Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

HSRP with different Subnets

Hi,

     How I can use 3 different Subnets on HSRP protocol on my wan interface. HSRP protocol require virtual ip address in the same subnet as physical interface ip address. Following is my subnets detail.  I assigned 50.2.3.49 to R1 and 50.2.3.50 to R2 with their subnet mask 255.255.255.240, but when I use 50.2.3.14 as virtual ip there is warning “Address is not within a subnet on this interface” I am using 50.2.3.14 as virtual IP because my ISP is routing all traffic coming for 50.2.3.49 – 62 and 50.20.7.1 – 62 to 50.2.3.14. please advise. or its OK it will work?

IPs                   Subnet mask                                Gateway

50.2.3.14           255.255.255.252                           50.2.3.13                

50.2.3.49 – 62    255.255.255.240

50.20.7.1 – 62    255.255.255.192

my default router as below

ip route 0.0.0.0 0.0.0.0 50.2.3.13

17 REPLIES
Hall of Fame Super Silver

HSRP with different Subnets

Perhaps I am not really understanding your question correctly. Why would you need HSRP on 3 subnets?

As I read your question the only thing that comes close to what you describe would be to put all 3 subnets on the WAN interface, which means that one would be primary and the other two would be secondary IP subnets. And if you try to do this you run into the problem that you can not do HSRP on the subnet with mask of 255.255.255.252. This subnet allows only 2 host addresses.

If the connection to your ISP has mask of 255.255.255.252 then it can only support one of your router interfaces. If you really want HSRP with the ISP then you need to negotiate with the ISP for additional addresses within this subnet.

As I read your description of the issue I understand that you have 3 subnets. But I wonder if you really need to use all 3 subnets on the same interface. Perhaps you can describe more about what you are trying to achieve and we might be able to give better advice about how to do it.

HTH

Rick

VIP Purple

HSRP with different Subnets

You have to configure secondary addresses on the interface. After that you can define additional HSRP-groups within that new network.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
New Member

HSRP with different Subnets

my isp assigned me follwoing IPs on single fiber link. currently there is not primary and secondary IPs. currently i am using  50.2.3.14 to my wan link and 50.2.3.49 – 62 and 50.20.7.1 – 62 IPs for NATing to my hosted servers. my ISP routed all traffic coming for 50.2.3.49 – 62 and 50.20.7.1 on 50.2.3.14.  now i want to config HSRP on my WAN link for hardware failover, now i am using 50.2.3.49 on R1 and 50.2.3.50 on R2 and i also setup virtual ip 50.2.3.14. my config as below.

IPs                   Subnet mask                                Gateway

50.2.3.14           255.255.255.252                           50.2.3.13               

50.2.3.49 – 62    255.255.255.240

50.20.7.1 – 62    255.255.255.192

R1

interface FastEthernet0/0/1

ip address 50.2.3.49 255.255.255.240

ip nat outside

ip virtual-reassembly in

standby 1 ip 50.2.3.14

standby 1 ip 50.2.3.51 secondary

standby 1 ip 50.2.3.52 secondary

standby 1 ip 50.2.3.53 secondary

standby 1 ip 50.2.3.54 secondary

standby 1 ip 50.2.3.55 secondary

standby 1 ip 50.2.3.56 secondary

standby 1 ip 50.20.7.1 secondary

standby 1 ip 50.20.7.2 secondary

standby 1 ip 50.20.7.3 secondary

standby 1 ip 50.20.7.4 secondary

R2

interface FastEthernet0/0/1

ip address 50.2.3.50 255.255.255.240

ip nat outside

ip virtual-reassembly in

standby 1 ip 50.2.3.14

standby 1 ip 50.2.3.51 secondary

standby 1 ip 50.2.3.52 secondary

standby 1 ip 50.2.3.53 secondary

standby 1 ip 50.2.3.54 secondary

standby 1 ip 50.2.3.55 secondary

standby 1 ip 50.2.3.56 secondary

standby 1 ip 50.20.7.1 secondary

standby 1 ip 50.20.7.2 secondary

standby 1 ip 50.20.7.3 secondary

standby 1 ip 50.20.7.4 secondary

Hall of Fame Super Silver

HSRP with different Subnets

It makes good sense to have a /30 subnet assigned for the WAN connection to your ISP and to have additional subnets used to NAT for your servers. I can understand that you might want to have hardware redundancy for your WAN connection. If you want that then as I suggested in my previous post the best thing for you is to negotiate with the ISP to have enough addresses in the WAN subnet to do HSRP. Trying to use addresses from your NAT range for HSRP does not make such good sense.

I see what you have posted as interface configuration but have difficulty believing that it is actually configured on an interface. Every version of IOS that I have used would reject this command standby 1 ip 50.2.3.14 as invalid if the standby address were in a subnet different from the interface primary address.

HTH

Rick

New Member

HSRP with different Subnets

if my ISP does not help me in WAN IPs (50.2.3.14/30 to 50.2.3.14/29) then what would be the possible solution. i am using 151-4.M4 IOS. when i try to assign different subnet ip i get %warning “Address is not within a subnet on this interface” and when i run show standby i get 

FastEthernet0/0/1 - Group 1

  State is Init (interface down)

  Virtual IP address is 50.2.3.14 (wrong subnet for this interface)

    Secondary virtual IP address 50.2.3.51

    Secondary virtual IP address 50.2.3.52

    Secondary virtual IP address 50.2.3.53

    Secondary virtual IP address 50.2.3.54

    Secondary virtual IP address 50.2.3.55

    Secondary virtual IP address 50.2.3.56

    Secondary virtual IP address 50.20.7.1 (wrong subnet for this interface)

    Secondary virtual IP address 50.20.7.2 (wrong subnet for this interface)

    Secondary virtual IP address 50.20.7.3 (wrong subnet for this interface)

    Secondary virtual IP address 50.20.7.4 (wrong subnet for this interface)


Hall of Fame Super Blue

HSRP with different Subnets

Firstly when using IPs for NAT you do not need to assign them to an interface. The IPs only need to be routed to your router so you do not need all those secondary IP statements. For the IPs you use for NAT you simply need NAT statements on the router and if using an acl inbound obviously you need to allow the traffic through.

As for the /30 subnet which is used for your connection to the ISP you can't really do anything as Rick has said. You need a /29 if you want to run HSRP. You could either ask your ISP to increase the /30 subnet or negotiate with them for a new /29 subnet. if you use a new subnet both you and the ISP will need to readdress their respective router interfaces.

Jon

Hall of Fame Super Silver

HSRP with different Subnets

You ask "if my ISP does not help me in WAN IPs ". My response is that if your ISP does not help you with WAN IPs then there is not any alternative in which you can run HSRP.

You have asked pretty much this same question in several different ways. Jon and I have attempted to answer them and the answer consistently is that HSRP is not something that you can do on your own. It requires that the ISP route the IP addresses assigned to you with at least a /29 WAN subnet. If the ISP does this then it is possible for you to run HSRP. And if the ISP does not then it is not possible for you to run HSRP.

HTH

Rick

New Member

HSRP with different Subnets

Thank you all, specially Richard who always describe in detail , i am in contact with my ISP and hope for the best.

Hall of Fame Super Silver

Re: HSRP with different Subnets

I am glad you in touch with your ISP. In my experience they are generally cooperative in questions like this.

As Jon pointed out it is easy if the ISP can just expand the current subnet. Both the ISP and you will need to make changes if they need to assign a different subnet.

HTH

Rick

Sent from Cisco Technical Support iPhone App

New Member

HSRP with different Subnets

Hi Qasim,

Usually if redundancy is required over the WAN link you should run a dynamic routing protocol with your ISP, typically BGP.

For high availability the best and simple way is BGP on the WAN interfaces and HSRP on the LAN interfaces.

Ahmed

New Member

HSRP with different Subnets

Finally I got 50.204.25.8/29 subnet IPs from ISP and I have 50.2.3.49 – 62 and 50.20.7.1 – 62.  As I mentioned in my previous post, ISP routed all traffic coming for 50.2.3.49–62 and 50.20.7.1–62 to 50.2.3.14. now they have changed the IP to 50.204.25.10 which is working fine now. Now my question is do I need to use different Standby group id for each subnet or I can use same standby group id for all subnets. Following is my config which I thought is correct. Please let me know if I am wrong. Thanks for all of you.

IPs                              Subnet mask                                Gateway

50.204.25.10           255.255.255.248                           50.204.25.9            

50.2.3.49 – 62        255.255.255.240

50.20.7.1 – 62       255.255.255.192

R1

interface FastEthernet0/0/1

ip address 50.204.25.11 255.255.255.248

ip address 50.2.3.50 255.255.255.240 secondary

ip address 50.20.7.2 255.255.255.192 secondary

ip nat outside

ip virtual-reassembly in

standby 1 ip 50.204.25.10

standby 1 ip 50.204.25.13 secondary

standby 1 ip 50.204.25.14 secondary

standby 2 ip 50.2.3.49

standby 2 ip 50.2.3.52 secondary

standby 2 ip 50.2.3.53 secondary

standby 2 ip 50.2.3.54 secondary

standby 3 ip 50.20.7.1

standby 3 ip 50.20.7.4 secondary

standby 3 ip 50.20.7.5 secondary

standby 3 ip 50.20.7.6 secondary

R2

interface FastEthernet0/0/1

ip address 50.204.25.12 255.255.255.248

ip address 50.2.3.51 255.255.255.240 secondary

ip address 50.20.7.3 255.255.255.192 secondary

ip nat outside

ip virtual-reassembly in

standby 1 ip 50.204.25.10

standby 1 ip 50.204.25.13 secondary

standby 1 ip 50.204.25.14 secondary

standby 2 ip 50.2.3.49

standby 2 ip 50.2.3.52 secondary

standby 2 ip 50.2.3.53 secondary

standby 2 ip 50.2.3.54 secondary

standby 3 ip 50.20.7.1

standby 3 ip 50.20.7.4 secondary

standby 3 ip 50.20.7.5 secondary

standby 3 ip 50.20.7.6 secondary

Hall of Fame Super Silver

HSRP with different Subnets

Perhaps I am still not understanding what you are trying to achieve. But I think that this config is not correct. For one thing you can do the primary address and all of the secondary addresses in a single HSRP group. So I do not see anything that  needs more than one group. Also one of the subnets will be primary and the other subnets will be secondary. But you are configuring an address as primary and then several other addresses within the same subnet as secondary. This is not how it is supposed to be done.

HTH

Rick

New Member

HSRP with different Subnets

I am configuring an IP address (on Interface) and then i am configuring other (same subnet) IPs as secondary in Standby group so that all IPs stay in same MAC address created by HSRP.

Hall of Fame Super Silver

HSRP with different Subnets

Thank you for the explanation of what you are trying to accomplish. I am not certain but I suspect that it will not work. If you are going to try to do this I would suggest that you try configuring it with each IP address in its own HSRP group.

HTH

Rick

New Member

HSRP with different Subnets

Thank you Sir, i will try and get back to you with result.

do you mean each IP address as each subnet?

New Member

Qasim,Long time, but no

Qasim,

Long time, but no answer. Probably not interested anymore. However, here it goes:

You do not necessary need to use IPs from:

50.2.3.49 – 62    255.255.255.240

50.20.7.1 – 62    255.255.255.192

but I used the one you tried.

Assuming your interfaces are Fa0/0

Router 1:
int f0/0
ip add 50.2.3.49 255.255.255.240
standby 1 name hsrp
standby 1 ip 50.2.3.51
standby 1 ip 50.2.3.14 secondary
standby 1 preempt
standby 1 priority 20
standby 1 track f0/0
!
ip route 50.2.3.12 255.255.255.252 f0/0

Router 2
int f0/0
ip add 50.2.3.50 255.255.255.240
standby 1 name hsrp
standby 1 ip 50.2.3.51
standby 1 ip 50.2.3.14 secondary
standby 1 preempt
standby 1 priority 15
!
ip route 50.2.3.12 255.255.255.252 f0/0

Hall of Fame Super Silver

Using something like "standby

Using something like "standby 1 ip 50.2.3.14 secondary" makes sense and works when there is a secondary address configured on the interface. It does not make much sense when there is no secondary address. And I suspect that if you did this on real IOS routers that the HSRP negotiation would fail and therefore the virtual address would not be activated.

 

I would also note that doing track f0/0 does not make much sense when you are configuring it on f0/0. You usually configure track to know the status of some other interface on the router. Also using the static route and specifying f0/0 instead of a next hop is a sub-optimal way to configure a static route. It might work or it might not work depending on whether the next hop router has enabled proxy arp or not. And even if it does work it makes the router work harder than a static route with a next hop.

 

HTH

 

Rick

2814
Views
0
Helpful
17
Replies