HSRP on SVI (Vlan interface)

Initial Configuration

Create 4 VLANs, 10,20,30,40
Trunk between the 3 Switches
or you can follow the configuration from previous lab for the 3 Switches click here

create SVI for VLAN 10 on CORE1 and CORE2

CORE1(config)#int vlan 10
CORE1(config-if)#ip add 10.10.10.1 255.255.255.0
CORE1(config-if)#no shut

CORE2(config)#int vlan 10
CORE2(config-if)#ip add 10.10.10.2 255.255.255.0
CORE2(config-if)#no shut

configure connectivity between CORE1 and R1
on CORE1 convert L2 into L3 port to assign IP address to it

CORE1(config)#int gi1/48
CORE1(config-if)#no switchport
CORE1(config-if)#ip add 192.168.1.1 255.255.255.252
CORE1(config-if)#no shut

R1(config)#int gi0/1

R1(config-if)#ip add 192.168.1.2 255.255.255.252

R1(config-if)#no shut

configure connectivity between CORE2 and R1, CORE2 using SVI
create new VLAN and it's SVI on CORE2 for this connection, assign as access port

 CORE2(config)#int gi7/48

CORE2(config-if)#switchport

CORE2(config-if)#switchport mode access

CORE2(config-if)#switchport access vlan 19

CORE2(config)#int vlan 19
CORE2(config-if)#ip add 192.168.2.1 255.255.255.0
CORE2(config-if)#no shut

configure Routing on CORE1, CORE2 and R1

HSRP

now we'll create HSRP for VLAN 10

on CORE1
CORE1(config)#int vlan 10
CORE1(config-if)#standby 10 ip 10.10.10.99

on CORE2

CORE2(config)#int vlan 10
CORE2(config-if)#standby 10 ip 10.10.10.99

 it's that simple, show standby to make sure HSRP is working

CORE1#sh stand
Vlan10 - Group 10
  Local state is Active, priority 100 default priority is 100
  Hellotime 3 sec, holdtime 10 sec
  Next hello sent in 1.732
  Virtual IP address is 10.10.10.99 configured
  Active router is local this is primary router
  Standby router is 10.10.10.2 expires in 8.696 router 10.10.10.2 is standby
  Virtual mac address is 0000.0c07.ac0a
  2 state changes, last state change 00:01:55
  IP redundancy name is "hsrp-Vl10-10" (default)

CORE2#sh stand
Vlan10 - Group 10
  Local state is Standby, priority 100
  Hellotime 3 sec, holdtime 10 sec
  Next hello sent in 0.506
  Virtual IP address is 10.10.10.99 configured
  Active router is 10.10.10.1, priority 100 expires in 9.408
  Standby router is local
  1 state changes, last state change 00:04:06
  IP redundancy name is "hsrp-Vl10-10" (default)

manipulate priority to control active/standby router, the higher the value, the higher the chance to become an active
we'll make CORE2 (router 10.10.10.2) to be the active

CORE2(config-if)#standby 10 priority 150

CORE2#sh stand
Vlan10 - Group 10
  Local state is Standby, priority 150 priority already higher
  Hellotime 3 sec, holdtime 10 sec
  Next hello sent in 1.955
  Virtual IP address is 10.10.10.99 configured
  Active router is 10.10.10.1, priority 100 expires in 8.748
  Standby router is local but this router still on standby, this is because HSRP not 'dynamically' change, add another line to force change base on priority

CORE2(config-if)#standby 10 preempt

immediately you'll see active router change

3d19h: %STANDBY-6-STATECHANGE: Vlan10 Group 10 state Active -> Speak

Manipulating HSRP to load balancing

basically we'll create 2 gateway, and you need to divide your host into two group and each point to one gateway

here I'll just paste the running config

CORE1
interface Vlan10
 ip address 10.10.10.1 255.255.255.0
 standby 1 ip 10.10.10.10
 standby 1 priority 150
 standby 1 preempt
 standby 2 ip 10.10.10.20
 standby 2 preempt
end

CORE2
interface Vlan10
 ip address 10.10.10.2 255.255.255.0
 standby 1 ip 10.10.10.10
 standby 1 preempt
 standby 2 ip 10.10.10.20
 standby 2 priority 150
 standby 2 preempt
end

from show standby you'll see that Group 1 active on CORE1 and Group 2 active on CORE2

CORE1#sh stand
Vlan10 - Group 1
  Local state is Active, priority 150, may preempt
  Hellotime 3 sec, holdtime 10 sec
  Next hello sent in 1.609
  Virtual IP address is 10.10.10.10 configured
  Active router is local
  Standby router is 10.10.10.2 expires in 9.520
  Virtual mac address is 0000.0c07.ac01
  2 state changes, last state change 00:09:22
  IP redundancy name is "hsrp-Vl10-1" (default)
Vlan10 - Group 2
  Local state is Standby, priority 100, may preempt
  Hellotime 3 sec, holdtime 10 sec
  Next hello sent in 2.233
  Virtual IP address is 10.10.10.20 configured
  Active router is 10.10.10.2, priority 150 expires in 8.268
  Standby router is local
  4 state changes, last state change 00:05:46
  IP redundancy name is "hsrp-Vl10-2" (default)

CORE2#sh stand
Vlan10 - Group 1
  Local state is Standby, priority 100, may preempt
  Hellotime 3 sec, holdtime 10 sec
  Next hello sent in 1.560
  Virtual IP address is 10.10.10.10 configured
  Active router is 10.10.10.1, priority 150 expires in 7.608
  Standby router is local
  1 state changes, last state change 00:06:01
  IP redundancy name is "hsrp-Vl10-1" (default)
Vlan10 - Group 2
  Local state is Active, priority 150, may preempt
  Hellotime 3 sec, holdtime 10 sec
  Next hello sent in 0.550
  Virtual IP address is 10.10.10.20 configured
  Active router is local
  Standby router is 10.10.10.1 expires in 8.980
  Virtual mac address is 0000.0c07.ac02
  4 state changes, last state change 00:06:20
  IP redundancy name is "hsrp-Vl10-2" (default)

try shutdown SVI 10 on CORE2

CORE2(config)#int vlan 10
CORE2(config-if)#shut

CORE1 will be the active router for both Group

CORE1#sh stand
Vlan10 - Group 1
  Local state is Active, priority 150, may preempt
  Hellotime 3 sec, holdtime 10 sec
  Next hello sent in 0.057
  Virtual IP address is 10.10.10.10 configured
  Active router is local
  Standby router is unknown
  Virtual mac address is 0000.0c07.ac01
  2 state changes, last state change 00:14:45
  IP redundancy name is "hsrp-Vl10-1" (default)
Vlan10 - Group 2
  Local state is Active, priority 100, may preempt
  Hellotime 3 sec, holdtime 10 sec
  Next hello sent in 2.199
  Virtual IP address is 10.10.10.20 configured
  Active router is local
  Standby router is unknown
  Virtual mac address is 0000.0c07.ac02
  5 state changes, last state change 00:00:18
  IP redundancy name is "hsrp-Vl10-2" (default)

but what happen if connection on R1 down, how HSRP gonna detect that? we can use track

on CORE1 we'll keep track port Gi1/48

CORE1(config-if)#stand 1 track gigabitEthernet 1/48

on CORE2, keep track on SVI 10

CORE2(config-if)#stand 2 track vlan 19

shutdown SVI 19 to see the effect, then show standby

CORE2(config)#int vla 19
CORE2(config-if)#shut

Vlan10 - Group 2
  Local state is Active, priority 140 (confgd 150), may preempt
  Hellotime 3 sec, holdtime 10 sec
  Next hello sent in 1.184
  Virtual IP address is 10.10.10.20 configured
  Active router is local but why this is still local
  Standby router is 10.10.10.1 expires in 9.232
  Virtual mac address is 0000.0c07.ac02
  6 state changes, last state change 00:07:27
  IP redundancy name is "hsrp-Vl10-2" (default)
  Priority tracking 1 interface or object, 0 up:
    Interface or object        Decrement  State
    Vlan19                        10                Down  (administratively down) because, notice here, decrement only 10, latest value, 140, is still higher than the other side, so make sure the different between this two is no more than 10 to see the right effect

I think you should know where to adjust the priority ;) Happy Switching

Tuning HSRP - GNS3

configure PC, R1, R2 and R4 as below
PC

PC(config)#no ip routing
PC(config)#int fa 0/0
PC(config-if)#ip add 10.1.1.10 255.255.255.0
PC(config-if)#no shut

R1

R1(config)#interface fastEthernet 0/0
R1(config-if)#ip add 10.1.1.1 255.255.255.0
R1(config-if)#no shut
R1(config)#int serial 0/0
R1(config-if)#ip add 172.16.1.2 255.255.255.252
R1(config-if)#clock rate 64000
R1(config-if)#no shut
R1(config)#router eigrp 1
R1(config-router)#no auto-summary
R1(config-router)#net 0.0.0.0

R2

R2(config)#int fa 0/0
R2(config-if)#ip add 10.1.1.2 255.255.255.0
R2(config-if)#no shut
R2(config)#int ser 0/0
R2(config-if)#ip add 172.16.2.2 255.255.255.252
R2(config-if)#clock rate 64000
R2(config-if)#no shut
R2(config)#router eigrp 1
R2(config-router)#no auto-summary
R2(config-router)#net 0.0.0.0

R4

R4(config)#int ser 0/0
R4(config-if)#ip add 172.16.1.1 255.255.255.252
R4(config-if)#no shut
R4(config-if)#int ser 0/1
R4(config-if)#ip add 172.16.2.1 255.255.255.252
R4(config-if)#no shut
R4(config-if)#int lo 0
R4(config-if)#ip add 192.168.1.1 255.255.255.255
R4(config-if)#
R4(config)#router eigrp 1
R4(config-router)#no auto-summary
R4(config-router)#net 0.0.0.0

make sure PC can ping all the interfaces on R1, R2 and R4 !! if can’t, troubleshoot it accordingly

create standby interface for PC and point the PC’s gateway to this address

R1(config)#interface fastEthernet 0/0
R1(config-if)#standby 1 ip 10.1.1.99
R1(config-if)#standby 1 priority 150

done for R1. 3rd line is to set R1 to have the higher priority, default value is 100. Configure same for R2 accept the 3rd line, leave default value for R2

R2(config)#interface fastEthernet 0/0
R2(config-if)#standby 1 ip 10.1.1.99

configure default-gateway for PC

PC(config)#ip default-gateway 10.1.1.99

let’s verify our configuration are working correctly
1st let check the priority,  traceroute from PC to 172.16.2.1  result should showing as below, since we set Interface 10.1.1.1 to have the higher priority

PC#traceroute 172.16.2.1
1  10.1.1.1 20 msec 16 msec
  2 172.16.1.1 40 msec 100 msec *

R1#sh stan
FastEthernet0/0 - Group 1
  State is Active
    17 state changes, last state change 00:00:47
  Virtual IP address is 10.1.1.99
  Active virtual MAC address is 0000.0c07.ac01
    Local virtual MAC address is 0000.0c07.ac01 (default)
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 0.224 secs
  Preemption disabled
  Active router is local
  Standby router is 10.1.1.2, priority 100 (expires in 8.972 sec)
  Priority 150 (configured 150)
  IP redundancy name is "hsrp-Fa0/0-1" (default)

then make sure failover are working fine, do continuous ping to 172.16.2.1, then shutdown Int Fa 0/0 on R1, Fa 0/0 on R2 (10.1.1.2) should be the active standby router now, there should be about 10 second of down time. that’s is the default hold time before interface considered as death. later we’ll tune this value to make it shorter

Protocol [ip]:
Target IP address: 172.16.2.1
Repeat count [5]: 99999
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 99999, 100-byte ICMP Echos to 172.16.2.1, timeout is 2 seconds:
.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.....!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.
Success rate is 93 percent (104/111), round-trip min/avg/max = 24/60/100 ms

traceroute again to verify the path is thru 10.1.1.2

1 10.1.1.2 24 msec 8 msec 16 msec
2 172.16.2.1 52 msec 64 msec *

bring up again the 10.1.1.1 interface, then issue command show standby on R1, notice that 10.1.1.2 still the active standby router even we already set 10.1.1.1 to have the higher priority

R1#show standby
FastEthernet0/0 - Group 1
  State is Listen
    18 state changes, last state change 00:04:12
  Virtual IP address is 10.1.1.99
  Active virtual MAC address is 0000.0c07.ac01
    Local virtual MAC address is 0000.0c07.ac01 (default)
  Hello time 3 sec, hold time 10 sec
  Preemption disabled
  Active router is 10.1.1.2, priority 100 (expires in 9.888 sec)
  Standby router is unknown
  Priority 150 (configured 150)
  IP redundancy name is "hsrp-Fa0/0-1" (default)

to make sure the active standby go back to the primary everytime it’s come back alive again, configure as below

R1(config)#int fa 0/0
R1(config-if)#standby 1 preempt

use all the method that we already discuss above to verify all the configuration are running as it should

tune hello and holdtime, Cisco recommended to set the value of holdtime three time more than hello time

R1(config)#int fa 0/0
R1(config-if)#standby 1 timers 1 3

set the same on R2 Int Fa 0/0

verify this by continuous ping then shutdown 10.1.1.1, you’ll see shorter down time

Sending 99999, 100-byte ICMP Echos to 172.16.2.1, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!..!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.
Success rate is 97 percent (97/100), round-trip min/avg/max = 12/58/104 ms