Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

hsrp help needed

I have been having trouble setting a backup default gateway here using hsrp, here are the configs, it basically wouldnt work, can anyone let me know if its ok, and show me amendments if poss

thanks

active router

nterface gigabitEthernet 0/0

description Default Gateway Address for xxxx

ip address 10.1.1.199 255.0.0.0

ip address 10.1.1.69 255.255.0.0 secondary

ip address 172.200.101.9 255.255.255.0 secondary

ip address 172.200.102.9 255.255.255.0 secondary

ip address 172.200.103.9 255.255.255.0 secondary

ip address 172.200.104.9 255.255.255.0 secondary

ip address 172.200.105.9 255.255.255.0 secondary

ip access-group 101 in

ip access-group 101 out

no ip proxy-arp

ip accounting output-packets

duplex auto

speed auto

standby 10 ip 10.1.1.1

standby 10 ip 10.1.1.59 secondary

standby 10 ip 172.200.101.1 secondary

standby 10 ip 172.200.102.1 secondary

standby 10 ip 172.200.103.1 secondary

standby 10 ip 172.200.104.1 secondary

standby 10 ip 172.200.105.1 secondary

standby 10 priority 110

standby 10 preempt

standby 10 authentication xxxx

interface gigabitEthernet 0/1

ip address 11.1.1.3 255.0.0.0

ip address 7.1.1.5 255.0.0.0 secondary

ip address 45.0.0.158 255.0.0.0 secondary

ip address 192.228.10.51 255.255.255.0 secondary

no ip proxy-arp

no ip mroute-cache

duplex auto

speed auto

standby priority 110

standby preempt

standby authentication xxxx

standby 10 ip 11.1.1.1

standby 10 ip 7.1.1.1 secondary

standby 10 ip 45.0.0.156 secondary

standby 10 ip 192.228.10.2 secondary

fall over router

interface FastEthernet0/0

description Default Gateway Address for xxxx

ip address 10.1.1.70 255.255.0.0 secondary

ip address 172.200.101.10 255.255.255.0 secondary

ip address 172.200.102.10 255.255.255.0 secondary

ip address 172.200.103.10 255.255.255.0 secondary

ip address 172.200.104.10 255.255.255.0 secondary

ip address 172.200.105.10 255.255.255.0 secondary

ip address 10.1.1.200 255.0.0.0

ip access-group 101 in

ip access-group 101 out

no ip proxy-arp

ip accounting output-packets

duplex auto

speed auto

standby 10 ip 10.1.1.1

standby 10 ip 10.1.1.59 secondary

standby 10 ip 172.200.101.1 secondary

standby 10 ip 172.200.102.1 secondary

standby 10 ip 172.200.103.1 secondary

standby 10 ip 172.200.104.1 secondary

standby 10 ip 172.200.105.1 secondary

standby 10 priority 100

standby 10 preempt

standby 10 authentication xxxx

!

interface FastEthernet0/1

ip address 7.1.1.4 255.0.0.0 secondary

ip address 45.0.0.157 255.0.0.0 secondary

ip address 192.228.10.50 255.255.255.0 secondary

ip address 11.1.1.2 255.0.0.0

no ip proxy-arp

no ip mroute-cache

duplex auto

speed auto

standby priority 100

standby preempt

standby authentication xxxx

standby 10 ip 11.1.1.1

standby 10 ip 7.1.1.1 secondary

standby 10 ip 45.0.0.156 secondary

standby 10 ip 192.228.10.2 secondary

10 REPLIES
Silver

Re: hsrp help needed

Hi Carl

First advice would be using different HSRP groups numbering for every interface (every network). So, for example use "standby 10" for giga0/0 in active and f0/0 in fallover and "standby 11" in giga0/1 in active and f0/1 in fallover.

Hope this helps

New Member

Re: hsrp help needed

what benifit woulf this have ? and why would we do this ?

Re: hsrp help needed

With this you will have different HSRP gorups on the router. This will create two HSRP groups which is called as MHSRP and you can configure HSRP load-balancing to pass the traffic using both the routers.

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3750/12225sec/3750scg/swhsrp.htm#wp1061629

HTH,Please rate if it does.

-amit singh

Re: hsrp help needed

In Addtion to JOSE's post, I will also suggest to change the priority to a higher value on the router interface which you want to be as active. I have see a lots of issue when you have prority set a relatively close vlaue to the HSRP default value which is 100. You have used priority as 110 on the active router, change is to something 200 or 220. The default priority for the HSRP interface is 100 so you dont have to set it manually.

HTH,

-amit singh

New Member

Re: hsrp help needed

An alternative (assuming not you're running an old IOS) is to use separate groups for each secondary IP address.

Don't bother with authentication unless you think there is a real likelihood that someone is going to put another HSRP-capable device on your LAN.

Your multinetting seems a little over-complicated - I think your problem may be the fact that you have overlapping subnets on your 0/0 interfaces. I can't see how HSRP would know which one you meant.

You also don't need the preempt on your secondary router (not that it makes any difference).

You haven't detailed the ACLs - I assume ACL101 doesn't block your HSRP traffic?! It isn't immune.

Pleas rate if this helps.

New Member

Re: hsrp help needed

thanks for your help, we dont want to load balance as the other router only has 100 mrg ports, this one has gigabit ones, so Will secondary addresses confuse it ?

New Member

Re: hsrp help needed

can anyone help here ?

Re: hsrp help needed

Carl,you can use the different HSRP group for secondry addreses just to make the config simple and have every secondry ip assign to a different group.

If you dont want to use it you should be fine with it. Just change the priority command under the interfaces as I suggested in my last post to some vlaue 200/220 and you should be fine with it.

Let me know if you need more help.

-amit singh

New Member

Re: hsrp help needed

so config should be ok as it is apart from priority command ? what benifit will using groups have and can you give me example with my config ?

thanks

Re: hsrp help needed

The benefit that you get using the HSRP groups is that you will have a different virtual IP and MAC for each group. Whenever any client from the particular subnet makes an ARP request, virtual mac from each group is send to the host. This will make a proper ARP entry for each group in the router's ARP table. You can then configure HSRP-load-balancing.

If you have only one group under the router interface for all the secondry ip's you have a single Virtual-MAC for all of the subnets. Hence you cannot have a load-balancing configure in this scenario.

HTH,

-amit singh

180
Views
0
Helpful
10
Replies
CreatePlease login to create content