Two HSRP profiles on same router

Unanswered Question
Aug 7th, 2012

We currenly already have a HSRP configured for the inside interface, it is possible to create an additional HRSP for the outside on the same two devices without the Cisco router being confused?

Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 4.3 (3 ratings)
Richard Burts Tue, 08/07/2012 - 15:05

Perhaps there is some aspect of your situation that I am not understanding. But it is certainly possible to run HSRP on an inside interface and also on an outside interface and the router does not get confused.

HTH

Rick

darren.g Tue, 08/07/2012 - 16:47

John Peterson wrote:

We currenly already have a HSRP configured for the inside interface, it is possible to create an additional HRSP for the outside on the same two devices without the Cisco router being confused?

Thanks

Yes. Just provide a diferent HSRP group number on your second set of interfaces.

Cheers.

JohnPete868 Wed, 08/08/2012 - 02:48

Hi,

the problem I have is I have one ISP who are allowing us to connect both our routers to they router but I need to configure HSRP on the WAN to ensure services are leaving and entering from the same IP when the devices fails over.

I also have a HSRP configured on the inside being the Default gateway for the host.

I would to ensure that if the inside prioerty drop then the router shoud failover to the standy regardless of the HSRP configure for the WAN.

Inside HSRP should be in control of the failover and not in a postion where there is a tie.

Is this possible?

Richard Burts Wed, 08/08/2012 - 10:18

It is possible to configure HSRP on the outside interface and to have it track the inside interface. So if the inside interface goes down then the HSRP on the outside interface will fail over to the other router. This should give you part of what you are trying to accomplish. But I am not sure that it is a complete solution. If there some problem that caused traffic to flow to the other router inside interface (such as a problem in the switch to which the routers are connected) that does not cause the router interface to go down, then HSRP would not fail over.

I also notice this in what you are trying to accomplish:"to ensure services are leaving and entering from the same IP when the devices fails over." This is not what HSRP does. Each router has its own IP address on the outside interface and it will be that address that traffic comes from. HSRP provides a shared address but the shared address is not where traffic comes from as it leaves the router. So I am not convinced that HSRP will provide what you expect.

HTH

Rick

JohnPete868 Wed, 08/08/2012 - 10:28

Thanks,

Just to confirm therefore when traffic leaves the router it does not come from the HSRP VIP address rather the actual configured address?

Also it is possible to have HSRP configured on the outside and inside in different groups but have the outside dependent on the inside and when the inside fails both groups should failover to the other router?

Richard Burts Wed, 08/08/2012 - 11:43

Let me try to clarify the interface address question. Most packets coming out of the router interface to the ISP do not have the router address in the packet. The address in the packet is generally the address of the originating PC or is the address provided by address translation. But for any packet that is sourced by the router and goes to the ISP then the address in the packet will be the address assigned to the physical interface and not the VIP.

HSRP on the outside interface might be useful in terms of how the ISP sends traffic to you. If the ISP has static routes that they use to route traffic to you, then HSRP would be helpful. The ISP could use the VIP as the next hop in the static route. Then the traffic from the ISP would go to one router or the other depending on which router was active in HSRP, and it would make no difference on the ISP router.

But having HSRP on your outside interface will make no difference in how you send traffic to the ISP.

As far as coordinating HSRP groups on the inside and outside interface, you can configure HSRP on the outside to track the inside interface. If the inside interface goes down then the outside interface will lower its priority. And this can be used to have outside HSRP fail over to the other router. I would say that this technique gives you most of what you are asking about. But I am not sure that it is a 100% solution (and am not sure for your situation whether you need 100%). The issue is that you are tracking the inside interface of the router (but not tracking the HSRP state). What is the possibility that something could happen that would cause HSRP to switch to the other router on the inside but would not cause the interface to go down? This answer is somewhat dependent on your particular environment. So I can not say for sure whether this is a potential problem or not. Only you can make that decision.

HTH

Rick

JohnPete868 Wed, 08/08/2012 - 12:02



As far as coordinating HSRP groups on the inside and outside interface, you can configure HSRP on the outside to track the inside interface. If the inside interface goes down then the outside interface will lower its priority. And this can be used to have outside HSRP fail over to the other router. I would say that this technique gives you most of what you are asking about. But I am not sure that it is a 100% solution (and am not sure for your situation whether you need 100%). The issue is that you are tracking the inside interface of the router (but not tracking the HSRP state). What is the possibility that something could happen that would cause HSRP to switch to the other router on the inside but would not cause the interface to go down? This answer is somewhat dependent on your particular environment. So I can not say for sure whether this is a potential problem or not. Only you can make that decision.

HTH

Rick

Hi,

The above is what I want to archive but in addition to this I also want a HSRP configure for the inside interface. The concern I have is if I have R1 (primary) and R2 both configured with inside and outside HSRP. Then if R1 outside fails R2 over will take over for outside but then R1 will still recieve packets for inside. What I would like is if one HSRP fails on a router then both groups should fail over?

Richard Burts Wed, 08/08/2012 - 12:37

In the previous posts it sounded like your focus was to be sure that the HSRP on the outside would stay in sync with the HSRP on the inside. Now it seems that you also want the inside to stay in sync with the outside. So It sounds to me like what you want is to configure HSRP group 1 for inside and to have this HSRP track the outside interface. And then to configure HSRP group 2 for outside and to have this HSRP track the inside interface. This way if the inside interface goes down then both groups fail over. And if the outside interface goes down then both groups fail over.

HTH

Rick

Actions

Login or Register to take actions

This Discussion

Posted August 7, 2012 at 10:45 AM
Stats:
Replies:9 Avg. Rating:4.33333
Views:344 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard

Rank Username Points
1 15,007
2 8,150
3 7,730
4 7,083
5 6,742
Rank Username Points
155
77
70
69
50