Cisco Support Community
Community Member

HSRP group limitations under mpls vpn subinterfaces

It's a curiosity since I have been told that there could be a strange limitation regarding HSRP standby group configurable under subinterfaces. Somebody says that he experienced a max number of 28 different groups under a physical interface. It's really a number that I never seen (256 in theory for ethernet interface and 16 on the MSFC2/PFC2).

Is there some news or it could be a bug ?




Re: HSRP group limitations under mpls vpn subinterfaces

Marco, yes, you are right. Ethernet: 256 per router. FDDI: 256 per router.

Token Ring: 3 per router (uses reserved functional address). Note: 4x00 series and lower do not have the hardware required to support more than one MAC address at a time on Ethernet interfaces. However, the Cisco 2600 and Cisco 3600 do support multiple MAC addresses on all Ethernet and fast Ethernet interfaces. The Policy Feature Card 2 (PFC2) /MSFC2 supports a maximum of 16 unique HSRP groups. You can reuse the same HSRP group numbers in different VLANs if more than 16 HSRP groups are needed.

Several Ethernet (Lance and QUICC) controllers in low-end products can only have a single unicast MAC address in their address filter. On these platforms only a single HSRP group is permitted, and the interface address is changed to the HSRP virtual MAC address when the group becomes Active. If you're using HSRP on routers with multiple interfaces of this type, you should configure each interface with a different HSRP group number.

It is recommend that you have no more than twenty-four HSRP Ethernet Interface Processors (EIPs) due to the time it takes to update the address filters for HSRP. Having more than twenty-four HSRP EIPs can cause instability and excessive CPU load. This defect has Cisco bug ID CSCdj29595. If you are a registered CCO user and you have logged in, you can view the bug details.

HSRP groups on subinterfaces must have a group number unique among all other groups on all subinterfaces on the same main interface. This is because subinterfaces don't receive a unique SNMP interface index. If you had two groups with the number N on different subinterfaces, then in the Management Information Base (MIB), group N on sub-interface 1 and group N on sub-interface 2 would appear to be the same group.This is the information available. So I am not really sure about how many HSRP groups can be configured on the subinterface.

You can check for possible bugs using the Bug Toolkit available on the TAC site.

Community Member

Re: HSRP group limitations under mpls vpn subinterfaces

I thank you very much for the large and clear anser. I would tell you that in the meanwhile I have been told that there should be a known limitation regarding ethernet/fastethernet PA installed on VIP cards. There it's seems to be present a 24 HSRP group configured limit due to a VIP explicit limitation in handling MAC address (virtual).

Thanks again for your kind reply.


CreatePlease to create content