3-redundancy protocol-HSRP Configuration on Cisco IOS

In this section we will do an HSRP configuration to understand the issue better. To do this we will use the below the topology [t‘pld]. At the end ofthis article, you will find the GNS3 configuration lab of this lesson.

Before the HSRP configuration, we must prepare our topology.We will change the router names and we will assign the IP address of the routerinterfaces.

For the left side of topology, we will use 10.10.10.0/24 network, and for the right side, we will use 10.10.20.0/24 network. All the interfaces connected to the layer 2 switch will be assigned with the IP address related to its connected port. For example the fa0/0 interface of the site 1 router will be assigned the IP address 10.10.10.1 and GW1’s and GW2’s fa0/0 IP address will be 10.10.10.2 and 10.10.10.3 orderly  [‘d()l].

After interface configuration, we will configure a static route on each Site 1 and Site2. In this static route we will use two virtual IP address that we will explain in this article.This virtual address will be 10.10.10.10 and 10.10.20.20.

Site1(config)#ip route 10.10.20.0 255.255.255.0 10.10.10.10

site2(config)#ip route 10.10.10.0 255.255.255.0 10.10.20.20

Now our configuration is ready to HSRP configuration. Let’s start on side (left) on GW1 and GW2 and after that we will configure a second HSRP configuration for the other side (right)

GW1

GW1(config)#interface fa0/0

GW1(config-if)#standby 1 ip 10.10.10.10

GW1(config-if)#standby 1 preempt

GW1(config-if)#standby 1 priority 110

GW1(config-if)#standby 1 track fa0/1

GW1(config-if)#exit

GW1(config)#interface fa0/1

GW1(config-if)#standby 1 ip 10.10.20.20

GW1(config-if)#standby 1 preempt

GW1(config-if)#exit

GW2

GW2(config)#interface fa0/0

GW2(config-if)#standby 1 ip 10.10.10.10

GW2(config-if)#standby 1 preempt

GW2(config-if)#standby 1 priority 100

GW2(config-if)#standby 1 track fa0/1

GW2(config-if)#exit

GW2(config)#interface fa0/1

GW2(config-if)#standby 1 ip 10.10.20.20

GW2(config-if)#standby 1 preempt

GW2(config-if)#exit

You do not need to do this configuration for both sides, but in this configuration, we do it for both sites. After this you can check the configuration with”show standby “command on GW1 and GW2. As you see below, for both redundancy configuration GW1 is the active router and the GW2 is the standby

To check that traffic from site 1 to site2 is preferring the GW1 while it is active, do traceroute from Site1. As you can see below the nexthop will be GW1.

And like the same, when you start traceroute from Site 2 to Site1, the traffic will choose the GW1 again, because for this redundancy session, the active router is GW1 again.

When we administratively shoutdown the fa0/0 interface of GW1 for test, we see that GW2 become active become active by a console message and after that when we check the status, we see that it is active like below.

Lastly, when we start traceroute from site1 to site2 then we realize that the traffic is no longer go through GW1, but it is going through GW2.

Beside this basic configuration commands, we can also use the below command while configuring the redundancy with HSRP.

We use “preempt”command above but it is necessary to tell about something about this command.

This command is used to force a router that has higher priority become active router. By default if a higher priority router come online, it does not become active if the preempt command isnot used on it.

Another important point is “delay” command, it is used to mention the waiting time before becoming active router.

Router (config-if) standby 1 preempt delay 10

You canalso change hello and holder time with the below command.

Router (config-if) standby 1 timers 4 12

By default HSRP Hello packets are sent to the multicast address 224.0.0.2 over UDP port 1985

There can be multiple HSRP virtual IP addresses.

Router (config-if) standby 1 ip 192.168.1.5

Router (config-if) standby 1 ip 192.168.1.6 secondary

HSRP Group is also assigned a “virtual MAC address”. For HSRP Group 1, the value is 0000.0c07.ac08

Router (config-if) standby 1 mac-address 0000.0c07.ac08

Forauthentication, all the HSRP Group must be configured with the same password.

Router (config-if) standby 1 authentication CISCO

Lastly I want to refer one point, “tracking”. During HSRPusage, there can be a problem on an interface that it is critical for the connection. This interface can be other than the interface that provide standby-active routers’ connection. So, a link down in this interface cannot be realized by standby router. To overcome this issues, HSRP use “track” command that provide decreasing the priority of the router even if a specified interface become down. With this decrease, the active router is changed.

Router (config-if) standby track fa0/1 50

I hope this article will be helpful for you. Let’s continue with VRRP, the standard base redundancy protocol.

Thank you,

Arrow Yang

时间: 2024-10-10 06:01:48

3-redundancy protocol-HSRP Configuration on Cisco IOS的相关文章

Cisco IOS debug command reference

Command A through D debug aaa accounting through debug auto-config debug aaa accounting : to display information on accountable events as they occur(in privileged EXEC mode) no debug aaa accounting : to disable debugging output debug aaa authenticati

Cisco IOS Debug Command Reference E through H

debug eap through debug he-module subslot periodic debug eap : to display information about Extensible Authentication Protocol(EAP)(in privileged EXEC mode) no debug eap debug ecfmpal : to enable debugging of the data path of the Ethernet Connectivit

Cisco IOS basic system management command reference

absolute : to specify an absolute time for a time-range (in time-range configuration mode) no absolute buffer-length : to specify the maximum length of the data stream to be forwarded (in line configuration mode) no buffer-length buffers : to make ad

Cisco IOS Software Activation Command Reference

clear license agent : to clear license agent statistics counters or connection statistics (in privileged EXEC mode) debug license : to enable controlled Cisco IOS software license debugging activity on a device (in privileged EXEC mode) no debug lice

Cisco IOS Security command Guide

copy system:running-config nvram:startup-config : to save your configuration changes to the startup configuration so that the changes will not be lost if the software reloads or a power outage occurs command | {begin | include | exclude} regular-expr

Cisco IOS LAN Base、IP Base 和IP Service的区别

Details: http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-3560-x-series-switches/white_paper_c11-579326.html The LAN Base feature set offers enhanced intelligent services that include comprehensive Layer 2 features, with up-to 255 V

VRRP:virtual router redundancy protocol—虚拟路由器冗余协

VRRP:虚拟 路由器 冗余 协议virtual router redundancy protocol 路由器:确保不同的 网段互通:内网:内部不同的部门:外网:公司网络边界: 故障: 单个路由器故障,导致网络全部中断: 解决: 在网络中同时部署多个路由器: 比如: VLAN 10 : PC-1 192.168.10.1/24 192.168.10.254 =================================================================== VR

Cisco IOS及IOS XE Software DHCPv6拒绝服务漏洞 -中国寒龙出品

受影响系统:Cisco IOS 15.xCisco IOS XE 3.x描述:--------------------------------------------------------------------------------BUGTRAQ ID: 70140CVE(CAN) ID: CVE-2014-3359 Cisco IOS是多数思科系统路由器和网络交换机上使用的互联网络操作系统. Cisco IOS 15.0, 15.1, 15.2, 15.4.IOS XE 3.3.xSE,

Cisco IOS拒绝服务漏洞 -中国寒龙出品

受影响系统:Cisco IOS 15.x描述:--------------------------------------------------------------------------------BUGTRAQ ID: 70129CVE(CAN) ID: CVE-2014-3361 Cisco IOS是多数思科系统路由器和网络交换机上使用的互联网络操作系统. Cisco IOS 15.0, 15.1, 15.2, 15.4没有正确通过NAT实现SIP,在实现上存在远程拒绝服务漏洞,攻击