04-14-2008 02:34 PM - edited 03-05-2019 10:23 PM
have two cisco 4507 Switches one is acting as VTP server and switch 2 is client.
Both switch are trunk and i have confiugred the layer 2 Ether Channel on these two trunks.
I have around 7 vlans on switches and for each vlan i made a SVI and also configure these VLAN as HSRP.
switch 1 all vlan interfaces are active and switch 2 vlans are in standby mode. my active fw is connected
with switch one and failover is connected with switch 2.
user subnet is connected with vlan 7 and physical terminated on switch 1 ports 4/17 to 4/20 and having default gateway
of HSRP IP of VLAN 7, which is 172.28.31.163.
NOw problem is that, when switch one vlan 7 SVI goes down, and user is not able to reach any network.
though the gateway is virutal iP but still user is not able to reach anything.
Switch 1:
interface Vlan2
description ### To PDC-OUT-525-1 ###
ip address 172.28.31.65 255.255.255.248
standby 10 ip 172.28.31.67
standby 10 priority 250
standby 10 preempt
!
interface Vlan3
description ### TO PDC-Int-525-1 ###
ip address 172.28.31.81 255.255.255.248
standby 10 ip 172.28.31.83
standby 10 priority 250
standby 10 preempt
interface Vlan7
description ### To NOC###
ip address 172.28.31.161 255.255.255.224
standby 10 ip 172.28.31.163
standby 10 priority 250
standby 10 preempt
Switch 2:
interface Vlan2
description ### To PDC-OUT-525-2 ###
ip address 172.28.31.66 255.255.255.248
standby 10 ip 172.28.31.67
standby 10 priority 200
standby 10 preempt
!
interface Vlan3
description ### TO PDC-Int-525-2 ###
ip address 172.28.31.82 255.255.255.248
standby 10 ip 172.28.31.83
standby 10 priority 200
standby 10 preempt
interface Vlan7
description ### To NOC###
ip address 172.28.31.162 255.255.255.248
standby 10 ip 172.28.31.163
standby 10 priority 200
standby 10 preempt
please tell me how to provide the redundency and how to configure it and what is missing in my configuration
04-14-2008 09:25 PM
Hi ,
Whenever switch 1 SVI goes down then it decrements HSRP priority by 10 means priority of Switch 1 will ne 240 which is greater than Switch HSRp priorit i.e 200.
Do below modificatiosn and check the issue.
Switch 1:
interface Vlan2
description ### To PDC-OUT-525-1 ###
ip address 172.28.31.65 255.255.255.248
standby 10 ip 172.28.31.67
standby 10 priority 250
standby 10 preempt
!
interface Vlan3
description ### TO PDC-Int-525-1 ###
ip address 172.28.31.81 255.255.255.248
standby 10 ip 172.28.31.83
standby 10 priority 250
standby 10 preempt
interface Vlan7
description ### To NOC###
ip address 172.28.31.161 255.255.255.224
standby 10 ip 172.28.31.163
standby 10 priority 250
standby 10 preempt
Switch 2:
interface Vlan2
description ### To PDC-OUT-525-2 ###
ip address 172.28.31.66 255.255.255.248
standby 10 ip 172.28.31.67
standby 10 priority 240
standby 10 preempt
!
interface Vlan3
description ### TO PDC-Int-525-2 ###
ip address 172.28.31.82 255.255.255.248
standby 10 ip 172.28.31.83
standby 10 priority 240
standby 10 preempt
interface Vlan7
description ### To NOC###
ip address 172.28.31.162 255.255.255.248
standby 10 ip 172.28.31.163
standby 10 priority 240
standby 10 preempt
Thanks,
Satish
04-15-2008 12:03 AM
satish has rightly mentioned. When a VLAN goes down then the default value by which the priority of the device decrease is 10. So the adjust the priority values with a difference of 10. however if you are monitoring specific interfaces, then you can change the value by which priority decrease.
Suppose you have configured HSRP for a router & are monitoring a serial interface of router, such that if the router serial interface goes down than the other swith gets control & traffic passes to other router. Then priority can be configured to go down by specific value. Below is the command:
standby 1 track se1/1 50
Where 50 is the value by which priority of the active switch goes down incase router se1/1 fails.
04-16-2008 01:23 PM
Thanks for the reply, I will try to change the priority, but right now i tested following thing and it works for me, Instead of shut down SVI i shut down the port on which my firewall was connected.
Dear all, This is how I tested the configuration
My active firewall is connected with switch 1. Failover is connected with Switch 2. Both switch has one default gateway for Internet. same VLAN and same routing on both switches,
My firewalls are using HSRP as default gateway for going outside world,
user subnet is going outside by having default gateway of firewall inside,
from user computer, i start pinging outside world with -t.
Then i shut down the switch one access port in which active firewall was connected, as soon as i did, my failover firewall comes in action, and without getting any drop or brekage, user computer continues to ping outside world.
That means, if physical ports are shut or switch/firewall goes down, user traffic will move to standby switch/firewall.
now please tell me what is wrong with this thing, y this thing will mess up in future,
shall i remove the preempt command from switch 2.
Why HSRP will not work with OSPF, why it is so.
After hearing my testing, few people on another forum saying that this will creat problem for you, this and all that, if my test is successful, then how this will mess up in future.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide