HSRP Standby Group

Answered Question
Sep 12th, 2007
User Badges:

Hi,


In my scenario, I have two Core Layer 3 Switches. And there are few access switches connected to Dual Core switches redundantly.


I want to make one Core Switch as HSRP Active for few VLANs and other Core Switch as HSRP Active for rest of the VLANs.


For implementing above scenarion, can I use same Standby Group for each SVI.


e.g. Standby 1 IP X.X.X.X for VLAN 1

Standby 1 IP X.X.X.X for VLAN 2


OR do I need to configure different Standby Group for each SVI (VLAN Interface


e.g. Standby 1 IP X.X.X.X for VLAN 1

Standby 2 IP X.X.X.X for VLAN 2


Rohit

Correct Answer by Kevin Dorrell about 9 years 6 months ago

That is so ... if you have the same HSRP group, they will have the same MAC address. But bear in mind that the HSRP frames are passed on each individual VLAN. The switch can handle the same MAC address on two different VLANs, and treats them as two different destinations. You can think of the VLANs as being totally isolated from each other in this context.


Kevin Dorrell

Luxembourg


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Kevin Dorrell Wed, 09/12/2007 - 02:32
User Badges:
  • Green, 3000 points or more

Yes you can use the same standby group on each VLAN, as the HSRP runs within the VLAN and HSRPs on different VLANs cannot see each other.


But I actually prefer to use different groups on different VLANs for the sake of readability.


Kevin Dorrell

Luxembourg


rohit_s Wed, 09/12/2007 - 02:37
User Badges:

Hi,


Thanks for the update...


Since HSRP Virtual MAC Address depends on the Standby group and using the same standby group will yield similiar MAC address for all the VLAN interfaces.


So do you think this can create a problem when both the switches will have half of the VLAN intefaces active for routing (I mean Active/Active Scenario on two core switches).



Rohit

Richard Burts Wed, 09/12/2007 - 02:59
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Rohit


I do not believe that using the same HSRP group which leads to the same MAC address being used on all interfaces will cause any problems for the switch. The suggestion that Kevin makes that using different groups in different VLANs may make the config easier to read and understand and might simplify troubleshooting if there were some problem. But from the perspective of being able to forward frames there is no problem with same group/same MAC on all interfaces.


HTH


Rick

rohit_s Thu, 09/13/2007 - 01:37
User Badges:

Hi,


I understand for a single switch forwarding all frames it won't create problem.


But what about both Core switches forwarding frames for their individual active VLANs. In this case both core switches (connected to different ports of underlined access switch) will send same MAC address for all the ARP queries. So access switch will receive same MAC address on two ports connected to two core switches. (Kind of MAC Address flapping problem)...



Rohit

Correct Answer
Kevin Dorrell Thu, 09/13/2007 - 01:43
User Badges:
  • Green, 3000 points or more

That is so ... if you have the same HSRP group, they will have the same MAC address. But bear in mind that the HSRP frames are passed on each individual VLAN. The switch can handle the same MAC address on two different VLANs, and treats them as two different destinations. You can think of the VLANs as being totally isolated from each other in this context.


Kevin Dorrell

Luxembourg


paul.matthews Thu, 09/13/2007 - 01:50
User Badges:
  • Silver, 250 points or more

It won't really be a problem.


Imagine you have six VLANs. Odd active on S1, Even active on S2. You use standyby group 1 on them all, giving an instance of 0000.0c07.ac01 on each vlan.


On VLAN1, S1 is active, so S1 uses that MAC address (0000.0c07.ac01) S2 is standby so does not, so the CAM tables on VLAN1 oaa poinr 0000.0c07.ac01 to S1.


On VLAN2 it is the same , but S2 is active so all cam tables point the mac address to S2


The cam table on S1 for the MAC address for VLANs 1&2 will be something like;

* 2 0000.0c07.ac01 dynamic Yes -- Gi1/1

* 1 0000.0c07.ac01 dynamic Yes -- Router


so it is clear - see the MAC address on VLAN1 punt it up to the router, see the mac on VLAN2, hoof it over Gig 1/1 to the other switch.


Only the active router will respond to ARP queries.

Actions

This Discussion