Solved: Ok well I think the config is - Page 3

clybumat1 · ‎02-06-2017

See below for an example of our topology. I've been asked to install a secondary L3 switch and implement HSRP between the primary and secondary.

Currently we just have the single Primary switch which has SVI's for several different user VLANs. The two example user switches just have a single connection to this switch - switchport access vlan 10 and switchport access vlan 20. On the L3 switch side, the vlans are trunked on the interfaces (switchport trunk allowed vlan 10 etc)

We will be installing a secondary L3 switch for a redundant connection on each user switch. This will need to be the standby router.

My general instructions are "each SVI will need to be converted to an HSRP address"

What is my first step here? I assume I need to determine a virtual IP address for the HSRP group. Does this mean the IP address for each SVI will need to be converted to this virtual IP address? What would be an example config for the SVIs on the Primary and Secondary switches?

Almost forgot - How will spanning-tree factor in with all of this? Do I need to consider any changes to spanning-tree when implementing this config?

clybumat1 · ‎02-07-2017

Ok well I think the config is right so it must be a packet tracer bug. We will try a live test on a low traffic user switch and see what happens.

Thanks for all you're help!

Francesco Molino · ‎02-07-2017

You're welcome

Thanks

PS: Please don't forget to rate and mark as correct answer if this answered your question

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

clybumat1 · ‎02-09-2017

Quick question - I'm starting the config on the secondary L3 switch. Each VLAN network on the primary is setup in EIGRP for routing. Should I be duplicating these entries on the Secondary core, or can they just remain on the primary?

Julio E. Moisa · ‎02-09-2017

Hi

Yes the same entries should be under the EIGRP process because you are implementing HSRP for High availability and redundancy the otherwise if the primary L3 switch is down, you will not able to advertise the subnets to other routers or L3 devices using EIGRP.

:-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

clybumat1 · ‎02-10-2017

Question - I'm assuming each SVI will need it's own unique group number. But should the priority values be the same? IE 110 on the primary, 90 on the secondary.

Francesco Molino · ‎02-10-2017

Hi

The standby group could be 10 for all your SVI. and priority setting could also be the same.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Francesco Molino · ‎02-10-2017

Just to add an information.

Keeping the same group id will works on switches but on routers, using subinterface for example, it will require a different group ID.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Julio E. Moisa · ‎02-10-2017

Hi

By default the HSRP priority value is 100, if you want to keep an active and standby you could only increase the value on the primary switch.

Active priority must be greater than standby priority.

The group ID must be different for different SVI.

Example:

Primary switch

interface vlan 100
ip add 192.168.100.2 255.255.255.0
standby 100 ip 192.168.100.1
standby 100 preempt
standby 100 priority 105
no shut

interface vlan 200
ip add 192.168.200.2 255.255.255.0
standby 200 ip 192.168.200.1
standby 200 preempt
standby 200 priority 105
no shut

Secondary swtich

** You can remove the priority command line because it will take the default priority value that is 100. If you want to verify you can execute the command:

show standby vlan 100
show standby vlan 200

interface vlan 100
ip add 192.168.100.3 255.255.255.0
standby 100 ip 192.168.100.1
standby 100 preempt
no shut

interface vlan 200
ip add 192.168.200.3 255.255.255.0
standby 200 ip 192.168.200.1
standby 200 preempt
no shut

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Julio E. Moisa · ‎02-07-2017

Yep your config is right, the packet tracer could be the issue.

:-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

clybumat1 · ‎02-07-2017

I'm running version 7.0.

Francesco Molino · ‎02-07-2017

Hi

Do you see traffic "HSRP Hello" if you run a debug?

From one to the other end, can you ping 224.0.0.2? The reply should come from the other end vlan 10 IP.

Thanks

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

clybumat1 · ‎02-07-2017

Debug is showing hello being sent from both L3 switches with the right IP address and priority.

I can't ping that address from either switch.

Julio E. Moisa · ‎02-06-2017

Hi

If we are based on your diagram, you should enable a trunk between your L3 switches to pass all your vlans and to enable the HSRP communication between these devices otherwise you could have the SVI's as active on both L3 switches. HSRP works with active and standby modes.

You could set up the following configuration, example:

Primary L3

interface vlan 10
ip add x.x.x.2 255.255.255.0
standby 10 ip x.x.x.1 <--- your virtual hsrp ip
standby 10 preempt
standby 10 priority 105
standby 10 authentication md5 key-string <password> <-- this is optional
no shut

Secondary L3

interface vlan 10
ip add x.x.x.3 255.255.255.0
standby 10 ip x.x.x.1 <--- your virtual hsrp ip
standby 10 preempt
standby 10 priority 100 <--- default
standby 10 authentication md5 key-string <password> <-- this is optional
no shut

The hosts over the vlan 10 will use the virtual IP .1 as the gateway. The standby group (standby <group id>) should be different for each SVI, it could be selected from 1 to 255.

If you use tracking it will decrease in 10 by default. The greater HSRP priority will be selected as active

You can check the HSRP, executing: show standby vlan 10

You can keep the STP primary root on the primary L3 and the backup root on the secondary L3.

example

Primary L3

spanning root vlan 10 priority 4096

Secondary L3

spanning root vlan 10 priority 8192

Please rate the comment if it is useful :-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Joseph W. Doherty · ‎02-07-2017

I don't think it was mentioned in the other posts, but normally you would set your virtual IP to be what ever your current physical gateway IP is now.

When you do that, HSRP should send out a gratuitous ARP, so hosts should update their ARP caches. However, if a host doesn't, it won't be able to use the gateway until its ARP entry times out or you manually clear the ARP cache on that host.

When working with multiple VLANs, if you want to take advantage of using both gateways, you might alternate active HSRP gateways per L3 switch. Another way to take of advantage of using both gateway devices, rather than using HSRP you might consider using GLBP, if its supported on your devices. Also if your L3 switches are stackable, or VSS capable, you could use those features then you don't need to use a FHRP.

clybumat1 · ‎02-07-2017

I don't think it was mentioned in the other posts, but normally you would set your virtual IP to be what ever your current physical gateway IP is now.

Well each user switch uses the ip address of the SVI on the L3 switch as it's gateway. Example, the vlan 10 SVI, the default gate-way on that particular user switch is ip default-gateway 10.4.10.1

So how could there be multiple virtual IPs?

Things to consider when implementing HSRP?