Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
637
Views
15
Helpful
8
Replies

3750 hsrp

Danilo Dy
VIP Alumni
VIP Alumni

‎03-29-2007 04:42 AM - edited ‎03-07-2019 12:24 AM

Hi,

As I setting up a new network, I need second opinion and advice.

I have 3750 setup as below;

SW1<-GE_Trunk->SW2

My network environment is one vlan per port.

I'm currently configuring HSRP, SW1 as active and SW2 as standby. What is the preferred interface to configure HSRP? Physical interface or vlan interface? What is the pros and cons?

BTW, I like the new feature in HSRP which uses MD5 for authentication :)

TIA

Labels:
0 Helpful
8 Replies 8

Amit Singh
Cisco Employee
Cisco Employee

‎03-29-2007 05:00 AM

My Idea for this would to configure HSRP on physical link. The advantage that you will get is the faster recovery in case of port bouncing back. With Vlan interface, you will have slow STP recovery in case of a link flap and also you will have a loop in the network, though STP will block it.

HTH,

-amit singh

Danilo Dy
VIP Alumni
VIP Alumni
In response to Amit Singh

‎03-29-2007 08:30 AM

Hi Amit,

Thanks for your reply.

You're right about having it in the physical interface has faster recovery, I just tested it. Regarding the slow STP recovery and loop, I have'nt tried yet. Anyway, there is no other switch connected in these two switches. Only clustered firewalls are connected to it. In the future, if I run out of ports it will look like this;

SWA2<-STACK->SWA1<-GE_TRUNK->SWB1<-STACK->SWB2

Each port will have clustered firewalls connected to them, one in SWA port and another (cluster) in SWB port.

I still have to try HSRP in the STACK connections above so that in the future I just plug a stack member when I need more ports, any advice?

0 Helpful

jasonrandolph
Level 1
Level 1
In response to Danilo Dy

‎03-29-2007 05:03 PM

The catch here is that if there is only one physical link between the SWA1 and SWB1 dies for whatever reason, both hosts will go active on HSRP. That could cause issues.

0 Helpful

Danilo Dy
VIP Alumni
VIP Alumni
In response to jasonrandolph

‎03-29-2007 06:26 PM

They are 2 x GE, sorry I didn't put 2 in GE_TRUNK.

0 Helpful

Danilo Dy
VIP Alumni
VIP Alumni
In response to Amit Singh

‎03-29-2007 08:16 PM

Hi Amit,

I see some problem if configuring HSRP in physical interface.

To do that, the interface should be in the "no switchport" mode.

Now I configure HSRP in SWA1 port1 and SWB1 port1. Both switches active/standby is unknown when no device is connected to their port1. When a host is connected to SWA1 port1, switch SWA1 become active and the standby is unknown, while SWB1 active/standby is still unknown. If I connect a host in both switches port1, their status is both active and standby is unknown. If I connect SWA1 and SWB1 port1 to a third switch (same VLAN), SWA1 becomes active and SWB1 becomes standby. This happens even the connection between SWA1 and SWB1 is trunk or routed (OSPF).

I guess HSRP in physical interface is good in STP connecting the core switches to distribution switches. But in my case, I guess HSRP in vlan interface is the best choice.

0 Helpful

Amit Singh
Cisco Employee
Cisco Employee
In response to Danilo Dy

‎03-29-2007 09:35 PM

Danilo,

What happens when you connect the SWA1 and SWB1 via trunk only and configure the HSRP for all the vlans on both the switches. what happens when you connect a host on each switch. Do you see the same behaviour ?

As you described that when you use a third switch and connect it to the HSRP switches, it works OK, that means HSRP hellos have been the using the path via third switch to reach the standby router.I think in the case of L3 port only the hellos for the interface will be exchanged not for the respective vlans, that's why you saw that problem.

In your case, changing the link between the SWA1 and SWB1 to trunk should solve the purpose.As you said that every port on the switch belongs to a different vlan i.e you have to use HSRP for all the vlans.If you configure the interface connecting the switches to be a part of single vlan that means it will only pass the HSRP hellos for that vlan not for the other vlans.Configuring it trunk should solve the problem. try and let us know.

HTH,

-amit singh

0 Helpful

Danilo Dy
VIP Alumni
VIP Alumni
In response to Amit Singh

‎03-29-2007 11:16 PM

Hi Amit,

If I configure the HSRP in VLAN interface and the connection between SWA1 and SWB1 is isl trunk. The HSRP status for SWA1 is active and the standby is known as SWB1, while in SWB1 the status is standby and the active is known as SWA1. It will always be up unless I shutdown SWA1 then SWB1 will become active and the standby is unknown (sine the SWA1 is down), or I put a "standby track gi1/0/1 30" in SWA1 and SWB1 will become active when the gi1/01 in SWA1 is down and the standby is known as SWA1. The HSRP status is the same whether I put two hosts (both SWA1 and SWB1 port1), one host (SWA1 or SWB1 port1), or one l2 switch (any combination).

Since devices connected to SWA1 and SWB1 are either routers or firewalls, I think HSRP in vlan interface is the best option for me.

0 Helpful

Amit Singh
Cisco Employee
Cisco Employee

‎03-29-2007 09:38 PM

Danilo,

A little note on running HSRP on the switch stacks." HSRP hello messages are generated by the stack master. If an HSRP-active stack master fails, a flap in the HSRP active state might occur. This is because HSRP hello messages are not generated while a new stack master is elected and initialized, and the standby router might become active after the stack master fails"

HTH,

-amit singh

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card