My Idea for this would to configure HSRP on physical link. The advantage that you will get is the faster recovery in case of port bouncing back. With Vlan interface, you will have slow STP recovery in case of a link flap and also you will have a loop in the network, though STP will block it.
You're right about having it in the physical interface has faster recovery, I just tested it. Regarding the slow STP recovery and loop, I have'nt tried yet. Anyway, there is no other switch connected in these two switches. Only clustered firewalls are connected to it. In the future, if I run out of ports it will look like this;
Each port will have clustered firewalls connected to them, one in SWA port and another (cluster) in SWB port.
I still have to try HSRP in the STACK connections above so that in the future I just plug a stack member when I need more ports, any advice?
I see some problem if configuring HSRP in physical interface.
To do that, the interface should be in the "no switchport" mode.
Now I configure HSRP in SWA1 port1 and SWB1 port1. Both switches active/standby is unknown when no device is connected to their port1. When a host is connected to SWA1 port1, switch SWA1 become active and the standby is unknown, while SWB1 active/standby is still unknown. If I connect a host in both switches port1, their status is both active and standby is unknown. If I connect SWA1 and SWB1 port1 to a third switch (same VLAN), SWA1 becomes active and SWB1 becomes standby. This happens even the connection between SWA1 and SWB1 is trunk or routed (OSPF).
I guess HSRP in physical interface is good in STP connecting the core switches to distribution switches. But in my case, I guess HSRP in vlan interface is the best choice.
What happens when you connect the SWA1 and SWB1 via trunk only and configure the HSRP for all the vlans on both the switches. what happens when you connect a host on each switch. Do you see the same behaviour ?
As you described that when you use a third switch and connect it to the HSRP switches, it works OK, that means HSRP hellos have been the using the path via third switch to reach the standby router.I think in the case of L3 port only the hellos for the interface will be exchanged not for the respective vlans, that's why you saw that problem.
In your case, changing the link between the SWA1 and SWB1 to trunk should solve the purpose.As you said that every port on the switch belongs to a different vlan i.e you have to use HSRP for all the vlans.If you configure the interface connecting the switches to be a part of single vlan that means it will only pass the HSRP hellos for that vlan not for the other vlans.Configuring it trunk should solve the problem. try and let us know.
If I configure the HSRP in VLAN interface and the connection between SWA1 and SWB1 is isl trunk. The HSRP status for SWA1 is active and the standby is known as SWB1, while in SWB1 the status is standby and the active is known as SWA1. It will always be up unless I shutdown SWA1 then SWB1 will become active and the standby is unknown (sine the SWA1 is down), or I put a "standby track gi1/0/1 30" in SWA1 and SWB1 will become active when the gi1/01 in SWA1 is down and the standby is known as SWA1. The HSRP status is the same whether I put two hosts (both SWA1 and SWB1 port1), one host (SWA1 or SWB1 port1), or one l2 switch (any combination).
Since devices connected to SWA1 and SWB1 are either routers or firewalls, I think HSRP in vlan interface is the best option for me.
A little note on running HSRP on the switch stacks." HSRP hello messages are generated by the stack master. If an HSRP-active stack master fails, a flap in the HSRP active state might occur. This is because HSRP hello messages are not generated while a new stack master is elected and initialized, and the standby router might become active after the stack master fails"
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...