Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

HSRP Distance limitation?

Hi Folks

I have a customer that is adding redudancy in the network in their facility. A few months ago, they have added a secondary telecom room within the campus but in a different building. The service provider will move/install the backup circuit (MPLS) over there, but prior to do that we are working in the design. there is a fiber optic connecting the 2 telecom room already

Furthermore, my customer has already installed an stack of 3750 on the secondary telecom room and has configured HSRP with the other stack of 3750 currently in the main telecom room for LAN redundancy. It works fine.

the customer is taking advantage of this redesign in order to put 2 Fortinet firewall between the service providers routers (primary & secondary) and each stack. Thus, in each Telecom room we will have 1 CE Router (SP)  -------- 1 FW ------  1 3750 stack

The service provider is reluctant to configure HSRP between their 2 routers.

My question is, is there any limitation in distance (around 1 Km in this particular case) in order to avoid configuring the HSRP in the routers? specially when we have it working on 3750 stacks in the exactly same locations?

The goal is to simplify configuration by using  HSRP.



Re: HSRP Distance limitation?

HSRP could be used in this topology.  The physical distance may introduce some latency but I doubt 1 kilometer will even be noticeable.  HSRP hello and dead timers are adjustable; I usually set them to 1 second hello's with a 3 second dead timer.

Why not consider a dynamic routing protocol?  I'm not familiar with the Fortinet firewall, but most network devices support RIPv2 at a minimum and many support OSPF.  This dynamic routing relationship could extend from the SP managed CE through the firewalls to the 3750's.


New Member

Re: HSRP Distance limitation?

Hi Chris

Since it is the customer who finally will take care of its own network, they prefer to avoid routing protocols involved if possible.

As a backup plan, we are currently testing with OSPF and the default-information originate option plus ip sla tracking and that allows us to change of default gateway dynamically.

We still need to tune the fortigate portion

Thx, Jorge

CreatePlease to create content