cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1029
Views
4
Helpful
6
Replies

HSRP w/ More than 255 Vlans

johnnylingo
Level 5
Level 5

Question regarding HSRP. In all the implementations I've done, I used a different group for each instance. So Vlan1 would use group 1, Vlan2 uses group 2 and so on.

I recently took over a network where they have more than 255 Vlans, and are running HSTP with everything in group 0.

Are there any ill effects that can happen from this?

interface Vlan241

ip address 192.168.241.2 255.255.255.0

no ip redirects

ip pim sparse-dense-mode

standby ip 192.168.241.1

standby timers 1 3

standby priority 110

standby preempt delay minimum 60

standby 241 preempt

!

interface Vlan242

ip address 192.168.242.2 255.255.255.0

no ip redirects

ip directed-broadcast 100

ip pim sparse-dense-mode

standby ip 192.168.242.1

standby timers 1 3

standby priority 110

standby preempt delay minimum 60

standby 242 preempt

!

1 Accepted Solution

Accepted Solutions

Since most of the switches we ship are limited in the number of HSRP groups you can configure, this is a perfectly normal configuration.

This does open you up to a potentially bad problem, however, which happens whenever the VLANs are accidently bridged together (usually by a cable linking them together). Before the VLANs can talk to each other, each VLAN (broadcast domain) has probably 2 HSRP-speaking devices on it, of which one will be active. When the VLANs are bridged together, all of a sudden 4 HSRP devices (routers) are within broadcast range of each other, so they start to hear each others hello's. Since HSRP only uses group # to decide who should be active, only 1 of the 4 routers of our new broadcast domain will become active, leaving the PC's on one of the VLANs without a default gateway (both will be in standby).

If you can keep people from plugging cables between access ports in each VLAN, though, this'll work perfectly :).

View solution in original post

6 Replies 6

alsayed
Level 1
Level 1

Hello!

The previous Config seems useless cause u have the 2nd switch acts as standby mode for Vlan 242 and so one. e.g the Load is on the 1st switch the second switch saty without work until the the 1st switch goes down.

i would suggest the following:

1)if Ur switch support GLBP Go with it to do load balence across all vlans

2)if u will go with HSRP Try to mak switch1 Root primary for Vlan 254 and on the Switch 2 root secondary for Vlan 254 as well as vlan 254 primary on the switch 2 and root secondary on switch 1.I Mean manula Traffic Sharing

10xs

glen.grant
VIP Alumni
VIP Alumni

We don't have that many but we run about 80 vlans all in standby group 1 and it works fine . You load balance by configuring which side is the active side and setting your spanning tree correspondingly .

Thanks, I guess that's the information I needed. I don't see any reason why it wouldn't work, but just was curious if I'm missing something.

Since most of the switches we ship are limited in the number of HSRP groups you can configure, this is a perfectly normal configuration.

This does open you up to a potentially bad problem, however, which happens whenever the VLANs are accidently bridged together (usually by a cable linking them together). Before the VLANs can talk to each other, each VLAN (broadcast domain) has probably 2 HSRP-speaking devices on it, of which one will be active. When the VLANs are bridged together, all of a sudden 4 HSRP devices (routers) are within broadcast range of each other, so they start to hear each others hello's. Since HSRP only uses group # to decide who should be active, only 1 of the 4 routers of our new broadcast domain will become active, leaving the PC's on one of the VLANs without a default gateway (both will be in standby).

If you can keep people from plugging cables between access ports in each VLAN, though, this'll work perfectly :).

I probably should have mentioned that if, in the above case, you were using 2 different HSRP group #'s, the extra HSRP hello's would have been ignored by the other group, and everyone still would have had a gateway. Of course, now, its harder to tell when your VLANs are bleeding into each other.

My gut was telling me there was a potential issue with this configuration, and you nailed it. I'm planning to roll out BPDUGuard and port-security to have a control over unauthorized bridged being plugged in to the network, so hopefully that will be an acceptable safeguard against HSRP and other multicast applications getting hosed.

Thanks for the post - 5 stars!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco