07-30-2009 02:47 AM - edited 03-06-2019 07:01 AM
please find attached diagram for reference.In cisco 3560 i am doing HSRP towards the lan side with the firewall.Now i want to track both interfaces fa0/1 & fa0/2 on my cisco 3560 switches so that HSRP will be shifted to another cisco 3560 switch and accordingly firewall can toggle between master-backup.i have teh follwing config..
Switch# configure terminal
Switch(config)# interface gigabitethernet0/1
Switch(config-if)# no switchport
Switch(config-if)# ip address 192.168.1.81 255.255.255.248
Switch(config-if)# standby version 2
Switch(config-if)# standby 1 ip 192.168.1.83
Switch(config-if)# standby 1 priority 110
Switch(config-if)# standby 1 preempt
Switch(config-if)# standby 1 track fast ethernet 0/1 10
Switch(config-if)# standby 1 track fast ethernet 0/2 10
Switch(config-if)# end
Switch# configure terminal
Switch(config)# interface gigabitethernet0/1
Switch(config-if)# no switchport
Switch(config)# ip address 192.168.1.82 255.255.255.248
Switch(config-if)# standby version 2
Switch(config-if)# standby 1 ip 192.168.1.83
Switch(config-if)# standby 1 preempt
Switch(config-if)# end
what will happen if any of the interface fa0/1 or 0/2 fails.
Note==Doing BGP with service provider and received default route in BGP from service provider which is redistributed in ospf which is running between Cisco 3845 and cisco 3560.
Shall i go ahaed with tracking ip routing table instead of interface.if yes what would be configuration in that case.
07-30-2009 04:32 AM
Hello Sameer,
with your configuration if only one of fas0/1 and fas0/2 fails the HSRP active is still Switch1:
110-100 = 100 and if priority are equal Switch2 cannot preempt.
if you want that Switch2 preempts when only one of the fas0/1 or fas0/2 fails you need to use something:
on Switch1:
conf t
int g0/1
standby 1 priority 105
Hope to help
Giuseppe
07-30-2009 07:58 PM
Hi
Thanks for the reply.please confirm following things..
1-so as i configured i can track 2 interfaces at a time-- pl confirm
2-as u mentioned even if one of the two intefrcaces goes down still switch 1 will be master which is my actual requirement considering the return traffic from internet router.so if link between switch1 and internet router1 fails, return traffic from internet router will come to switch2 and from there it will come to switch1 via the L2 link between 2 switches.pl confirm..i am running ospf between my switches and routers.if this is happening my problem would be resolved
07-31-2009 12:29 AM
Hello Sameer,
1) you are tracking both at the same time
2) if link with provider fails and switch1 has an OSPF default route or an iBGP session with switch2 it will revert to send traffic to switch2, return traffic as you noted will come back via switch2
Hope to help
Giuseppe
07-31-2009 12:53 AM
Hi
As per the diagram suppose Left side Internet router is primary and right side is backup and my link from switch 1-Router1 fails,switch 1 will remain master because priority will change from 110-105 but switch1 will have connectivity to Router2 which is backup (Link between switch1-switch2 is L2 link)..ideally in this case switch2 should become master as it has link to primary router which is up..return traffic wont have any issue in this..
how to taccle this problem.shall i make link between 2 switches as routed link.if i did that weather it will support the HSRP for the lan side between 2 switches..
07-31-2009 01:36 AM
I can't view the diagram (what format is it in) but it is standard practice to have a L3 link between your switches. Tracking interfaces won't necessarily tell you if the default route is unavailable.
07-31-2009 01:47 AM
07-31-2009 02:01 AM
Hello Sameer,
this network diagram looks like familiar, isn't it?
be aware that on the L2 link you can also have L3 communication if you make it a L2 trunk and you allow a vlan for which you have defined an SVI interface on both switches.
In this way you can have OSPF and/or iBGP routing between the two as we have discussed in previous thread(s) that were focused on the upper part of diagram on border routers and switches.
Then you can also allow the vlan facing firewalls carried over the same L2 trunk link between the two switches to make effective use of HSRP.
Hope to help
Giuseppe
07-31-2009 02:29 AM
Hi
i got this point.if you see th actual config i sent u in my first thread i had not configured any vlan for firewall facing side but the port facing towards firewall was cofigired with NO SWITCHPORT and ip was assigned directly to Gig port but now it seems i need to create vlan for that port and HSRP will be configured for the SVI configured for that vlan.Also the link between 2 switches would be trunk link and will have L2 interface for the vlan configured for firewall and another vlan which will have svi configured which would be used for routing.
last post i attached same diagram because it was not visible to someone.
i have done the changes as written above in diagram attached now.
08-03-2009 09:39 PM
Hi Giuseppe
i ahve done the changes as per your input and attachment has the details.can u just have a look on the same for ur inputs..
Sameer
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide