HSRP Configuration Help Req

Unanswered Question
Mar 12th, 2008
User Badges:

I wanted to configure my network for HSRP. I have two Catalyst 4507 as core switches which are connected with cisco pix firewall. Core switches are running HSRP and have dot1q trunnking enable.

Internet Routers are also running HSRP.

Firewall ports are connected in VLAN as access ports. No trunking on pix firewall ports.

I have attched the network digram for your review. On each VLAN I have given the standby IP address. That standby IP address is gw for firwall.

1. Will that configuration works or not.

2. Any limitation of firewall access port or trunk ports.

3. Vlan configuration is right or wrong as well as standby


Please help me out. I will be very greatful to you all.

I have attached the network diagram for your review

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Thu, 03/13/2008 - 01:03
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN


1) Yes it should work fine

2) The ports are fine as access ports. Only time you may want to consider trunks is if you run out of physical interfaces.

3) Vlan configuration is fine.



wasiimcisco Thu, 03/13/2008 - 03:57
User Badges:

Thanks for the reply, I have 4507 with 96 ports, so port limitation is not issue.

If you see my network diagram, can you tell me shall i also make the HSRP on switches located behind the Internet router.

Or only core switch redundeny and Internet Router redundency is enough.

What about Load balancing on core switches. With HSRP i will get only Redundency not the load balancing. I will maill you the whole configuration with proper steps.

Amit Singh Thu, 03/13/2008 - 04:11
User Badges:
  • Cisco Employee,

Hi Wasim,

This configuration looks fine. I think as far as this site is concerned this redundancy is absolutely perfect.

Yes, with HSRP you have the once gateway only but in this case you can configure MHSRP and have both the switches load-share your traffic and work as active-active for the respective vlans that they will be routing for.


HTH,Please rate if it does.

-amit singh


This Discussion