02-06-2017 07:29 PM - edited 03-08-2019 09:13 AM
See below for an example of our topology. I've been asked to install a secondary L3 switch and implement HSRP between the primary and secondary.
Currently we just have the single Primary switch which has SVI's for several different user VLANs. The two example user switches just have a single connection to this switch - switchport access vlan 10 and switchport access vlan 20. On the L3 switch side, the vlans are trunked on the interfaces (switchport trunk allowed vlan 10 etc)
We will be installing a secondary L3 switch for a redundant connection on each user switch. This will need to be the standby router.
My general instructions are "each SVI will need to be converted to an HSRP address"
What is my first step here? I assume I need to determine a virtual IP address for the HSRP group. Does this mean the IP address for each SVI will need to be converted to this virtual IP address? What would be an example config for the SVIs on the Primary and Secondary switches?
Almost forgot - How will spanning-tree factor in with all of this? Do I need to consider any changes to spanning-tree when implementing this config?
Solved! Go to Solution.
02-07-2017 07:45 AM
Ok I'll do again my example config.
Let's assume your config today is:
interface vlan 10
ip address 10.4.10.1 255.255.255.0
On Primary HSRP it will be:
interface vlan 10
ip address 10.4.10.2 255.255.255.0standby 1 ip 10.4.10.1
standby 1 priority 110
standby 1 preempt
On Secondary HSRP it will be:
interface vlan 10
ip address 10.4.10.3 255.255.255.0standby 1 ip 10.4.10.1
standby 1 priority 90
standby 1 preempt
Is that more clear?
Thanks
PS: Please don't forget to rate and mark as correct answer if this answered your question
02-06-2017 07:40 PM
Hi
First of all, for STP, you need to force your primary hsrp to be the primary root stp and your secondary hsrp to be your secondary root.
As all your machines have your svi ip as default gateway, it will be better to take that IP address VIP otherwise you'll need to change the default gateway for all hosts.
A basic example of primary svi:
Interface vlan 10
Ip address 192.168.1.2 255.255.255.0
standby 1 ip 192.168.1.1
Standby 1 priority 110
standby 1 preempt
A basic example for your secondary svi:
Interface vlan 10
Ip address 192.168.1.3 255.255.255.0
standby 1 ip 192.168.1.1
Standby 1 priority 90
standby 1 preempt
Thanks
PS: Please don't forget to rate and mark as correct answer if this answered your question
02-07-2017 05:05 AM
Excellent and informative answers. Thanks! I will start testing out this design.
Question - "First of all, for STP, you need to force your primary hsrp to be the primary root stp and your secondary hsrp to be your secondary root."
I'm familiar with forcing vlans to become the root, but how would I do this in hsrp? Do you mean setting the primary L3 switch as the root and the secondary L3 switch as the secondary root? What would be a command example for this?
Thanks again!
02-07-2017 06:11 AM
Yes sorry to misspell what I was thinking about.
What I meant is having all your vlan root on the switch being elected as primary hsrp and a priority a bit bad on the secondary hsrp switch.
As per example, it could be a priority of 4096 on primary switch hsrp and 8192 on secondary switch hsrp
Thanks
PS: Please don't forget to rate and mark as correct answer if this answered your question
02-07-2017 06:20 AM
Thank you.
So currently on the Primary Core - The svi/vlan 10 is setup as follows:
interface vlan10
ip address 10.4.10.1 255.255.255.0
ip helper-address 10.4.5.1
I will add the HSRP commands, but will the IP address in bold need to change?
02-07-2017 07:25 AM
Yes your IP of your SVI needs to be changed. The actual IP will be your HSRP VIP IP
02-07-2017 07:38 AM
But I thought the virtual IP was defined in the standby command?
So it would be:
Primary L3 switch:
interface vlan 10
ip address 10.4.10.1 255.255.255.0
Standby 10 IP x.x.x.x <- virtual IP?
Getting confused here.
02-07-2017 07:45 AM
Ok I'll do again my example config.
Let's assume your config today is:
interface vlan 10
ip address 10.4.10.1 255.255.255.0
On Primary HSRP it will be:
interface vlan 10
ip address 10.4.10.2 255.255.255.0standby 1 ip 10.4.10.1
standby 1 priority 110
standby 1 preempt
On Secondary HSRP it will be:
interface vlan 10
ip address 10.4.10.3 255.255.255.0standby 1 ip 10.4.10.1
standby 1 priority 90
standby 1 preempt
Is that more clear?
Thanks
PS: Please don't forget to rate and mark as correct answer if this answered your question
02-07-2017 07:47 AM
Much more clear, thank you. I will begin testing this out.
Thanks again.
02-07-2017 07:51 AM
you're welcome.
Please don't forget to rate and mark as correct answer if this answered your question
02-07-2017 08:45 AM
Ok I have a test environment setup for this. I'm trying to ping the virtual IP address for VLAN 10 from a PC on vlan 10, but it is not replying. My config:
interface vlan 10
ip address 10.4.10.2 255.255.255.0
standby 1 ip 10.4.10.1
standby 1 priority 110
standby 1 preempt
I can ping the new SVI address (10.4.10.2) but not the virtual..
02-07-2017 09:04 AM
Hi
Please execute the following command on your L3 switches
show standby vlan 10
you should see an active status on the primary L3 switch and standby status on the secondary L3 switch otherwise these L3 switches are not passing the vlan 10 between them.
Also, could you please share your config and the show vlan output?
thank you in advance.
02-07-2017 10:18 AM
I ran the show standby command on both L3 switches, and it comes back with:
Active router is local
Standby router is unknown
So I guess they two L3 switches aren't communicating with each other.. Any ideas why? I have a trunk link setup between the two.
sho vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/2, Fa0/3, Fa0/4, Fa0/5
Fa0/6, Fa0/7, Fa0/8, Fa0/9
Fa0/10, Fa0/11, Fa0/12, Fa0/13
Fa0/14, Fa0/15, Fa0/16, Fa0/17
Fa0/18, Fa0/19, Fa0/20, Fa0/21
Fa0/22, Fa0/23, Fa0/24, Gig0/2
10 VLAN010 active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
10 enet 100141 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0
Remote SPAN VLANs
------------------------------------------------------------------------------
Primary Secondary Type Ports
------- --------- -----------------
02-07-2017 10:29 AM
Yeap there is no a standby hsrp, you should have a trunk interface between the L3 switches and pass your vlans through that trunk.
Also the vlan 10 should be created on both switches
conf t
vlan 10
interface g1/0/1 (example interface) <-- same config on both L3 switches.
switchport trunk encapsulation dot1q
switchport mode trunk
no shutdown.
Also try to shut and not shut the SVI on both L3 switches.
02-07-2017 10:41 AM
This is the way I have it setup. The trunk link between the two routers, vlan 10 is on both routers with the HSRP config you recommended..
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide