Same HSRP Groups on multiple physical interfaces

Answered Question

Hi

I have a client configs that currently working with HSRP on 2 LAN gateway switches.

Differently interface VLans have been configured on these switches.

Now, what strikes me is that all the interface Vlans on these gateway switches have been configured for the same HSRP groups thpough the ip addresses pairs are in different subnets

What could be the possible drawback on this???

I have this problem too.
0 votes
Correct Answer by lamav about 7 years 8 months ago

Hi:

The formulation of an HSRP virtual MAC-address, which corresponds to the virtual IP address of an HSRP group, is a function of the group number.

The template is 0000.0c07.acXX, where "XX" represents the two hexadecimal digits that represent the group number.

So, if under vlan 10's SVI you have "standby 100" configured, the virtual MAC-address will be "0000.0c07.ac64." The hexadecimal equivalent of decimal 100 is 64.

This is what is meant when the Cisco website says that "they share the same HSRP virtual MAC address" when referring to multiple vlan interfaces with the same standby group assigned to it.

Given that, it is true that if you configure vlan 11, 12, 13, 14 and so on with the same group number, the same virtual MAC-address will be used.

This does not cause a problem, even though the same MAC-address is going to be returned in an ARP response for every group that uses the same group number, because the ARP query and response are bound by the L2 broadcast domain of the vlan. So, too, are all L2 communications within the vlan.

Therefore, when a host on a given vlan inserts MAC-address 0000.0c07.ac64 as the destination host address, it will only be forwarded to the standby address of that vlan because MAC-addresses only have significance within the vlan.

HTH

Victor

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (4 ratings)
Loading.
davy.timmermans Tue, 03/24/2009 - 10:42

When you define the same HSRP group ID on multiple interfaces, they share the same HSRP virtual MAC address. In most modern LAN switches, there are no issues because they maintain a per-VLAN MAC address table. However, if your network contains any third-party switches, which maintain a system wide MAC address table regardless of VLAN, you can experience problems. If VLANs are not specified to a HSRP group, the VLANs default to Group

source:

http://www.cisco.com/en/US/products/hw/switches/ps700/products_qanda_item09186a008011c6bb.shtml#q5

Correct Answer
lamav Tue, 03/24/2009 - 11:35

Hi:

The formulation of an HSRP virtual MAC-address, which corresponds to the virtual IP address of an HSRP group, is a function of the group number.

The template is 0000.0c07.acXX, where "XX" represents the two hexadecimal digits that represent the group number.

So, if under vlan 10's SVI you have "standby 100" configured, the virtual MAC-address will be "0000.0c07.ac64." The hexadecimal equivalent of decimal 100 is 64.

This is what is meant when the Cisco website says that "they share the same HSRP virtual MAC address" when referring to multiple vlan interfaces with the same standby group assigned to it.

Given that, it is true that if you configure vlan 11, 12, 13, 14 and so on with the same group number, the same virtual MAC-address will be used.

This does not cause a problem, even though the same MAC-address is going to be returned in an ARP response for every group that uses the same group number, because the ARP query and response are bound by the L2 broadcast domain of the vlan. So, too, are all L2 communications within the vlan.

Therefore, when a host on a given vlan inserts MAC-address 0000.0c07.ac64 as the destination host address, it will only be forwarded to the standby address of that vlan because MAC-addresses only have significance within the vlan.

HTH

Victor

Jon Marshall Tue, 03/24/2009 - 12:09

Victor

Being serious for once this is an excellent answer and deserves a rating.

Now the only question is should i rate it 1 or 5 ? - hmmmm

Jon

lamav Tue, 03/24/2009 - 13:09

You;re a regular riot, there, buddy! ...lol

Thanks

Joseph W. Doherty Tue, 03/24/2009 - 15:44

Just a footnote, you can have more than one subnet per shared media (or VLAN), altough not as common today because of VLANs.

Having duplicate MACs, whether reusing HSRP groups or using hosts with LAA, is something you should avoid.

Actions

This Discussion