Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Cisco 871-SEC-K9 ,HSRP & DMVPN

Hi all,

2x871-sec-k9 routers connected to different ISP.Inside ports are connected to 2950 switch.

I need to be sure that this topology will work for HSRP and DMVPN.

I've read in some forum that one can assign an ip address to any int fa0/0-3 (which I find hard to believe), so that it can become a second wan link connection.

That would be a very good solution for deploying only one router to the site.

Just to make sure if above assumption is wrong I plan to have 2x 871-sec-k9 routers.

Can I assign HSRP commands to vlan interfaces so that HSRP will work?

regards,

Lulzim

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Cisco 871-SEC-K9 ,HSRP & DMVPN

Hi Litzim,

I understand your requirement now but unfortunately HSRP cannot be configured on a single router and basically you do not need HSRP with single router.

HSRP is for gateway load balancing and also provide default gateway redundancy for lan network. But with single router you do not need this as there will be only one gateway for your lan network.

If you want redundancy for your wan network then you can configure 2 default routes with different admin distance so that if one wan link is down your packets can move out of second wan interface. Something like this

ip route 0.0.0.0 0.0.0.0 fa0/0 90

ip route 0.0.0.0 0.0.0.0 fa0/1 100

In this way fa0/0 will always be preferred and once fa0/0 goes down traffic will start going out using fa0/1.

HTH

Ankur

*Pls rate all helpfull post

7 REPLIES
Cisco Employee

Re: Cisco 871-SEC-K9 ,HSRP & DMVPN

Hi Lulzim,

871 router has only one WAN interface which is 10/100 fathernet interface where you can assign an ip address and you cannot assign ip address on fa0/0-3 interfaces as they are lan ports.

Yes you can configure HSRP on vlan interfaces on 871 router. However when running HSRP on VLAN interface, 871 router does not respond to packets directed to the virtual mac-address when active and workaround is to configure "standby use-bia" on the vlan interface.

There was a bug filed for the same

http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCsb98540&Submit=Search

This bug is already resolved in some latest releases.

HTH

Ankur

*Pls rate all helpfull post

Community Member

Re: Cisco 871-SEC-K9 ,HSRP & DMVPN

Hi Ankur,

thank you for clearing my doubts.

I oversaw existence of Cisco router 1811/K9 that comply exactly to the requirement of having backup ethernet links.

Will I have the same issue with Cisco-1811/K9?

Thanks again

Lulzim

Cisco Employee

Re: Cisco 871-SEC-K9 ,HSRP & DMVPN

Hi LUlzim,

Yes you are correct. 1811/K9 router has dual 10/100 WAN ports.

Each of the Cisco 1800 Series fixed-configuration routers is equipped with either an ISDN BRI, V.92 analog modem, or Ethernet port for secondary WAN backup connection. If the primary DSL, cable, or Ethernet-access WAN is disconnected for some reason, the router will detect this failure and will fail over to the secondary backup WAN.

This link will give you more details about 1800 series router

http://www.cisco.com/en/US/products/ps5853/products_data_sheet0900aecd8028a95f.html

HTH

Ankur

*Pls rate all helpfull post

Community Member

Re: Cisco 871-SEC-K9 ,HSRP & DMVPN

Thanks again Ankur,

I have configured HSRP on 2800 routers on Inside Ethernet Interfaces and I'm little bit confused where to put HSRP commands on 1811 router.

best regards

Lulzim

Cisco Employee

Re: Cisco 871-SEC-K9 ,HSRP & DMVPN

Hi Lilzim,

AFAIK it supports vlan interfaces, so try configuring vlan interface and see if that works. If yes then assign same subnet ip address what you have configured on 2800 ethernet interfaces and then configured HSRP between them.

Also it has 2 layer3 ethernet interfaces and if you are not using second one as backup , try configuring the second one for HSRP with 2800.

HTH

Ankur

*Pls rate all helpfull post

Community Member

Re: Cisco 871-SEC-K9 ,HSRP & DMVPN

Hi Ankur,

sorry that I misled you. What I meant is that it was easy for me to configure HSRP when I had a different costumer & topology with 2 different routers (2800) and a switch in between on the inside network. And it worked.One apply the HSRP commands to inside interfaces one both routers and thats it.

On that topology there is a clear difference that what is inside and what is outside.

Now I wont to assure my client before purchasing a lot of 1811-s, that 1811 is a solution that will work.

Please find the attached pdf document

best regards

Luli

Cisco Employee

Re: Cisco 871-SEC-K9 ,HSRP & DMVPN

Hi Litzim,

I understand your requirement now but unfortunately HSRP cannot be configured on a single router and basically you do not need HSRP with single router.

HSRP is for gateway load balancing and also provide default gateway redundancy for lan network. But with single router you do not need this as there will be only one gateway for your lan network.

If you want redundancy for your wan network then you can configure 2 default routes with different admin distance so that if one wan link is down your packets can move out of second wan interface. Something like this

ip route 0.0.0.0 0.0.0.0 fa0/0 90

ip route 0.0.0.0 0.0.0.0 fa0/1 100

In this way fa0/0 will always be preferred and once fa0/0 goes down traffic will start going out using fa0/1.

HTH

Ankur

*Pls rate all helpfull post

1515
Views
5
Helpful
7
Replies
CreatePlease to create content