipapp/configuration/guide/ipapp_hsrp_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1056999

By the way whatever Rick has told you still holds, you need to have a unique standby IP for each subinterface (unless they are in VRFs as shown in the example).

Atif