HSRP with multiple interface tracking

Unanswered Question
Jul 30th, 2009
User Badges:

please find attached diagram for reference.In cisco 3560 i am doing HSRP towards the lan side with the firewall.Now i want to track both interfaces fa0/1 & fa0/2 on my cisco 3560 switches so that HSRP will be shifted to another cisco 3560 switch and accordingly firewall can toggle between master-backup.i have teh follwing config..




Switch# configure terminal

Switch(config)# interface gigabitethernet0/1

Switch(config-if)# no switchport

Switch(config-if)# ip address 192.168.1.81 255.255.255.248

Switch(config-if)# standby version 2

Switch(config-if)# standby 1 ip 192.168.1.83

Switch(config-if)# standby 1 priority 110

Switch(config-if)# standby 1 preempt

Switch(config-if)# standby 1 track fast ethernet 0/1 10

Switch(config-if)# standby 1 track fast ethernet 0/2 10

Switch(config-if)# end



Switch# configure terminal

Switch(config)# interface gigabitethernet0/1

Switch(config-if)# no switchport

Switch(config)# ip address 192.168.1.82 255.255.255.248

Switch(config-if)# standby version 2

Switch(config-if)# standby 1 ip 192.168.1.83

Switch(config-if)# standby 1 preempt

Switch(config-if)# end


what will happen if any of the interface fa0/1 or 0/2 fails.


Note==Doing BGP with service provider and received default route in BGP from service provider which is redistributed in ospf which is running between Cisco 3845 and cisco 3560.


Shall i go ahaed with tracking ip routing table instead of interface.if yes what would be configuration in that case.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (2 ratings)
Loading.
Giuseppe Larosa Thu, 07/30/2009 - 04:32
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Sameer,

with your configuration if only one of fas0/1 and fas0/2 fails the HSRP active is still Switch1:


110-100 = 100 and if priority are equal Switch2 cannot preempt.


if you want that Switch2 preempts when only one of the fas0/1 or fas0/2 fails you need to use something:

on Switch1:

conf t

int g0/1

standby 1 priority 105


Hope to help

Giuseppe


sameermunj Thu, 07/30/2009 - 19:58
User Badges:

Hi

Thanks for the reply.please confirm following things..


1-so as i configured i can track 2 interfaces at a time-- pl confirm


2-as u mentioned even if one of the two intefrcaces goes down still switch 1 will be master which is my actual requirement considering the return traffic from internet router.so if link between switch1 and internet router1 fails, return traffic from internet router will come to switch2 and from there it will come to switch1 via the L2 link between 2 switches.pl confirm..i am running ospf between my switches and routers.if this is happening my problem would be resolved

Giuseppe Larosa Fri, 07/31/2009 - 00:29
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Sameer,


1) you are tracking both at the same time


2) if link with provider fails and switch1 has an OSPF default route or an iBGP session with switch2 it will revert to send traffic to switch2, return traffic as you noted will come back via switch2


Hope to help

Giuseppe


sameermunj Fri, 07/31/2009 - 00:53
User Badges:

Hi

As per the diagram suppose Left side Internet router is primary and right side is backup and my link from switch 1-Router1 fails,switch 1 will remain master because priority will change from 110-105 but switch1 will have connectivity to Router2 which is backup (Link between switch1-switch2 is L2 link)..ideally in this case switch2 should become master as it has link to primary router which is up..return traffic wont have any issue in this..


how to taccle this problem.shall i make link between 2 switches as routed link.if i did that weather it will support the HSRP for the lan side between 2 switches..

sameermunj Fri, 07/31/2009 - 01:47
User Badges:

Hi


i am attaching the ppt format.on firewall side i am running hsrp so will it be possible to keep the inter switch link as L3 link.



Giuseppe Larosa Fri, 07/31/2009 - 02:01
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Sameer,

this network diagram looks like familiar, isn't it?


be aware that on the L2 link you can also have L3 communication if you make it a L2 trunk and you allow a vlan for which you have defined an SVI interface on both switches.

In this way you can have OSPF and/or iBGP routing between the two as we have discussed in previous thread(s) that were focused on the upper part of diagram on border routers and switches.


Then you can also allow the vlan facing firewalls carried over the same L2 trunk link between the two switches to make effective use of HSRP.


Hope to help

Giuseppe


sameermunj Fri, 07/31/2009 - 02:29
User Badges:

Hi


i got this point.if you see th actual config i sent u in my first thread i had not configured any vlan for firewall facing side but the port facing towards firewall was cofigired with NO SWITCHPORT and ip was assigned directly to Gig port but now it seems i need to create vlan for that port and HSRP will be configured for the SVI configured for that vlan.Also the link between 2 switches would be trunk link and will have L2 interface for the vlan configured for firewall and another vlan which will have svi configured which would be used for routing.


last post i attached same diagram because it was not visible to someone.


i have done the changes as written above in diagram attached now.



Attachment: 
sameermunj Mon, 08/03/2009 - 21:39
User Badges:

Hi Giuseppe


i ahve done the changes as per your input and attachment has the details.can u just have a look on the same for ur inputs..


Sameer

Actions

This Discussion