SlideShare una empresa de Scribd logo

Ccnp studies configuring hsrp

Descargar como DOCX, PDF
IT Tech
IT Tech

Ccnp studies configuring hsrp, Cisco CCNP, configuring hsrp

TecnologíaEducación
1 de 12
CCNP Studies: Configuring HSRP Part One Here I want to share some of my findings as I lab and demystify the various exam topics. I hope we can create some discussion in comments with those of you who are also pursuing the CCNP, and I encourage the old hands to dive in, too. HSRP is on the cards today, and I’m going to break it into two parts. I’ll tackle part one today: a single VLAN configuration. In part two, we’ll optimize the design by adding some load balancing. Ready? Let’s go! Hot Standby Router Protocol (HSRP) developed by Cisco is used to provide layer 3 gateway redundancy. Commonly found at the distribution layer, HSRP uses a virtual IP and MAC address which a backup gateway will take control of in the event of failure. HSRP uses one Active and one Standby router. The virtual IP address is configured on both the Active and the Standby. There is only one virtual IP address and virtual MAC per HSRP group. Timers HSRP sends hellos to multicast address 224.0.0.2 (the “all routers” multicast address) every 3 seconds by default. The dead timer is 10 seconds by default. Both timers can be tuned in milliseconds to ensure fast failover. If the Standby router stops seeing hello packets from the Active it will assume it is down and will take over as the Active router. Timers on all routers must match. HSRP requires layer 2 connectivity between routers. HSRP State Machine HSRP is a state machine consisting of these five states: Initial: HSRP doesn’t run. This state is seen when an interface comes up Listen: listens for hellos, knows the virtual IP Speak: sends hellos and participates in the election Standby: candidate for next active router Active: currently forwards packets sent to the virtual IP Let’s take a look at the topology we’ll be working with: http://www.router-switch.com/
We will be configuring HSRP for VLAN 50. An HSRP group number needs to be defined on the SVI for VLAN 50. Make sure VLAN 50 exists on the devices first. The group number (1 in the example below) is only significant to the interface, but it’s a good idea to use different numbers if you have a more complex topology with multiple VLANs. There can be only one Active and one Standby router per HSRP group. The Standby router will only step in if the Active fails. It’s important that the HSRP Active router is also the spanning tree root in order to avoid suboptimal paths. In this topology, we want DSW1 to be our Active router, and SW1 and SW2 should forward traffic directly to it. If spanning tree wasn’t configured to match the HSRP topology, then DSW2 could be the root switch. Traffic would flow via DSW2 to DSW1 – not what we want! Here’s the first part of the configuration: interface Vlan50 ip address 10.10.50.2 255.255.255.0 standby 1 ip 10.10.50.1 end We configure the VLAN 50 interface and then initiate HSRP specifying the virtual IP address 10.10.50.1. HSRP uses a combo of virtual IP and virtual MAC address. The MAC uses the format: 0000.0C07.ACXX (XX being the group number in hexadecimal). The virtual IP and MAC will be used by the Standby router if the Active router fails. Virtual IP address is 10.10.50.1 Active virtual MAC address is 0000.0c07.ac01 Priority We want to ensure DSW1 is always the Active router when the network is stable, so we need to configure the priorities of DSW1 and DSW2. There are two things to configure here – priority and preemption. http://www.router-switch.com/
The default HSRP priority is 100, which won’t appear in the configuration. We’ll set the priority of DSW1 to 150 (Range 0-255). DSW1(config-if)#standby 1 priority 150 Preempt An HSRP router won’t attempt to become the active router when introduced to an existing topology, even if it has a higher priority. We want DSW1 to always be the Active router if it is up and the topology is stable so we need to turn on “preempt.” Preempt will cause the router to initiate an election if it has a higher priority. If priorities are equal, the router with the highest IP address will win an election. DSW1(config-if)#standby 1 preempt If DSW1’s uplink to the core fails then comes back online, we want to ensure our routing protocol has completely converged prior to DSW1 assuming the Active role again. We can configure a preempt delay to allow time for this to happen. DSW1(config-if)#standby 1 preempt delay minimum 60 Tuning the timers Now let’s tune the timers from their defaults. As I mentioned earlier, HSRP timers can be set in seconds or milliseconds. We’re aiming for fast convergence here so we’ll set hellos at 200 and the dead timer at 600 milliseconds. DSW1(config-if)#standby 1 timers msec 200 msec 600 That’s DSW1 configured, onto DSW2: interface Vlan50 ip address 10.10.50.3 255.255.255.0 standby 1 ip 10.10.50.1 http://www.router-switch.com/
standby 1 timers msec 200 msec 600 standby 1 priority 110 end DSW2’s priority is set at 110 in order to help guarantee the topology. A third router could be added into the mix at a later stage, potentially leaving us with two routers holding priorities of 100 so it’s best to configure priority on the Standby. Okay, we’re in business! Let’s verify the config: DSW1 has a priority of 150 and is configured to Preempt (P). The Active column shows “local”, indicating DSW1 is the Active router and DSW2 (10.10.50.3) is the Standby. Here’s the output from DSW2: http://www.router-switch.com/
Interface tracking So, what we have implemented now will handle a failure if DSW1 dies completely, but what we need to do is put some tests in place so DSW2 takes over if DSW1’s uplink to the core fails. HSRP interface tracking will be used and if one of the uplinks goes down (determined by line protocol status) DSW1’s priority will be decremented by 50 causing DSW2 to take over as the Active router. DSW1(config-if)#standby 1 track fa0/24 50 Hang on, what’s missing here? DSW2 needs preempt enabled so it can assume Active http://www.router-switch.com/
status once it seems DSW1’s priority drop to 100. DSW2(config-if)#standby 1 preempt Now the Ethernet cable from fa0/24 is pulled to test the failover. Boom! There you have it, HSRP configured to serve one VLAN with tuned timers and interface tracking. Watch out for my next post where we’ll explore a more complex HSRP topology with some added load balancing. ---Original file from http://packetpushers.net/ccnp-studies-configuring-hsrp-part-one/ Part Two Welcome back! Today, we’ll continue with HSRP, working with a slightly more complex topology. If you haven’t read part one yet, you can find it here. We’re going to create a few more VLANs, and the design will be modified to add in some load balancing. Our HSRP router DSW2 is exactly the same device as DSW1, but it’s in Standby mode and could be better utilized in a larger topology. By having some of our VLAN traffic route through DSW2, we can make better use of network resources while maintaining a redundant and predictable solution. Our layer two topology plays a big part in our design, as we want to make sure we have as many links as possible in a forwarding state while ensuring loop-free connectivity. Let’s take a look at the left-hand side of the original topology from a layer two perspective. http://www.router-switch.com/
You can see that our uplink to DSW2 is blocking to avoid a loop, which is normal spanning tree behavior. However, what would be better is if we minimize the role of spanning tree by making the link between DSW1 and DSW2 layer three instead of layer two (let’s face it, spanning tree can be the devil). By doing this, both uplinks from the access layer to DSW1 and DSW2 will be forwarding (though our VLAN 50 traffic will always take the path through DSW1). There won’t be a loop at layer two providing we implement some controls on what VLANs are allowed on certain trunks, and convergence time will be reduced as there won’t be a fight over who and what port is forwarding in the event of a topology change. Cisco on best practice for optimal convergence “Only use L2 looped topologies if it cannot be avoided. In general practice, the most deterministic and best-performing networks in terms of convergence, reliability, and manageability are free from L2 loops and do not require STP to resolve convergence events under normal conditions. However, STP should be enabled to protect against unexpected loops on the access or user-facing interfaces.” See: Campus Network for High Availability Design Guide A word on asymmetric routing In order for the topology to be redundant, both DSW1 and DSW2 need to advertise the VLAN 50 subnet into the core. This will provide two equal cost return paths for traffic by default. On the return path in this scenario, some of the traffic would flow from the core to DSW1, and then to SW1, and some traffic would flow via DSW2. This is known as asymmetric routing, when traffic is routed back via a different path to the one it was sent on. (Access to Core traffic will always flow via DSW1 unless DSW2 becomes the Active HSRP router.) Depending on what packets you’re pushing around the network, you may want to configure a more predictable return path as asymmetric routing can cause problems in some environments. Having a more predictable path will make troubleshooting easier too. You can do this by tuning your routing protocol’s metric so that the route to VLAN 50 via DSW1 is preferred. Let’s take a look at the design of our new topology for VLAN 50: http://www.router-switch.com/
Both uplinks from SW1 are forwarding from a spanning tree perspective (see more detail below on VLAN control). We’ve added the layer three link between the distribution switches which has taken a much desired chunk out of spanning tree’s influence on the network. This also means that hellos between the two HSRP routers will pass via the access layer due to the layer two HSRP connectivity requirements. This isn’t a problem based on our configuration, but it would pay to review your design based on access layer switch inter-connectivity. The full topology http://www.router-switch.com/
Okay, so let’s look at the larger topology with a few more VLANs. In order to more efficiently use the hardware we’ll add load balancing by configuring VLANs 20 and 50 to use DSW1 as a gateway by making it the Active HSRP router and RSTP root for those VLANs. On the right hand side of the topology we’ll configure VLANs 80 and 100 on SW2 to use DSW2, making DSW2 the Active HSRP Router and RSTP root. Configuration of DSW1 interface Vlan20 ip address 10.10.20.2 255.255.255.0 standby 20 ip 10.10.20.1 standby 20 timers msec 200 msec 600 standby 20 priority 150 standby 20 preempt delay minimum 60 ! interface Vlan50 ip address 10.10.50.2 255.255.255.0 standby 50 ip 10.10.50.1 standby 50 timers msec 200 msec 600 standby 50 priority 150 standby 50 preempt delay minimum 60 ! interface Vlan80 ip address 10.10.80.3 255.255.255.0 standby priority 110 standby 80 ip 10.10.80.1 standby 80 timers msec 200 msec 600 standby 80 priority 110 standby 80 preempt delay minimum 60 ! interface Vlan100 ip address 10.10.100.3 255.255.255.0 standby 100 ip 10.10.100.1 standby 100 timers msec 200 msec 600 standby 100 priority 110 standby 100 preempt delay minimum 60 ! You’ll notice the standby numbers have been set to match the VLAN numbers for ease of management. The preempt delay has been kept at 60 but Cisco recommends timing the switch boot time and setting the delay value accordingly. You can reach more about this in the High Availability Design Guide I linked to above. Configuration of DSW2 interface Vlan20 ip address 10.10.20.3 255.255.255.0 http://www.router-switch.com/
standby 20 ip 10.10.20.1 standby 20 timers msec 200 msec 600 standby 20 priority 110 standby 20 preempt delay minimum 60 ! interface Vlan50 ip address 10.10.50.3 255.255.255.0 standby 50 ip 10.10.50.1 standby 50 timers msec 200 msec 600 standby 50 priority 110 standby 50 preempt delay minimum 60 ! interface Vlan80 ip address 10.10.80.2 255.255.255.0 standby 80 ip 10.10.80.1 standby 80 timers msec 200 msec 600 standby 80 priority 150 standby 80 preempt delay minimum 60 ! interface Vlan100 ip address 10.10.100.2 255.255.255.0 standby 100 ip 10.10.100.1 standby 100 timers msec 200 msec 600 standby 100 priority 150 standby 100 preempt delay minimum 60 ! Verification Looking good, but there’s just one more thing to take care of to cement the paths at layer two. If the link between SW1 and DSW1 goes down we want DSW2 to become the RSTP root, otherwise traffic could flow through SW2 at the Access layer on the right to get to DSW1. This is what could happen: http://www.router-switch.com/
To avoid this issue, we need to remove certain VLANs from trunks that don’t need to carry them. The trunk between DSW2 and SW2 shouldn’t carry traffic for VLAN 20 or 50, so we’ll remove it on DSW2: Likewise on DSW1, we remove VLANs 80 and 100 from the trunk to SW1: Authentication Finally, we’ll turn on MD5 authentication. Think back to when you last configured EIGRP authentication, because we’re going to make use of the key chain system. This configuration needs to be repeated for each VLAN on DSW1 and DSW2. You’re able to make use of the accept-lifetime and send-lifetime parameters under the key chain configuration. If you don’t have HSRP authentication configured for one of the VLANs on the other switch you’ll see: Great, we’re done for this post! But remember that you need to tune RSTP and http://www.router-switch.com/
routing protocol timers so they’re all in sync with HSRP, then convergence and re-convergence will be seamless. Interface or object tracking should also be configured to decrements links and change Active/Standby router accordingly. There are many ways you can adjust your design for different business requirements so get creative! To be continued: http://packetpushers.net/ccnp-studies-configuring-hsrp-part-two/ More Cisco and Networking Tutorials and Tips you can visit: http://blog.router-switch.com/ http://www.router-switch.com/

Recomendados

Ch10 Firewall it-slideshares.blogspot.com
Ch10 Firewall it-slideshares.blogspot.comCh10 Firewall it-slideshares.blogspot.com
Ch10 Firewall it-slideshares.blogspot.comphanleson
 
Firewall Rule Review and Modelling
Firewall Rule Review and ModellingFirewall Rule Review and Modelling
Firewall Rule Review and ModellingMarc Ruef
 
Firewall girija ppt
Firewall girija pptFirewall girija ppt
Firewall girija pptGirija Sankar Dash
 
Network security
Network security Network security
Network securityVikas Jagtap
 
Internet Access Via Cable Network
Internet Access Via Cable NetworkInternet Access Via Cable Network
Internet Access Via Cable NetworkSonal Patil
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security PresentationAllan Pratt MBA
 
Cisco ip phone key expansion module setup
Cisco ip phone key expansion module setupCisco ip phone key expansion module setup
Cisco ip phone key expansion module setupIT Tech
 
Cisco catalyst 9200 series platform spec, licenses, transition guide
Cisco catalyst 9200 series platform spec, licenses, transition guideCisco catalyst 9200 series platform spec, licenses, transition guide
Cisco catalyst 9200 series platform spec, licenses, transition guideIT Tech
 

Recomendados

Ch10 Firewall it-slideshares.blogspot.com
Ch10 Firewall it-slideshares.blogspot.comCh10 Firewall it-slideshares.blogspot.com
Ch10 Firewall it-slideshares.blogspot.comphanleson
 
Firewall Rule Review and Modelling
Firewall Rule Review and ModellingFirewall Rule Review and Modelling
Firewall Rule Review and ModellingMarc Ruef
 
Firewall girija ppt
Firewall girija pptFirewall girija ppt
Firewall girija pptGirija Sankar Dash
 
Network security
Network security Network security
Network securityVikas Jagtap
 
Internet Access Via Cable Network
Internet Access Via Cable NetworkInternet Access Via Cable Network
Internet Access Via Cable NetworkSonal Patil
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security PresentationAllan Pratt MBA
 
Cisco ip phone key expansion module setup
Cisco ip phone key expansion module setupCisco ip phone key expansion module setup
Cisco ip phone key expansion module setupIT Tech
 
Cisco catalyst 9200 series platform spec, licenses, transition guide
Cisco catalyst 9200 series platform spec, licenses, transition guideCisco catalyst 9200 series platform spec, licenses, transition guide
Cisco catalyst 9200 series platform spec, licenses, transition guideIT Tech
 
Cisco isr 900 series highlights, platform specs, licenses, transition guide
Cisco isr 900 series highlights, platform specs, licenses, transition guideCisco isr 900 series highlights, platform specs, licenses, transition guide
Cisco isr 900 series highlights, platform specs, licenses, transition guideIT Tech
 
Hpe pro liant gen9 to gen10 server transition guide
Hpe pro liant gen9 to gen10 server transition guideHpe pro liant gen9 to gen10 server transition guide
Hpe pro liant gen9 to gen10 server transition guideIT Tech
 
The new cisco isr 4461 faq
The new cisco isr 4461 faqThe new cisco isr 4461 faq
The new cisco isr 4461 faqIT Tech
 
New nexus 400 gigabit ethernet (400 g) switches
New nexus 400 gigabit ethernet (400 g) switchesNew nexus 400 gigabit ethernet (400 g) switches
New nexus 400 gigabit ethernet (400 g) switchesIT Tech
 
Tested cisco isr 1100 delivers the richest set of wi-fi features
Tested cisco isr 1100 delivers the richest set of wi-fi featuresTested cisco isr 1100 delivers the richest set of wi-fi features
Tested cisco isr 1100 delivers the richest set of wi-fi featuresIT Tech
 
Aruba campus and branch switching solution
Aruba campus and branch switching solutionAruba campus and branch switching solution
Aruba campus and branch switching solutionIT Tech
 
Cisco transceiver module for compatible catalyst switches
Cisco transceiver module for compatible catalyst switchesCisco transceiver module for compatible catalyst switches
Cisco transceiver module for compatible catalyst switchesIT Tech
 
Cisco ios on cisco catalyst switches
Cisco ios on cisco catalyst switchesCisco ios on cisco catalyst switches
Cisco ios on cisco catalyst switchesIT Tech
 
Cisco's wireless solutions deployment modes
Cisco's wireless solutions deployment modesCisco's wireless solutions deployment modes
Cisco's wireless solutions deployment modesIT Tech
 
Competitive switching comparison cisco vs. hpe aruba vs. huawei vs. dell
Competitive switching comparison cisco vs. hpe aruba vs. huawei vs. dellCompetitive switching comparison cisco vs. hpe aruba vs. huawei vs. dell
Competitive switching comparison cisco vs. hpe aruba vs. huawei vs. dellIT Tech
 
Four reasons to consider the all in-one isr 1000
Four reasons to consider the all in-one isr 1000Four reasons to consider the all in-one isr 1000
Four reasons to consider the all in-one isr 1000IT Tech
 
The difference between yellow and white labeled ports on a nexus 2300 series fex
The difference between yellow and white labeled ports on a nexus 2300 series fexThe difference between yellow and white labeled ports on a nexus 2300 series fex
The difference between yellow and white labeled ports on a nexus 2300 series fexIT Tech
 
Cisco transceiver modules for compatible cisco switches series
Cisco transceiver modules for compatible cisco switches seriesCisco transceiver modules for compatible cisco switches series
Cisco transceiver modules for compatible cisco switches seriesIT Tech
 
Guide to the new cisco firepower 2100 series
Guide to the new cisco firepower 2100 seriesGuide to the new cisco firepower 2100 series
Guide to the new cisco firepower 2100 seriesIT Tech
 
892 f sfp configuration example
892 f sfp configuration example892 f sfp configuration example
892 f sfp configuration exampleIT Tech
 
Cisco nexus 7000 and nexus 7700
Cisco nexus 7000 and nexus 7700Cisco nexus 7000 and nexus 7700
Cisco nexus 7000 and nexus 7700IT Tech
 
Cisco firepower ngips series migration options
Cisco firepower ngips series migration optionsCisco firepower ngips series migration options
Cisco firepower ngips series migration optionsIT Tech
 
Eol transceiver to replacement model
Eol transceiver to replacement modelEol transceiver to replacement model
Eol transceiver to replacement modelIT Tech
 
Cisco firepower 2100 series, as a ngfw or a ngips
Cisco firepower 2100 series, as a ngfw or a ngipsCisco firepower 2100 series, as a ngfw or a ngips
Cisco firepower 2100 series, as a ngfw or a ngipsIT Tech
 
16 questions of cisco sfp 10 g-sr...
16 questions of cisco sfp 10 g-sr...16 questions of cisco sfp 10 g-sr...
16 questions of cisco sfp 10 g-sr...IT Tech
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 

Más contenido relacionado

Más de IT Tech

Cisco isr 900 series highlights, platform specs, licenses, transition guide
Cisco isr 900 series highlights, platform specs, licenses, transition guideCisco isr 900 series highlights, platform specs, licenses, transition guide
Cisco isr 900 series highlights, platform specs, licenses, transition guideIT Tech
 
Hpe pro liant gen9 to gen10 server transition guide
Hpe pro liant gen9 to gen10 server transition guideHpe pro liant gen9 to gen10 server transition guide
Hpe pro liant gen9 to gen10 server transition guideIT Tech
 
The new cisco isr 4461 faq
The new cisco isr 4461 faqThe new cisco isr 4461 faq
The new cisco isr 4461 faqIT Tech
 
New nexus 400 gigabit ethernet (400 g) switches
New nexus 400 gigabit ethernet (400 g) switchesNew nexus 400 gigabit ethernet (400 g) switches
New nexus 400 gigabit ethernet (400 g) switchesIT Tech
 
Tested cisco isr 1100 delivers the richest set of wi-fi features
Tested cisco isr 1100 delivers the richest set of wi-fi featuresTested cisco isr 1100 delivers the richest set of wi-fi features
Tested cisco isr 1100 delivers the richest set of wi-fi featuresIT Tech
 
Aruba campus and branch switching solution
Aruba campus and branch switching solutionAruba campus and branch switching solution
Aruba campus and branch switching solutionIT Tech
 
Cisco transceiver module for compatible catalyst switches
Cisco transceiver module for compatible catalyst switchesCisco transceiver module for compatible catalyst switches
Cisco transceiver module for compatible catalyst switchesIT Tech
 
Cisco ios on cisco catalyst switches
Cisco ios on cisco catalyst switchesCisco ios on cisco catalyst switches
Cisco ios on cisco catalyst switchesIT Tech
 
Cisco's wireless solutions deployment modes
Cisco's wireless solutions deployment modesCisco's wireless solutions deployment modes
Cisco's wireless solutions deployment modesIT Tech
 
Competitive switching comparison cisco vs. hpe aruba vs. huawei vs. dell
Competitive switching comparison cisco vs. hpe aruba vs. huawei vs. dellCompetitive switching comparison cisco vs. hpe aruba vs. huawei vs. dell
Competitive switching comparison cisco vs. hpe aruba vs. huawei vs. dellIT Tech
 
Four reasons to consider the all in-one isr 1000
Four reasons to consider the all in-one isr 1000Four reasons to consider the all in-one isr 1000
Four reasons to consider the all in-one isr 1000IT Tech
 
The difference between yellow and white labeled ports on a nexus 2300 series fex
The difference between yellow and white labeled ports on a nexus 2300 series fexThe difference between yellow and white labeled ports on a nexus 2300 series fex
The difference between yellow and white labeled ports on a nexus 2300 series fexIT Tech
 
Cisco transceiver modules for compatible cisco switches series
Cisco transceiver modules for compatible cisco switches seriesCisco transceiver modules for compatible cisco switches series
Cisco transceiver modules for compatible cisco switches seriesIT Tech
 
Guide to the new cisco firepower 2100 series
Guide to the new cisco firepower 2100 seriesGuide to the new cisco firepower 2100 series
Guide to the new cisco firepower 2100 seriesIT Tech
 
892 f sfp configuration example
892 f sfp configuration example892 f sfp configuration example
892 f sfp configuration exampleIT Tech
 
Cisco nexus 7000 and nexus 7700
Cisco nexus 7000 and nexus 7700Cisco nexus 7000 and nexus 7700
Cisco nexus 7000 and nexus 7700IT Tech
 
Cisco firepower ngips series migration options
Cisco firepower ngips series migration optionsCisco firepower ngips series migration options
Cisco firepower ngips series migration optionsIT Tech
 
Eol transceiver to replacement model
Eol transceiver to replacement modelEol transceiver to replacement model
Eol transceiver to replacement modelIT Tech
 
Cisco firepower 2100 series, as a ngfw or a ngips
Cisco firepower 2100 series, as a ngfw or a ngipsCisco firepower 2100 series, as a ngfw or a ngips
Cisco firepower 2100 series, as a ngfw or a ngipsIT Tech
 
16 questions of cisco sfp 10 g-sr...
16 questions of cisco sfp 10 g-sr...16 questions of cisco sfp 10 g-sr...
16 questions of cisco sfp 10 g-sr...IT Tech
 

Más de IT Tech (20)

Cisco isr 900 series highlights, platform specs, licenses, transition guide
Cisco isr 900 series highlights, platform specs, licenses, transition guideCisco isr 900 series highlights, platform specs, licenses, transition guide
Cisco isr 900 series highlights, platform specs, licenses, transition guide
 
Hpe pro liant gen9 to gen10 server transition guide
Hpe pro liant gen9 to gen10 server transition guideHpe pro liant gen9 to gen10 server transition guide
Hpe pro liant gen9 to gen10 server transition guide
 
The new cisco isr 4461 faq
The new cisco isr 4461 faqThe new cisco isr 4461 faq
The new cisco isr 4461 faq
 
New nexus 400 gigabit ethernet (400 g) switches
New nexus 400 gigabit ethernet (400 g) switchesNew nexus 400 gigabit ethernet (400 g) switches
New nexus 400 gigabit ethernet (400 g) switches
 
Tested cisco isr 1100 delivers the richest set of wi-fi features
Tested cisco isr 1100 delivers the richest set of wi-fi featuresTested cisco isr 1100 delivers the richest set of wi-fi features
Tested cisco isr 1100 delivers the richest set of wi-fi features
 
Aruba campus and branch switching solution
Aruba campus and branch switching solutionAruba campus and branch switching solution
Aruba campus and branch switching solution
 
Cisco transceiver module for compatible catalyst switches
Cisco transceiver module for compatible catalyst switchesCisco transceiver module for compatible catalyst switches
Cisco transceiver module for compatible catalyst switches
 
Cisco ios on cisco catalyst switches
Cisco ios on cisco catalyst switchesCisco ios on cisco catalyst switches
Cisco ios on cisco catalyst switches
 
Cisco's wireless solutions deployment modes
Cisco's wireless solutions deployment modesCisco's wireless solutions deployment modes
Cisco's wireless solutions deployment modes
 
Competitive switching comparison cisco vs. hpe aruba vs. huawei vs. dell
Competitive switching comparison cisco vs. hpe aruba vs. huawei vs. dellCompetitive switching comparison cisco vs. hpe aruba vs. huawei vs. dell
Competitive switching comparison cisco vs. hpe aruba vs. huawei vs. dell
 
Four reasons to consider the all in-one isr 1000
Four reasons to consider the all in-one isr 1000Four reasons to consider the all in-one isr 1000
Four reasons to consider the all in-one isr 1000
 
The difference between yellow and white labeled ports on a nexus 2300 series fex
The difference between yellow and white labeled ports on a nexus 2300 series fexThe difference between yellow and white labeled ports on a nexus 2300 series fex
The difference between yellow and white labeled ports on a nexus 2300 series fex
 
Cisco transceiver modules for compatible cisco switches series
Cisco transceiver modules for compatible cisco switches seriesCisco transceiver modules for compatible cisco switches series
Cisco transceiver modules for compatible cisco switches series
 
Guide to the new cisco firepower 2100 series
Guide to the new cisco firepower 2100 seriesGuide to the new cisco firepower 2100 series
Guide to the new cisco firepower 2100 series
 
892 f sfp configuration example
892 f sfp configuration example892 f sfp configuration example
892 f sfp configuration example
 
Cisco nexus 7000 and nexus 7700
Cisco nexus 7000 and nexus 7700Cisco nexus 7000 and nexus 7700
Cisco nexus 7000 and nexus 7700
 
Cisco firepower ngips series migration options
Cisco firepower ngips series migration optionsCisco firepower ngips series migration options
Cisco firepower ngips series migration options
 
Eol transceiver to replacement model
Eol transceiver to replacement modelEol transceiver to replacement model
Eol transceiver to replacement model
 
Cisco firepower 2100 series, as a ngfw or a ngips
Cisco firepower 2100 series, as a ngfw or a ngipsCisco firepower 2100 series, as a ngfw or a ngips
Cisco firepower 2100 series, as a ngfw or a ngips
 
16 questions of cisco sfp 10 g-sr...
16 questions of cisco sfp 10 g-sr...16 questions of cisco sfp 10 g-sr...
16 questions of cisco sfp 10 g-sr...
 

Último

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 

Último (20)

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 

Ccnp studies configuring hsrp

  • 1. CCNP Studies: Configuring HSRP Part One Here I want to share some of my findings as I lab and demystify the various exam topics. I hope we can create some discussion in comments with those of you who are also pursuing the CCNP, and I encourage the old hands to dive in, too. HSRP is on the cards today, and I’m going to break it into two parts. I’ll tackle part one today: a single VLAN configuration. In part two, we’ll optimize the design by adding some load balancing. Ready? Let’s go! Hot Standby Router Protocol (HSRP) developed by Cisco is used to provide layer 3 gateway redundancy. Commonly found at the distribution layer, HSRP uses a virtual IP and MAC address which a backup gateway will take control of in the event of failure. HSRP uses one Active and one Standby router. The virtual IP address is configured on both the Active and the Standby. There is only one virtual IP address and virtual MAC per HSRP group. Timers HSRP sends hellos to multicast address 224.0.0.2 (the “all routers” multicast address) every 3 seconds by default. The dead timer is 10 seconds by default. Both timers can be tuned in milliseconds to ensure fast failover. If the Standby router stops seeing hello packets from the Active it will assume it is down and will take over as the Active router. Timers on all routers must match. HSRP requires layer 2 connectivity between routers. HSRP State Machine HSRP is a state machine consisting of these five states: Initial: HSRP doesn’t run. This state is seen when an interface comes up Listen: listens for hellos, knows the virtual IP Speak: sends hellos and participates in the election Standby: candidate for next active router Active: currently forwards packets sent to the virtual IP Let’s take a look at the topology we’ll be working with: http://www.router-switch.com/
  • 2. We will be configuring HSRP for VLAN 50. An HSRP group number needs to be defined on the SVI for VLAN 50. Make sure VLAN 50 exists on the devices first. The group number (1 in the example below) is only significant to the interface, but it’s a good idea to use different numbers if you have a more complex topology with multiple VLANs. There can be only one Active and one Standby router per HSRP group. The Standby router will only step in if the Active fails. It’s important that the HSRP Active router is also the spanning tree root in order to avoid suboptimal paths. In this topology, we want DSW1 to be our Active router, and SW1 and SW2 should forward traffic directly to it. If spanning tree wasn’t configured to match the HSRP topology, then DSW2 could be the root switch. Traffic would flow via DSW2 to DSW1 – not what we want! Here’s the first part of the configuration: interface Vlan50 ip address 10.10.50.2 255.255.255.0 standby 1 ip 10.10.50.1 end We configure the VLAN 50 interface and then initiate HSRP specifying the virtual IP address 10.10.50.1. HSRP uses a combo of virtual IP and virtual MAC address. The MAC uses the format: 0000.0C07.ACXX (XX being the group number in hexadecimal). The virtual IP and MAC will be used by the Standby router if the Active router fails. Virtual IP address is 10.10.50.1 Active virtual MAC address is 0000.0c07.ac01 Priority We want to ensure DSW1 is always the Active router when the network is stable, so we need to configure the priorities of DSW1 and DSW2. There are two things to configure here – priority and preemption. http://www.router-switch.com/
  • 3. The default HSRP priority is 100, which won’t appear in the configuration. We’ll set the priority of DSW1 to 150 (Range 0-255). DSW1(config-if)#standby 1 priority 150 Preempt An HSRP router won’t attempt to become the active router when introduced to an existing topology, even if it has a higher priority. We want DSW1 to always be the Active router if it is up and the topology is stable so we need to turn on “preempt.” Preempt will cause the router to initiate an election if it has a higher priority. If priorities are equal, the router with the highest IP address will win an election. DSW1(config-if)#standby 1 preempt If DSW1’s uplink to the core fails then comes back online, we want to ensure our routing protocol has completely converged prior to DSW1 assuming the Active role again. We can configure a preempt delay to allow time for this to happen. DSW1(config-if)#standby 1 preempt delay minimum 60 Tuning the timers Now let’s tune the timers from their defaults. As I mentioned earlier, HSRP timers can be set in seconds or milliseconds. We’re aiming for fast convergence here so we’ll set hellos at 200 and the dead timer at 600 milliseconds. DSW1(config-if)#standby 1 timers msec 200 msec 600 That’s DSW1 configured, onto DSW2: interface Vlan50 ip address 10.10.50.3 255.255.255.0 standby 1 ip 10.10.50.1 http://www.router-switch.com/
  • 4. standby 1 timers msec 200 msec 600 standby 1 priority 110 end DSW2’s priority is set at 110 in order to help guarantee the topology. A third router could be added into the mix at a later stage, potentially leaving us with two routers holding priorities of 100 so it’s best to configure priority on the Standby. Okay, we’re in business! Let’s verify the config: DSW1 has a priority of 150 and is configured to Preempt (P). The Active column shows “local”, indicating DSW1 is the Active router and DSW2 (10.10.50.3) is the Standby. Here’s the output from DSW2: http://www.router-switch.com/
  • 5. Interface tracking So, what we have implemented now will handle a failure if DSW1 dies completely, but what we need to do is put some tests in place so DSW2 takes over if DSW1’s uplink to the core fails. HSRP interface tracking will be used and if one of the uplinks goes down (determined by line protocol status) DSW1’s priority will be decremented by 50 causing DSW2 to take over as the Active router. DSW1(config-if)#standby 1 track fa0/24 50 Hang on, what’s missing here? DSW2 needs preempt enabled so it can assume Active http://www.router-switch.com/
  • 6. status once it seems DSW1’s priority drop to 100. DSW2(config-if)#standby 1 preempt Now the Ethernet cable from fa0/24 is pulled to test the failover. Boom! There you have it, HSRP configured to serve one VLAN with tuned timers and interface tracking. Watch out for my next post where we’ll explore a more complex HSRP topology with some added load balancing. ---Original file from http://packetpushers.net/ccnp-studies-configuring-hsrp-part-one/ Part Two Welcome back! Today, we’ll continue with HSRP, working with a slightly more complex topology. If you haven’t read part one yet, you can find it here. We’re going to create a few more VLANs, and the design will be modified to add in some load balancing. Our HSRP router DSW2 is exactly the same device as DSW1, but it’s in Standby mode and could be better utilized in a larger topology. By having some of our VLAN traffic route through DSW2, we can make better use of network resources while maintaining a redundant and predictable solution. Our layer two topology plays a big part in our design, as we want to make sure we have as many links as possible in a forwarding state while ensuring loop-free connectivity. Let’s take a look at the left-hand side of the original topology from a layer two perspective. http://www.router-switch.com/
  • 7. You can see that our uplink to DSW2 is blocking to avoid a loop, which is normal spanning tree behavior. However, what would be better is if we minimize the role of spanning tree by making the link between DSW1 and DSW2 layer three instead of layer two (let’s face it, spanning tree can be the devil). By doing this, both uplinks from the access layer to DSW1 and DSW2 will be forwarding (though our VLAN 50 traffic will always take the path through DSW1). There won’t be a loop at layer two providing we implement some controls on what VLANs are allowed on certain trunks, and convergence time will be reduced as there won’t be a fight over who and what port is forwarding in the event of a topology change. Cisco on best practice for optimal convergence “Only use L2 looped topologies if it cannot be avoided. In general practice, the most deterministic and best-performing networks in terms of convergence, reliability, and manageability are free from L2 loops and do not require STP to resolve convergence events under normal conditions. However, STP should be enabled to protect against unexpected loops on the access or user-facing interfaces.” See: Campus Network for High Availability Design Guide A word on asymmetric routing In order for the topology to be redundant, both DSW1 and DSW2 need to advertise the VLAN 50 subnet into the core. This will provide two equal cost return paths for traffic by default. On the return path in this scenario, some of the traffic would flow from the core to DSW1, and then to SW1, and some traffic would flow via DSW2. This is known as asymmetric routing, when traffic is routed back via a different path to the one it was sent on. (Access to Core traffic will always flow via DSW1 unless DSW2 becomes the Active HSRP router.) Depending on what packets you’re pushing around the network, you may want to configure a more predictable return path as asymmetric routing can cause problems in some environments. Having a more predictable path will make troubleshooting easier too. You can do this by tuning your routing protocol’s metric so that the route to VLAN 50 via DSW1 is preferred. Let’s take a look at the design of our new topology for VLAN 50: http://www.router-switch.com/
  • 8. Both uplinks from SW1 are forwarding from a spanning tree perspective (see more detail below on VLAN control). We’ve added the layer three link between the distribution switches which has taken a much desired chunk out of spanning tree’s influence on the network. This also means that hellos between the two HSRP routers will pass via the access layer due to the layer two HSRP connectivity requirements. This isn’t a problem based on our configuration, but it would pay to review your design based on access layer switch inter-connectivity. The full topology http://www.router-switch.com/
  • 9. Okay, so let’s look at the larger topology with a few more VLANs. In order to more efficiently use the hardware we’ll add load balancing by configuring VLANs 20 and 50 to use DSW1 as a gateway by making it the Active HSRP router and RSTP root for those VLANs. On the right hand side of the topology we’ll configure VLANs 80 and 100 on SW2 to use DSW2, making DSW2 the Active HSRP Router and RSTP root. Configuration of DSW1 interface Vlan20 ip address 10.10.20.2 255.255.255.0 standby 20 ip 10.10.20.1 standby 20 timers msec 200 msec 600 standby 20 priority 150 standby 20 preempt delay minimum 60 ! interface Vlan50 ip address 10.10.50.2 255.255.255.0 standby 50 ip 10.10.50.1 standby 50 timers msec 200 msec 600 standby 50 priority 150 standby 50 preempt delay minimum 60 ! interface Vlan80 ip address 10.10.80.3 255.255.255.0 standby priority 110 standby 80 ip 10.10.80.1 standby 80 timers msec 200 msec 600 standby 80 priority 110 standby 80 preempt delay minimum 60 ! interface Vlan100 ip address 10.10.100.3 255.255.255.0 standby 100 ip 10.10.100.1 standby 100 timers msec 200 msec 600 standby 100 priority 110 standby 100 preempt delay minimum 60 ! You’ll notice the standby numbers have been set to match the VLAN numbers for ease of management. The preempt delay has been kept at 60 but Cisco recommends timing the switch boot time and setting the delay value accordingly. You can reach more about this in the High Availability Design Guide I linked to above. Configuration of DSW2 interface Vlan20 ip address 10.10.20.3 255.255.255.0 http://www.router-switch.com/
  • 10. standby 20 ip 10.10.20.1 standby 20 timers msec 200 msec 600 standby 20 priority 110 standby 20 preempt delay minimum 60 ! interface Vlan50 ip address 10.10.50.3 255.255.255.0 standby 50 ip 10.10.50.1 standby 50 timers msec 200 msec 600 standby 50 priority 110 standby 50 preempt delay minimum 60 ! interface Vlan80 ip address 10.10.80.2 255.255.255.0 standby 80 ip 10.10.80.1 standby 80 timers msec 200 msec 600 standby 80 priority 150 standby 80 preempt delay minimum 60 ! interface Vlan100 ip address 10.10.100.2 255.255.255.0 standby 100 ip 10.10.100.1 standby 100 timers msec 200 msec 600 standby 100 priority 150 standby 100 preempt delay minimum 60 ! Verification Looking good, but there’s just one more thing to take care of to cement the paths at layer two. If the link between SW1 and DSW1 goes down we want DSW2 to become the RSTP root, otherwise traffic could flow through SW2 at the Access layer on the right to get to DSW1. This is what could happen: http://www.router-switch.com/
  • 11. To avoid this issue, we need to remove certain VLANs from trunks that don’t need to carry them. The trunk between DSW2 and SW2 shouldn’t carry traffic for VLAN 20 or 50, so we’ll remove it on DSW2: Likewise on DSW1, we remove VLANs 80 and 100 from the trunk to SW1: Authentication Finally, we’ll turn on MD5 authentication. Think back to when you last configured EIGRP authentication, because we’re going to make use of the key chain system. This configuration needs to be repeated for each VLAN on DSW1 and DSW2. You’re able to make use of the accept-lifetime and send-lifetime parameters under the key chain configuration. If you don’t have HSRP authentication configured for one of the VLANs on the other switch you’ll see: Great, we’re done for this post! But remember that you need to tune RSTP and http://www.router-switch.com/
  • 12. routing protocol timers so they’re all in sync with HSRP, then convergence and re-convergence will be seamless. Interface or object tracking should also be configured to decrements links and change Active/Standby router accordingly. There are many ways you can adjust your design for different business requirements so get creative! To be continued: http://packetpushers.net/ccnp-studies-configuring-hsrp-part-two/ More Cisco and Networking Tutorials and Tips you can visit: http://blog.router-switch.com/ http://www.router-switch.com/