HSRP is a fairly simple concept that works by having one router within an HSRP group be selected as the primary, or active router.
That primary will handle all routing requests while the other routers within the HSRP group simply wait in a standby state. These standby routers remain ready to take on all of the traffic load if the primary router becomes unavailable. In this scenario, HSRP provides high network availability since it routes IP traffic without depending on a single router.
That primary will handle all routing requests while the other routers within the HSRP group simply wait in a standby state. These standby routers remain ready to take on all of the traffic load if the primary router becomes unavailable. In this scenario, HSRP provides high network availability since it routes IP traffic without depending on a single router.
The hosts that use the HSRP address as a gateway never know the actual physical IP or MAC address of the routers in the group. Only the virtual IP address that was created within the HSRP configuration along with a virtual MAC address is known to other hosts on the network.
Hot Standby Router Protocol
Basic HSRP Configuration
Before we discuss more advanced HSRP concepts, lets create a basic HSRP configuration to get an idea of how this all works. For this scenario we will use a topology consisting of just two core switches. Keep in mind that one or both of these routers. But for this discussion let’s just refer them as core switches.
CORESW1-6509 and CORESW2-6509 will both be configured to be in standby group 1. The HSRP address will be given an IP address of 156.50.196.1/24. All hosts on the segment and in the VLAN will use this address as their default gateway.
CORESW1-6509(config)#interface VLAN 100
CORESW1-6509(config-if)#ip address 156.50.196.2
CORESW1-6509(config-if)#standby 1 ip 156.50.196.1
CORESW2-6509(config)#interface VLAN 100
CORESW2-6509(config-if)#ip address 156.50.196.3
CORESW2-6509(config-if)#standby 1 ip 156.50.196.1
To see the status of HSRP use the command show standby. This is the first command you should run to ensure that HSRP is running and configured properly.
CORESW1-6509#show standby
VLAN 100 - Group 1
Local state is Standby, priority 100
Hellotime 3 sec, holdtime 10 sec
Next hello sent in 0.776
Virtual IP address is 156.50.196.1 configured
Active router is 156.50.196.3, priority 100 expires in 9.568
Standby router is local
1 state changes, last state change 00:00:22
CORESW2-6509#show standby
VLAN 100 - Group 1
Local state is Active, priority 100
Hellotime 3 sec, holdtime 10 sec
Next hello sent in 2.592
Virtual IP address is 156.50.196.1 configured
Active router is local
Standby router is 156.50.196.2 expires in 8.020
Virtual mac address is 0000.0c07.ac05
2 state changes, last state change 00:02:08
We can see that CORESW2-6509 has been selected as the Active core switch ("Local state is Active"), the virtual core switch's IP is 156.50.196.1, and CORESW1-6509 is the standby core switch.
Controlling the Active HSRP Router
There are more HSRP values that you'll need to change from time to time to ensure complete control over your network traffic. For example, what if we wanted CORESW1-6509 to be the Active core switch instead of CORESW2-6509? To force a particular core switch to be the active core switch in an HSRP group you will need to use the priority command.
The default priority is 100. The higher priority will determine which core switch is active. If both core switchs are set to the same priority, the first core switch to come up will be the active core switch.
Using our example above, this is how the commands would look.
CORESW1-6509(config)#interface VLAN 100
CORESW1-6509(config-if)#ip address 156.50.196.2
CORESW1-6509(config-if)#standby 1 ip 156.50.196.1
CORESW1-6509(config-if)#standby 1 priority 200 <-- Add this to force CORESW1-6509 to be active
CORESW2-6509(config)#interface VLAN 100
CORESW2-6509(config-if)#ip address 156.50.196.3
CORESW2-6509(config-if)#standby 1 ip 156.50.196.1
Keeping the Active Core switch Active
In our scenario above, if CORESW1-6509 fails, CORESW2-6509 will become active. This is perfect! But, if CORESW1-6509 comes back up and returns to service, CORESW2-6509 will continue to stay active. This may not be a preferred behavior. There are times when you may always want CORESW1-6509 to be in an active state in the HSRP group. Cisco provides a way for use to control this by using the Preempt command. Preempt forces a core switch to be active after recovering from a failure.
Here again is our two core switch topology, with the preempt command added. CORESW1-6509(config)#interface VLAN 100
CORESW1-6509(config-if)#ip address 156.50.196.2
CORESW1-6509(config-if)#standby 1 ip 156.50.196.1
CORESW1-6509(config-if)#standby 1 priority 200
CORESW1-6509(config-if)#standby 1 preempt <-- Add this to force CORESW1-6509 to return to active state after failure
CORESW2-6509(config)#interface VLAN 100
CORESW2-6509(config-if)#ip address 156.50.196.3
CORESW2-6509(config-if)#standby 1 ip 156.50.196.1
Do you still have questions about this configuration or another question about HSRP? If you need a flash presentation files, please contact me directly @thinnawutp@gmail.com and/or Leave a comment below and let’s work on it. CORESW1-6509 and CORESW2-6509 will both be configured to be in standby group 1. The HSRP address will be given an IP address of 156.50.196.1/24. All hosts on the segment and in the VLAN will use this address as their default gateway.
CORESW1-6509(config)#interface VLAN 100
CORESW1-6509(config-if)#ip address 156.50.196.2
CORESW1-6509(config-if)#standby 1 ip 156.50.196.1
CORESW2-6509(config)#interface VLAN 100
CORESW2-6509(config-if)#ip address 156.50.196.3
CORESW2-6509(config-if)#standby 1 ip 156.50.196.1
To see the status of HSRP use the command show standby. This is the first command you should run to ensure that HSRP is running and configured properly.
CORESW1-6509#show standby
VLAN 100 - Group 1
Local state is Standby, priority 100
Hellotime 3 sec, holdtime 10 sec
Next hello sent in 0.776
Virtual IP address is 156.50.196.1 configured
Active router is 156.50.196.3, priority 100 expires in 9.568
Standby router is local
1 state changes, last state change 00:00:22
CORESW2-6509#show standby
VLAN 100 - Group 1
Local state is Active, priority 100
Hellotime 3 sec, holdtime 10 sec
Next hello sent in 2.592
Virtual IP address is 156.50.196.1 configured
Active router is local
Standby router is 156.50.196.2 expires in 8.020
Virtual mac address is 0000.0c07.ac05
2 state changes, last state change 00:02:08
We can see that CORESW2-6509 has been selected as the Active core switch ("Local state is Active"), the virtual core switch's IP is 156.50.196.1, and CORESW1-6509 is the standby core switch.
Controlling the Active HSRP Router
There are more HSRP values that you'll need to change from time to time to ensure complete control over your network traffic. For example, what if we wanted CORESW1-6509 to be the Active core switch instead of CORESW2-6509? To force a particular core switch to be the active core switch in an HSRP group you will need to use the priority command.
The default priority is 100. The higher priority will determine which core switch is active. If both core switchs are set to the same priority, the first core switch to come up will be the active core switch.
Using our example above, this is how the commands would look.
CORESW1-6509(config)#interface VLAN 100
CORESW1-6509(config-if)#ip address 156.50.196.2
CORESW1-6509(config-if)#standby 1 ip 156.50.196.1
CORESW1-6509(config-if)#standby 1 priority 200 <-- Add this to force CORESW1-6509 to be active
CORESW2-6509(config)#interface VLAN 100
CORESW2-6509(config-if)#ip address 156.50.196.3
CORESW2-6509(config-if)#standby 1 ip 156.50.196.1
Keeping the Active Core switch Active
In our scenario above, if CORESW1-6509 fails, CORESW2-6509 will become active. This is perfect! But, if CORESW1-6509 comes back up and returns to service, CORESW2-6509 will continue to stay active. This may not be a preferred behavior. There are times when you may always want CORESW1-6509 to be in an active state in the HSRP group. Cisco provides a way for use to control this by using the Preempt command. Preempt forces a core switch to be active after recovering from a failure.
Here again is our two core switch topology, with the preempt command added. CORESW1-6509(config)#interface VLAN 100
CORESW1-6509(config-if)#ip address 156.50.196.2
CORESW1-6509(config-if)#standby 1 ip 156.50.196.1
CORESW1-6509(config-if)#standby 1 priority 200
CORESW1-6509(config-if)#standby 1 preempt <-- Add this to force CORESW1-6509 to return to active state after failure
CORESW2-6509(config)#interface VLAN 100
CORESW2-6509(config-if)#ip address 156.50.196.3
CORESW2-6509(config-if)#standby 1 ip 156.50.196.1
0 comments:
Post a Comment