Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Hot Standby Recovery Protocol

My company has a customer that has a Cisco 1721 and Cisco 1841. The 1841 is connected to Road Runner cable and the 1721 is connected to Verizon DSL. The 1721 connected to Verizon is strictly backup for the RR cable, which goes down occassionally.

Originally, the network was configured for dead gateway detection. The customer has several VPN's that don't work right when the line goes down using this method. A few of the servers that are setup with static NAT configurations through the 1841 router can't use the failover with the dead gateway detection. Consequently, HSRP was configured on the two routers.

Everything works great when you pull a cable out of the WAN port. However, when RR goes down, the port remains up foiling the failover.

Is there some way to have the routers detect that there is no WAN connectivity on the other side of the modem, so the WAN port goes administratively down? Actually, is there any way, given the circumstances, to make the failover happen when RR goes down but the modem keeps the WAN port up?

Thanks for your help.

Tony Lombardi

4 REPLIES
New Member

Re: Hot Standby Recovery Protocol

You can configure HSRP to calculate the interface priority based on whether another interface is up or not. You can configure it to decrement the priority when the tracked interface goes down. The idea is to have the interface priority drop below the priority of the 'other' routers' HSRP interface, making that one active.

I believe in 12.4 this has been extended to include "objects" that can be interfaces or other things. I haven't toyed with non-interface tracking.

The 12.4 mainline chapter on configuring HSRP:

http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a008042fbb3.html

HTH,

Adrian

New Member

Re: Hot Standby Recovery Protocol

Thank you for your input, Adrian. You are referring to interface tracking, which is setup on both routers in question to track the WAN interface port. As I mentioned in my initial post, it works great when you pull the cable out of the WAN port. However, when the Internet service from Road Runner goes down, the WAN port stays up because it is connected to the cable modem. The cable modem is still active and keeps the WAN port active even though there is no incoming cable signal and consequently, no connection to the Internet.

Hall of Fame Super Silver

Re: Hot Standby Recovery Protocol

Tony

As you have mentioned there is an issue in the standard implementation of HSRP which is that the tracking feature looks for changes in interface state (looks for change from line protocol up to line protocol down). But there are situations like you describe where the connection is over Ethernet and you may have lost connectivity but the interface remains line protocol up and HSRP does not fail over.

Cisco has addressed that issue and has introduced a new feature called enhanced object tracking. This link:

http://www.cisco.com/en/US/products/hw/switches/ps5532/products_configuration_guide_chapter09186a0080772fba.html

gives a good description of this new feature. While it is not written for the specific platform that you are running I think it will give you the information that you need to get you going with enhanced object tracking for HSRP and will result in HSRP failing over when you lose connectivity on the RR link.

While I am confident that this will get past the issue where HSRP does not fail over, I do not know enough about your situation to say whether it will address all of your issues. In particular I believe that the static NAT will still be problematic. And the VPNs with dead peer detection may also have issues.

HTH

Rick

New Member

Re: Hot Standby Recovery Protocol

Thanks Rick for your reply. This looks promising! I will give it a shot and let you know how it turns out.

I know what you are saying about the VPN's. I am concerned too. We did some initial testing and believe this is covered. Time will tell.

Tony

630
Views
5
Helpful
4
Replies
CreatePlease login to create content