What is HSRP?
HSRP Hot Standby Router Protocol is a redundancy protocol for setting up a fault-tolerant default gateway in a LAN environment. This is a Cisco proprietary protocol. The standard protocol is VRRP (Virtual Router Redundancy Protocol)
The primary router with the highest configured priority operates as a virtual router with a virtual gateway IP address. It responds to the ARP request from PC or servers connected to the LAN with the MAC address 0000.0c07.acXX where XX is the HSRP group ID (converted to a hexadecimal value). If the primary router or CORE1 switch should fail, the Cisco router with the next-highest priority available in the LAN segment would take over the gateway IP address and answer ARP requests with the same mac address, thus achieving transparent default gateway failover.
Task for Configuration of HSRP
- Configure ISP1 router Interface fa0/0 IP add 192.168.1.1/24
- Configure ISP1 router Interface fa0/0 IP add 192.168.1.1/24
- Configure Loopbacks Interfaces on both Routers
- Loopback 1 IP 8.8.8.8
Loopback 2 IP 4.2.2.2
Loopback 3 IP 8.8.4.4 - Configure CORE1 Switch Interface Gi0/3 IP add 192.168.1.2/24 and CORE2 Switch Gi0/3 IP add 1962.168.2.2/24
- Change Host Name according to Topology
- Configure VLAN 10 and 20 and Trunk Ports on all Switches. VLAN 10 is Managment VLAN.
- Configure AC1 Gi0/3 port in VLAN 10 and AC2 port in VLAN 20
- Configure SVI interfaces on CORE1
- For VLAN 10 IP address 10.1.10.1/24 and for VLAN 20 IP Address 10.1.20.1/24
- Configure SVI interfaces on CORE2
- For VLAN 10 IP address 10.1.10.2/24 and for VLAN 20 IP Address 10.1.20.2/24
- On AC1 and AC2 SVI interface 10.1.10.3/24 for AC1 and 10.1.10.4/24 for AC2
- Configure PC1 and PC2 IP address and Gateway address displaying in diagram
- Configure CORE1 and CORE2 HSRP Standby Group 10 for VLAN 10
- The virtual IP Address should be 10.1.10.254/24
- Configure CORE1 and CORE2 HSRP Standby Group 20 for VLAN 20
- The virtual IP Address should be 10.1.20.254/24
- CORE1 should be the Active Switch fro VLAN 10 and CORE2 Backup
- CORE2 should be the Active Switch fro VLAN 20 and CORE1 Backup
- Hello, packets should be sent every 3 seconds.
- Make sure the switches with the highest priority will always be the active
- Configure authentication for HSRP, use password “cisco”
- When the HSRP active router’s Gi0/3 interface goes down, make sure it’s no longer the active HSRP switch on both CORE Switches.
- Ensure you can ping the loopbacks of the ISP router from the PCs.
- Ensure that whenever 1 out of 2 Switches are down, the Host router still has connectivity to the ISP.
HSRP configuration using Cisco IOSv-L2 Switch on GNS3
Configuration of HSRP
ISP1(config)#interface FastEthernet 0/0
ISP1(config-if)#ip address 192.168.1.1 255.25.255.0
ISP1(config-if) no shutdown
ISP1(config)#interface loopback 1
ISP1(config-if)#ip address 8.8.8.8.8 255.255.255.255
ISP1(config)#interface loopback 2
ISP1(config-if)#ip address 8.8.4.4 255.255.255.255
ISP1(config)#interface loopback 3
ISP1(config-if)#ip address 4.2.2.2 255.255.255.255
ISP1(config-if)#ip address 192.168.1.1 255.25.255.0
ISP1(config-if) no shutdown
ISP1(config)#interface loopback 1
ISP1(config-if)#ip address 8.8.8.8.8 255.255.255.255
ISP1(config)#interface loopback 2
ISP1(config-if)#ip address 8.8.4.4 255.255.255.255
ISP1(config)#interface loopback 3
ISP1(config-if)#ip address 4.2.2.2 255.255.255.255
Static Route for 10.1.10.0/24 and 10.1.20.0/24 network
ISP1(config)#ip route 10.1.10.0 255.255.255.0 192.168.1.2
ISP1(config)#ip route 10.1.20.0 255.255.255.0 192.168.1.2
ISP1(config)#ip route 10.1.10.0 255.255.255.0 192.168.1.2
ISP1(config)#ip route 10.1.20.0 255.255.255.0 192.168.1.2
ISP2(config)#interface FastEthernet 0/0
ISP2(config-if)#ip address 192.168.2.1 255.25.255.0
ISP2(config-if) no shutdown
ISP2(config)#interface loopback 1
ISP2(config-if)#ip address 8.8.8.8.8 255.255.255.255
ISP2(config)#interface loopback 2
ISP2(config-if)#ip address 8.8.4.4 255.255.255.255
ISP2(config)#interface loopback 3
ISP2(config-if)#ip address 4.2.2.2 255.255.255.255
ISP2(config-if)#ip address 192.168.2.1 255.25.255.0
ISP2(config-if) no shutdown
ISP2(config)#interface loopback 1
ISP2(config-if)#ip address 8.8.8.8.8 255.255.255.255
ISP2(config)#interface loopback 2
ISP2(config-if)#ip address 8.8.4.4 255.255.255.255
ISP2(config)#interface loopback 3
ISP2(config-if)#ip address 4.2.2.2 255.255.255.255
Static Route for 10.1.10.0/24 and 10.1.20.0/24 network
ISP2(config)#ip route 10.1.10.0 255.255.255.0 192.168.1.2
ISP2(config)#ip route 10.1.20.0 255.255.255.0 192.168.1.2
ISP2(config)#ip route 10.1.10.0 255.255.255.0 192.168.1.2
ISP2(config)#ip route 10.1.20.0 255.255.255.0 192.168.1.2
CORE1(config)#interface GigabitEthernet0/3
CORE1(config-if)#no switchport
CORE1(config-if)#ip address 192.168.1.2 255.255.255.0
CORE1(config-if)#no switchport
CORE1(config-if)#ip address 192.168.1.2 255.255.255.0
Create VLAN 10,20, and configure Access and trunk ports between on all switches click here for learning how to create VLANs and Trunk ports.
Configure SVI port as mentioned above. Click here to learning how to configure SVI interface
Configure Defualt route pointing to R1
CORE1(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.1
HSRP configuration
CORE1(config)#interface Vlan10
CORE1(config-if)#ip address 10.1.10.1 255.255.255.0
CORE1(config-if)#standby 10 ip 10.1.10.254
CORE1(config-if)#standby 10 timers 3 7
CORE1(config-if)#standby 10 priority 200
CORE1(config-if)#standby 10 preempt
CORE1(config-if)#standby 10 authentication md5 key-chain HSRP
CORE1(config-if)#standby 10 track 10 decrement 60
CORE1(config-if)#ip address 10.1.10.1 255.255.255.0
CORE1(config-if)#standby 10 ip 10.1.10.254
CORE1(config-if)#standby 10 timers 3 7
CORE1(config-if)#standby 10 priority 200
CORE1(config-if)#standby 10 preempt
CORE1(config-if)#standby 10 authentication md5 key-chain HSRP
CORE1(config-if)#standby 10 track 10 decrement 60
CORE1(config)#interface Vlan20
CORE1(config-if)#ip address 10.1.20.1 255.255.255.0
CORE1(config-if)#standby 10 authentication md5 key-chain HSRP
CORE1(config-if)#standby 20 ip 10.1.20.254
CORE1(config-if)#standby 20 timers 3 7
CORE1(config-if)#standby 20 priority 150
CORE1(config-if)#standby 20 preempt
CORE1(config-if)#standby 20 authentication md5 key-chain HSRP
CORE1(config-if)#ip address 10.1.20.1 255.255.255.0
CORE1(config-if)#standby 10 authentication md5 key-chain HSRP
CORE1(config-if)#standby 20 ip 10.1.20.254
CORE1(config-if)#standby 20 timers 3 7
CORE1(config-if)#standby 20 priority 150
CORE1(config-if)#standby 20 preempt
CORE1(config-if)#standby 20 authentication md5 key-chain HSRP
Create key chain for HSRP authentication.
CORE1(config)#key chain HSRP
CORE1(config-keychain)#key 1
CORE1(config-keychain-key)#key-string cisco
CORE1(config-keychain-key)#cryptographic-algorithm md5
CORE1(config-keychain)#key 1
CORE1(config-keychain-key)#key-string cisco
CORE1(config-keychain-key)#cryptographic-algorithm md5
CORE2(config)#interface GigabitEthernet0/3
CORE2(config-if)#no switchport
CORE2(config-if)#ip address 192.168.2.2 255.255.255.0
CORE2(config-if)#no switchport
CORE2(config-if)#ip address 192.168.2.2 255.255.255.0
Configure Defualt route pointing to R1
CORE1(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.1
HSRP configuration
CORE2(config)#interface Vlan10
CORE2(config-if)#ip address 10.1.10.2 255.255.255.0
CORE2(config-if)#standby 10 ip 10.1.10.254
CORE2(config-if)#standby 10 timers 3 7
CORE2(config-if)#standby 10 priority 150
CORE2(config-if)#standby 10 preempt
CORE2(config-if)#standby 10 authentication md5 key-chain HSRP
CORE2(config-if)#ip address 10.1.10.2 255.255.255.0
CORE2(config-if)#standby 10 ip 10.1.10.254
CORE2(config-if)#standby 10 timers 3 7
CORE2(config-if)#standby 10 priority 150
CORE2(config-if)#standby 10 preempt
CORE2(config-if)#standby 10 authentication md5 key-chain HSRP
CORE2(config)#interface Vlan20
CORE2(config-if)#ip address 10.1.20.2 255.255.255.0
CORE2(config-if)#standby 20 ip 10.1.20.254
CORE2(config-if)#standby 20 timers 3 7
CORE2(config-if)#standby 20 priority 200
CORE2(config-if)#standby 20 preempt
CORE2(config-if)#standby 20 track 20 decrement 60
CORE2(config-if)#standby 20 authentication md5 key-chain HSRP
CORE2(config-if)#ip address 10.1.20.2 255.255.255.0
CORE2(config-if)#standby 20 ip 10.1.20.254
CORE2(config-if)#standby 20 timers 3 7
CORE2(config-if)#standby 20 priority 200
CORE2(config-if)#standby 20 preempt
CORE2(config-if)#standby 20 track 20 decrement 60
CORE2(config-if)#standby 20 authentication md5 key-chain HSRP
Create key chain for HSRP authentication.
CORE2(config)#key chain HSRP
CORE2(config-keychain)#key 1
CORE2(config-keychain-key)#key-string cisco
CORE2(config-keychain-key)#cryptographic-algorithm md5
CORE2(config-keychain)#key 1
CORE2(config-keychain-key)#key-string cisco
CORE2(config-keychain-key)#cryptographic-algorithm md5
On AC1 and AC2 configure VLANs 10,20, Access and Trunk ports.
SVI interface as mentioned above. Also configure Default gateway
AC1(config)#ip default-gateway 10.1.10.254
AC2(config)#ip default-gateway 10.1.10.254
Verifications command for HSRP
CORE1#show standby
CORE2#show standby
Check Connectivity from PCs
Comments
Post a Comment