Solved: HSRP Standby Group

rohit_s · ‎09-12-2007

Hi,

In my scenario, I have two Core Layer 3 Switches. And there are few access switches connected to Dual Core switches redundantly.

I want to make one Core Switch as HSRP Active for few VLANs and other Core Switch as HSRP Active for rest of the VLANs.

For implementing above scenarion, can I use same Standby Group for each SVI.

e.g. Standby 1 IP X.X.X.X for VLAN 1

Standby 1 IP X.X.X.X for VLAN 2

OR do I need to configure different Standby Group for each SVI (VLAN Interface

e.g. Standby 1 IP X.X.X.X for VLAN 1

Standby 2 IP X.X.X.X for VLAN 2

Rohit

Kevin Dorrell · ‎09-13-2007

That is so ... if you have the same HSRP group, they will have the same MAC address. But bear in mind that the HSRP frames are passed on each individual VLAN. The switch can handle the same MAC address on two different VLANs, and treats them as two different destinations. You can think of the VLANs as being totally isolated from each other in this context.

Kevin Dorrell

Luxembourg

View solution in original post

Kevin Dorrell · ‎09-12-2007

Yes you can use the same standby group on each VLAN, as the HSRP runs within the VLAN and HSRPs on different VLANs cannot see each other.

But I actually prefer to use different groups on different VLANs for the sake of readability.

Kevin Dorrell

Luxembourg

rohit_s · ‎09-12-2007

Hi,

Thanks for the update...

Since HSRP Virtual MAC Address depends on the Standby group and using the same standby group will yield similiar MAC address for all the VLAN interfaces.

So do you think this can create a problem when both the switches will have half of the VLAN intefaces active for routing (I mean Active/Active Scenario on two core switches).

Rohit

Richard Burts · ‎09-12-2007

Rohit

I do not believe that using the same HSRP group which leads to the same MAC address being used on all interfaces will cause any problems for the switch. The suggestion that Kevin makes that using different groups in different VLANs may make the config easier to read and understand and might simplify troubleshooting if there were some problem. But from the perspective of being able to forward frames there is no problem with same group/same MAC on all interfaces.

HTH

Rick

HTH

Rick

rohit_s · ‎09-13-2007

Hi,

I understand for a single switch forwarding all frames it won't create problem.

But what about both Core switches forwarding frames for their individual active VLANs. In this case both core switches (connected to different ports of underlined access switch) will send same MAC address for all the ARP queries. So access switch will receive same MAC address on two ports connected to two core switches. (Kind of MAC Address flapping problem)...

Rohit

Kevin Dorrell · ‎09-13-2007

That is so ... if you have the same HSRP group, they will have the same MAC address. But bear in mind that the HSRP frames are passed on each individual VLAN. The switch can handle the same MAC address on two different VLANs, and treats them as two different destinations. You can think of the VLANs as being totally isolated from each other in this context.

Kevin Dorrell

Luxembourg

paul.matthews · ‎09-13-2007

It won't really be a problem.

Imagine you have six VLANs. Odd active on S1, Even active on S2. You use standyby group 1 on them all, giving an instance of 0000.0c07.ac01 on each vlan.

On VLAN1, S1 is active, so S1 uses that MAC address (0000.0c07.ac01) S2 is standby so does not, so the CAM tables on VLAN1 oaa poinr 0000.0c07.ac01 to S1.

On VLAN2 it is the same , but S2 is active so all cam tables point the mac address to S2

The cam table on S1 for the MAC address for VLANs 1&2 will be something like;

* 2 0000.0c07.ac01 dynamic Yes -- Gi1/1

* 1 0000.0c07.ac01 dynamic Yes -- Router

so it is clear - see the MAC address on VLAN1 punt it up to the router, see the mac on VLAN2, hoof it over Gig 1/1 to the other switch.

Only the active router will respond to ARP queries.