HSRP Configuration

wasiimcisco · ‎03-12-2008

I wanted to configure my network for HSRP. I have two Catalyst 4507 as core switches which are connected with cisco pix firewall. Core switches are running HSRP and have dot1q trunnking enable.

Internet Routers are also running HSRP.

Firewall ports are connected in VLAN as access ports. No trunking on pix firewall ports.

I have attched the network digram for your review. On each VLAN I have given the standby IP address. That standby IP address is gw for firwall.

1. Will that configuration works or not.

2. Any limitation of firewall access port or trunk ports.

3. Vlan configuration is right or wrong as well as standby

configuration.

Please help me out. I will be very greatful to you all.

royalblues · ‎03-13-2008

The topology seems to be good in terms of achieving redundancy..

Make sure you have preempt configuration under HSRP for the routers and the L3

The only problem (to which i do not have a solution) is that if the firewall detects a link failure on the failover interface, both will try to failover thereby dropping traffic. hence sometimes it is recommended to have the failover interface connected via a switch so that one side link failover does not cause the link to go down on the secondary firewall but again the situation can be same if the switch itself fails

HTH

Narayan

wasiimcisco · ‎03-13-2008

Thanks for the reply, I am using serial cable fail over in pix firewall.

Can you tell me if I will make the trunk between core switch and firewall, what will happen, any benefit.

I will send you the complete configuration of HSRP for your review so that u can tell me what is wrong in configuration.

would u recomend me about Load Balancing in core switch. right now i gave u configuration of HSRP not load balancing.

Core switch will have the same vlans. How i will configure load balancing.

My Internet routers will have two links, with HSRP one router will be tottally idle.

Right now i m using PBR, Will PBR still work

when i will configure the HSRP.