Download Configuring High Availability with HSRP on Cisco Catalyst 3560 Switch and more Summaries Network and System Administration in PDF only on Docsity!
C H A P T E R
Catalyst 3560 Switch Software Configuration Guide 78-16404-
Configuring HSRP
This chapter describes how to use Hot Standby Router Protocol (HSRP) on the Catalyst 3560 switch to provide routing redundancy for routing IP traffic without being dependent on the availability of any single router.
Note You can also use a version of HSRP in Layer 2 mode to configure a redundant command switch to take over cluster management if the cluster command switch fails. For more information about clustering, see Chapter 5, “Clustering Switches.”
Note For complete syntax and usage information for the commands used in this chapter, refer to the switch command reference for this release and the Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services, Release 12..
This chapter consists of these sections:
- Understanding HSRP, page 34- - Configuring HSRP, page 34- - Displaying HSRP Configurations, page 34-
Understanding HSRP
HSRP is Cisco’s standard method of providing high network availability by providing first-hop redundancy for IP hosts on an IEEE 802 LAN configured with a default gateway IP address. HSRP routes IP traffic without relying on the availability of any single router. It enables a set of router interfaces to work together to present the appearance of a single virtual router or default gateway to the hosts on a LAN. When HSRP is configured on a network or segment, it provides a virtual Media Access Control (MAC) address and an IP address that is shared among a group of configured routers. HSRP allows two or more HSRP-configured routers to use the MAC address and IP network address of a virtual router. The virtual router does not exist; it represents the common target for routers that are configured to provide backup to each other. One of the routers is selected to be the active router and another to be the standby router, which assumes control of the group MAC address and IP address should the designated active router fail.
Note Routers in an HSRP group can be any router interface that supports HSRP, including Catalyst 3560 routed ports and switch virtual interfaces (SVIs).
Catalyst 3560 Switch Software Configuration Guide 78-16404-
Understanding HSRP
HSRP provides high network availability by providing redundancy for IP traffic from hosts on networks. In a group of router interfaces, the active router is the router of choice for routing packets; the standby router is the router that takes over the routing duties when an active router fails or when preset conditions are met. HSRP is useful for hosts that do not support a router discovery protocol and cannot switch to a new router when their selected router reloads or loses power. When HSRP is configured on a network segment, it provides a virtual MAC address and an IP address that is shared among router interfaces in a group of router interfaces running HSRP. The router selected by the protocol to be the active router receives and routes packets destined for the group’s MAC address. For n routers running HSRP, there are n +1 IP and MAC addresses assigned. HSRP detects when the designated active router fails, and a selected standby router assumes control of the Hot Standby group’s MAC and IP addresses. A new standby router is also selected at that time. Devices running HSRP send and receive multicast UDP-based hello packets to detect router failure and to designate active and standby routers. When HSRP is configured on an interface, Internet Control Message Protocol (ICMP) redirect messages are disabled by default for the interface. You can configure multiple Hot Standby groups among Catalyst 3560 switches that are operating in Layer 3 to make more use of the redundant routers. To do so, specify a group number for each Hot Standby command group you configure for an interface. For example, you might configure an interface on switch 1 as an active router and one on switch 2 as a standby router and also configure another interface on switch 2 as an active router with another interface on switch 1 as its standby router.
Note Cisco IOS Release 12.2(18)SE and above supports Multiple HSRP (MHSRP), an extension of HSRP that allows load sharing between two or more Hot Standby groups.
Figure 34-1 shows a segment of a network configured for HSRP. Each router is configured with the MAC address and IP network address of the virtual router. Instead of configuring hosts on the network with the IP address of Router A, you configure them with the IP address of the virtual router as their default router. When Host C sends packets to Host B, it sends them to the MAC address of the virtual router. If for any reason, Router A stops transferring packets, Router B responds to the virtual IP address and virtual MAC address and becomes the active router, assuming the active router duties. Host C continues to use the IP address of the virtual router to address packets destined for Host B, which Router B now receives and sends to Host B. Until Router A resumes operation, HSRP allows Router B to provide uninterrupted service to users on Host C’s segment that need to communicate with users on Host B’s segment and also continues to perform its normal function of handling packets between the Host A segment and Host B.
Catalyst 3560 Switch Software Configuration Guide 78-16404-
Configuring HSRP
Default HSRP Configuration
Table 34-1 shows the default HSRP configuration.
HSRP Configuration Guidelines
Follow these guidelines when configuring HSRP:
- HSRP can be configured on a maximum of 32 VLAN or routing interfaces. - In the following procedures, the specified interface must be one of these Layer 3 interfaces: - Routed port: a physical port configured as a Layer 3 port by entering the no switchport interface configuration command. - SVI: a VLAN interface created by using the interface vlan vlan_id global configuration command and by default a Layer 3 interface. - Etherchannel port channel in Layer 3 mode: a port-channel logical interface created by using the interface port-channel port-channel-number global configuration command and binding the Ethernet interface into the channel group. For more information, see the “Configuring Layer 3 EtherChannels” section on page 32-13. - All Layer 3 interfaces must have IP addresses assigned to them. See the “Configuring Layer 3 Interfaces” section on page 10-20.
Enabling HSRP
The standby ip interface configuration command activates HSRP on the configured interface. If an IP address is specified, that address is used as the designated address for the Hot Standby group. If no IP address is specified, the address is learned through the standby function. You must configure at least one routing port on the cable with the designated address. Configuring an IP address always overrides another designated address currently in use. When the standby ip command is enabled on an interface and proxy ARP is enabled, if the interface’s Hot Standby state is active, proxy ARP requests are answered using the Hot Standby group MAC address. If the interface is in a different state, proxy ARP responses are suppressed.
Table 34-1 Default HSRP Configuration
Feature Default Setting HSRP groups None configured Standby group number 0 Standby MAC address System assigned as: 0000.0c07.acXX, where XX is the HSRP group number Standby priority 100 Standby delay 0 (no delay) Standby track interface priority 10 Standby hello time 3 seconds Standby holdtime 10 seconds
Catalyst 3560 Switch Software Configuration Guide 78-16404-
Configuring HSRP
Beginning in privileged EXEC mode, follow these steps to create or enable HSRP on a Layer 3 interface:
Use the no standby [ group-number ] ip [ ip-address ] interface configuration command to disable HSRP. This example shows how to activate HSRP for group 1 on a port. The IP address used by the hot standby group is learned by using HSRP.
Note This procedure is the minimum number of steps required to enable HSRP.
Switch# configure terminal Switch(config)# interface gigabitethernet0/ Switch(config-if)# no switchport Switch(config-if)# standby 1 ip Switch(config-if)# end Switch# show standby
Configuring HSRP Group Attributes
Although HSRP can run with no other configuration required, you can configure attributes for the HSRP group, including authentication, priority, preemption and preemption delay, timers, or MAC address.
Command Purpose Step 1 (^) configure terminal Enter global configuration mode. Step 2 (^) interface interface-id Enter interface configuration mode, and enter the Layer 3 interface on which you want to enable HSRP. Step 3 (^) standby [ group-number ] ip [ ip-address [ secondary ]]
Create (or enable) the HSRP group using its number and virtual IP address.
- (Optional) group-number —The group number on the interface for which HSRP is being enabled. The range is 0 to 255; the default is 0. If there is only one HSRP group, you do not need to enter a group number. - (Optional on all but one interface) ip-address —The virtual IP address of the hot standby router interface. You must enter the virtual IP address for at least one of the interfaces; it can be learned on the other interfaces. - (Optional) secondary —The IP address is a secondary hot standby router interface. If neither router is designated as a secondary or standby router and no priorities are set, the primary IP addresses are compared and the higher IP address is the active router, with the next highest as the standby router. Step 4 (^) end Return to privileged EXEC mode. Step 5 (^) show standby [ interface-id [ group ]] Verify the configuration. Step 6 (^) copy running-config startup-config (Optional) Save your entries in the configuration file.
Catalyst 3560 Switch Software Configuration Guide 78-16404-
Configuring HSRP
Figure 34-2 MHSRP Load Sharing
This example shows Router A configured as the active router for group 1 with a priority of 110 and Router B configured as the active router for group 2 with a priority of 110. The default priority level is
- Group 1 uses a virtual IP address of 10.0.0.3 and Group 2 uses a virtual IP address of 10.0.0.4: Router A Configuration
hostname RouterA ! interface ethernet 0 ip address 10.0.0.1 255.255.255. standby 1 ip 10.0.0. standby 1 priority 110 standby 1 preempt standby 2 ip 10.0.0. standby 2 preempt
Router B Configuration
hostname RouterB ! interface ethernet 0 ip address 10.0.0.2 255.255.255. standby 1 ip 10.0.0. standby 1 preempt standby 2 ip 10.0.0. standby 2 priority 110 standby 2 preempt
Note You need to enter the standby preempt interface configuration command so that if a router fails and then comes back up, preemption occurs and restores load sharing
72343
Active router for group 1 Standby router for group 2
Client 1
E
Router A Router B
10.0.0.1 E0 10.0.0.
Active router for group 2 Standby router for group 1
Client 2 Client 3 Client 4
Catalyst 3560 Switch Software Configuration Guide 78-16404-
Configuring HSRP
Beginning in privileged EXEC mode, use one or more of these steps to configure HSRP priority characteristics on an interface:
Command Purpose
Step 1 (^) configure terminal Enter global configuration mode.
Step 2 (^) interface interface-id Enter interface configuration mode, and enter the HSRP interface on which you want to set priority.
Step 3 (^) standby [ group-number ] priority priority [ preempt [ delay delay ]]
Set a priority value used in choosing the active router. The range is 1 to 255; the default priority is 100. The highest number represents the highest priority.
- (Optional) group-number —The group number to which the command applies. - (Optional) preempt— Select so that when the local router has a higher priority than the active router, it assumes control as the active router. - (Optional) delay —Set to cause the local router to postpone taking over the active role for the shown number of seconds. The range is 0 to 36000 (1 hour); the default is 0 (no delay before taking over). Use the no form of the command to restore the default values.
Step 4 (^) standby [ group-number ] [ priority priority ] preempt [ delay delay ]
Configure the router to preempt , which means that when the local router has a higher priority than the active router, it assumes control as the active router.
- (Optional) group-number —The group number to which the command applies. - (Optional) priority —Enter to set or change the group priority. The range is 1 to 255; the default is 100. - (Optional) delay —Set to cause the local router to postpone taking over the active role for the number of seconds shown. The range is 0 to 36000 (1 hour); the default is 0 (no delay before taking over). Use the no form of the command to restore the default values.
Step 5 standby [ group-number ] track type number [ interface-priority ]
Configure an interface to track other interfaces so that if one of the other interfaces goes down, the device’s Hot Standby priority is lowered.
- (Optional) group-number —The group number to which the command applies. - type— Enter the interface type (combined with interface number) that is tracked. - number— Enter the interface number (combined with interface type) that is tracked. - (Optional) interface-priority— Enter the amount by which the hot standby priority for the router is decremented or incremented when the interface goes down or comes back up. The default value is 10.
Step 6 (^) (Optional) interface interface-id To configure Multiple HSRP (MHSRP) and enable load balancing on another router, enter the IP address of another router, and then repeat Step 3, Step 4, and Step 5.
Step 7 (^) end Return to privileged EXEC mode.
Catalyst 3560 Switch Software Configuration Guide 78-16404-
Configuring HSRP
Use the no standby [ group-number ] authentication string interface configuration command to delete an authentication string. Use the no standby [ group-number ] timers hellotime holdtime interface configuration command to restore timers to their default values. This example shows how to configure word as the authentication string required to allow Hot Standby routers in group 1 to interoperate: Switch# configure terminal Switch(config)# interface gigabitethernet0/ Switch(config-if)# no switchport Switch(config-if)# standby 1 authentication word Switch(config-if)# end Switch#
This example shows how to set the timers on standby group 1 with the time between hello packets at 5 seconds and the time after which a router is considered down to be 15 seconds: Switch# configure terminal Switch(config)# interface gigabitethernet0/ Switch(config-if)# no switchport Switch(config-if)# standby 1 ip Switch(config-if)# standby 1 timers 5 15 Switch(config-if)# end Switch#
Enabling HSRP Support for ICMP Redirect Messages
In releases earlier than Cisco IOS Release 12.2(18)SE, ICMP (Internet Control Message Protocol) redirect messages were automatically disabled on interfaces configured with HSRP. ICMP is a network layer Internet protocol that provides message packets to report errors and other information relevant to IP processing. ICMP provides diagnostic functions, such as sending and directing error packets to the host. When the switch is running HSRP, make sure hosts do not discover the interface (or real) MAC addresses of routers in the HSRP group. If a host is redirected by ICMP to the real MAC address of a router and that router later fails, packets from the host will be lost.
Step 4 (^) standby [ group-number ] timers hellotime holdtime
(Optional) Configure the time between hello packets and the time before other routers declare the active router to be down.
- group-number —The group number to which the command applies. - hellotime —The hello interval in seconds. The range is from 1 to 255; the default is 3 seconds. - holdtime —The time in seconds before the active or standby router is declared to be down. The range is from 1 to 255; the default is 10 seconds. Step 5 (^) end Return to privileged EXEC mode. Step 6 show running-config Verify the configuration of the standby groups. Step 7 (^) copy running-config startup-config (Optional) Save your entries in the configuration file.
Command Purpose
Catalyst 3560 Switch Software Configuration Guide 78-16404-
Displaying HSRP Configurations
In Cisco IOS Release 12.2(18)SE and later, ICMP redirect messages are automatically enabled on interfaces configured with HSRP. This feature filters outgoing ICMP redirect messages through HSRP, in which the next hop IP address might be changed to an HSRP virtual IP address. For more information, refer to the Cisco IOS IP Configuration Guide, Release 12..
Configuring HSRP Groups and Clustering
When a device is participating in an HSRP standby routing and clustering is enabled, you can use the same standby group for command switch redundancy and HSRP redundancy. Use the cluster standby-group HSRP-group-name [ routing-redundancy ] global configuration command to enable the same HSRP standby group to be used for command switch and routing redundancy. If you create a cluster with the same HSRP standby group name without entering the routing-redundancy keyword, HSRP standby routing is disabled for the group. This example shows how to bind standby group my_hsrp to the cluster and enable the same HSRP group to be used for command switch redundancy and router redundancy. The command can only be executed on the cluster command switch. If the standby group name or number does not exist, or if the switch is a cluster member switch, an error message appears. Switch# configure terminal Switch(config)# cluster standby-group my_hsrp routing-redundancy Switch(config)# end
Displaying HSRP Configurations
From privileged EXEC mode, use this command to display HSRP settings: show standby [ interface-id [ group ]] [ brief ] [ detail ] You can display HSRP information for the whole switch, for a specific interface, for an HSRP group, or for an HSRP group on an interface. You can also specify whether to display a concise overview of HSRP information or detailed HSRP information. The default display is detail. If there are a large number of HSRP groups, using the show standby command without qualifiers can result in an unwieldy display. This is a an example of output from the show standby privileged EXEC command, displaying HSRP information for two standby groups (group 1 and group 100): Switch# show standby VLAN1 - Group 1 Local state is Standby, priority 105, may preempt Hellotime 3 holdtime 10 Next hello sent in 00:00:02. Hot standby IP address is 10.0.0.1 configured Active router is 172.20.138.35 expires in 00:00: Standby router is local Standby virtual mac address is 0000.0c07.ac Name is bbb VLAN1 - Group 100 Local state is Active, priority 105, may preempt Hellotime 3 holdtime 10 Next hello sent in 00:00:02. Hot standby IP address is 172.20.138.51 configured Active router is local Standby router is unknown expired Standby virtual mac address is 0000.0c07.ac Name is test
