HSRP limits on 2800 ISR

Answered Question
Oct 8th, 2008

If I have 35+ VLANs coming back to 1 or 2 3750's I can't use HSRP on all of these (according to the 3750 docs only 32 VLANs can be running HSRP) however what about a 2811 ISR? Those VLANs would come in as sub-interfaces on a single trunk interface and the only limit I can see in the documentation is 256 stand-by groups.

Does this mean the maximums are 32 HSRP VLANs on 3750 vs 256 on a 2811?

I have this problem too.
0 votes
Correct Answer by Richard Burts about 8 years 2 months ago

Brendan

I think you have a misunderstanding about how using a single HSRP group would work. Perhaps a small example would help:

interface vlan 10

ip address 10.10.10.2 255.255.255.0

standby 1 ip 10.10.10.1

interface vlan 20

ip address 10.20.20.2 255.255.255.0

standby 1 ip 10.20.20.1

interface vlan 30

ip address 10.30.30.2 255.255.255.0

standby 1 ip 10.30.30.1

So you have multiple VLANs and they all use HSRP group 1. But each interface has its own virtual IP address. So this approach should work for you on your switch.

[note] while many of us tend to configure HSRP using a different group on each interface - and may think it more logical and easier to understand, it is not a requirement that each interface use a separate HSRP group.

HTH

Rick

Correct Answer by Jon Marshall about 8 years 2 months ago

Brendan

On a L3 switch you can assign multiple vlans to the same HSRP group so you don't face a limitation as such. You could if you wanted have all your vlans in just one group.

Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.3 (4 ratings)
Loading.
Danilo Dy Wed, 10/08/2008 - 21:36

The maximum HSRP for 3750 is 16 while the maximum for 3750-E is 32. I tested in IOS 12.2(35) for 3750, never test in 3750-E. I guess they increase it in IOS 12.2(40).

Alternatively, you can use STACK to overcome this limitation. However, when STACK master fails, the gateway changes MAC Address as it use the range of MAC Address in the new STACK master. So make sure that your devices connected to STACK switch doesn't have a MAC Address bug (known Unix, old PIX, old Checkpoint bugs) and you should not configure static MAC Address on those device connected to STACK switch.

Your question "Does this mean the maximums are 32 HSRP VLANs on 3750 vs 256 on a 2811?" the answer is yes.

franklinb Wed, 10/08/2008 - 21:47

Are you sure it's 16 for 3750? I am reading the configuration guide for 12.1 (2003) and that says 32, but doesn't say specifically for -E version.

Your answer makes sense after reading info about 3750 and 2811, however I got a strange reply from TAC:

- 2800 supports 255 HSRP groups since it is supported from IOS.

- 3750 can have 32 HSRP groups because of hardware limitation in switch.

However, per HSRP group, you can have 1000 VLANs.

- As long as you don't care of 1 HSRP group per 1 VLAN, you can have more than 3000 vlans with hsrp.

I'm not sure whether I'd actually need to have more than 1 group or not, seeing as each VLAN will have a different addressing scheme, so the pair of 3750's or 2811's would have to have an IP address on each VLAN, i.e. 10.1.100.254, 10.1.101.254, 10.1.102,254 for VLANs 1,2,3

Correct Answer
Jon Marshall Thu, 10/09/2008 - 00:34

Brendan

On a L3 switch you can assign multiple vlans to the same HSRP group so you don't face a limitation as such. You could if you wanted have all your vlans in just one group.

Jon

franklinb Thu, 10/09/2008 - 14:11

forgive my slow-learning here.. but if I only have the 1 HSRP group wouldn't that mean it would only have 1 pair of IP addresses? The core switch is the gateway for each of these VLANs, so has 10.1.10.254, 10.1.11.254, ..., 10.1.45.254

Edison Ortiz Thu, 10/09/2008 - 14:32

You should be fine, you can use the same HSRP Group for each of those Vlans.

The HSRP Group is useful when you have a single Vlan but want to configure multiple HSRPs under that same Vlan. For each HSRP under that same Vlan, a different HSRP Group number must be used.

HTH,

__

Edison.

Correct Answer
Richard Burts Thu, 10/09/2008 - 16:46

Brendan

I think you have a misunderstanding about how using a single HSRP group would work. Perhaps a small example would help:

interface vlan 10

ip address 10.10.10.2 255.255.255.0

standby 1 ip 10.10.10.1

interface vlan 20

ip address 10.20.20.2 255.255.255.0

standby 1 ip 10.20.20.1

interface vlan 30

ip address 10.30.30.2 255.255.255.0

standby 1 ip 10.30.30.1

So you have multiple VLANs and they all use HSRP group 1. But each interface has its own virtual IP address. So this approach should work for you on your switch.

[note] while many of us tend to configure HSRP using a different group on each interface - and may think it more logical and easier to understand, it is not a requirement that each interface use a separate HSRP group.

HTH

Rick

christopher.clayden Thu, 10/09/2008 - 18:35

Brendan,

Rick is right. This config should work without issue.

I just thought I would share some first hand experience where I have run into issues using the same HSRP group.

Using various Telco's, we have had layer 2 Transparent LAN Services / Metro E. circuits provisioned for specific requirements. Our circuits were provisioned as Q-N-Q trunks and HSRP would be run over these circuits.

From time to time, something would break in the Telco infrastructure, and our frame's were no longer being tagged. All traffic was dumped into the native VLAN. When this happens, everything breaks because when using the same group number, the HSRP MAC address is identical.

You can use the same MAC address within separate vlans / broadcast domains, but not within the same VLAN. Changing the HSRP group number changes the virtual Mac address.

Just thought I would share some first hand experience of where using the same HSRP group number can go wrong.

Cheers,

Chris

franklinb Thu, 10/09/2008 - 18:52

Thanks Chris, and everyone else.

Chris your info is very interesting as we are in the same industry, and our WAN links are also provided as QinQ Ethernet services.

To save costs it's been mooted that we have only 1 QinQ tag used for the whole network and not route the traffic between remote sites. Our group is opposed to this idea and will be putting routers in at the remote sites where we have a presence, however the other group insists they want a straight layer-2 WAN and have us do the routing for all their multiple VLANs back at HQ. Thus we'll have a trunk with potentially 40-50+ VLANs all coming into 2 switches, and use HSRP to provide them a redundant gateway. FYI our provider uses Siemens switches and a Siemens SDH digital-microwave network.

It's our opinion that these L2 WAN circuits should only be routed, but it would be great to hear from other people with similar situations.

Regards,

Brendan

Actions

This Discussion