Hotel case study - HSRP Configuration

From csn
Jump to navigation Jump to search

Explanation Although we have redundant distribution layer devices, our PCs do not have the ability to support multiple gateways. That forces us to configure a single gateway address on the PC and in the even that gateway fails, the PC will lose connectivity.

The solution is to configure the two distribution layer routers for HSRP (Hot Standby Routing Protocol). HSRP creates a virtual router whose functionality is provided bythe physical routers. If a physical router fails, the standby router will take its place in providing the services of the virtual router. As the virtual router has a consistent IP and MAC address, any change in the availability of the physical routers is invisible to the PC.

It is important to understand that the HSRP region extends between the distribution layer devices and the host PC. All of these devices will be in the same subnet and VLAN. The distribution layer devices perform interVLAN routing and so the router interfaces are VLAN interfaces (not physical port numbers). When you configure HSRP you must apply it to the VLAN interfaces on the distribution layer device. This is a subtle but important difference between the lab (where we used dedicated routers) and the case study where we are using layer 3 switches with SVI (Switch Virtual Interfaces).

Routing Requirements

You must provide intervlan routing, such that all devices can ping one another. 

   Configure intervlan routing on all DL switches.
       Users on level one should make use of DL1 as their default gateway.
       Users on level two should make use of DL2 as their default gateway.
       Use HSRP with the active router for each guest floor being on a different router.

What you need to do?

Once inter vlan routing is configured on the distribution layer, you vlan interfaces should look something like this (PerDL shown as an example): 

interface Vlan10
 no shutdown
 description Perth Staff
 ip address 10.1.128.2 255.255.255.0

We activate and configure HSRP with the standby command. The standby ip command defines the IP address of the virtual router. The identical command should be applied under the matching VLAN interfaces on both distribution routers in an region (Perth/Sydney). 

interface Vlan10
 standby 10 ip 10.1.128.1

Once this has been applied, the two DL routers on VLAN10 will negotiate so that one of the DL routers will be the HSRP active router and provide services for the virtual router. The other router will be the standby router and will take over the role of the active router should it fail.

By using setting the gateway on our hosts to the IP address of the virtual router (10.1.128.1) we provide the host with a more reliable and consistent gateway.

Even though we have a virtual router you should be conscious of the fact that actual traffic moves via the active router. And the physical path taken to get to the gateway is governed by the path defined by the spanning tree protocol. (There's a lot going on here, take your time to think through this).

Creating a network that functions is one thing. Optimising the traffic paths is an additional and often overlooked stage. The general rule is that the distribution switch/router that acts as the active HSRP router should also be the STP root bridge.

You can choose which router becomes active for HSRP using the priority command. The default priority is 100 and the highest priority device within a group/vlan will be the active router.

If we add the following command to one of the HSRP instances, that router will become the active router. 

interface Vlan10
 standby 10 priority 105

The '10' in this example is the group number. It must match on each of the DL routers in a VLAN and it tells HSRP that the two devices are acting as part of a group. These only really become significant if want to create more than one virtual router within a VLAN (we are not). I find it easier to troubleshoot if I make the group number the same as the VLAN number but they do not have to be.

The default behaviour of HSRP is for an active router to remain active even if a new router with a better priority is introduced to the network. If you power up all devices in a network at once (power restored after outage) then all devices tend to elect the HSRP active router at the same time and thus the highest priority wins. However, if you reboot an active router and another takes over, when the first router comes back online it will not challenge the new active router even if that router has a lower priority.

You can change this behaviour with the preempt command. Preempt tells the routers to participate in an election even if there is already router in the network. Using preempt makes HSRP more predictable and it ensures the wishes you have expressed with the priority command are honoured. Unless you have s apecific desire to avoid re-elections (minor interruption) I would suggest adding the preempt command to all vlan interfaces. 

interface vlan 10
 standby 10 preempt


How you will you know it is configured correctly?

On a router, the most useful command will be show standby which will display the status for all HSRP devices. All the configured information us displayed and it will tell you about both the active and standby routers as well as identifying the current router role. 

Vlan10 - Group 10
  State is Active
    2 state changes, last state change 00:42:53
  Virtual IP address is 10.1.128.1
  Active virtual MAC address is 0000.0c07.ac0a (MAC In Use)
    Local virtual MAC address is 0000.0c07.ac0a (v1 default)
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 0.096 secs
  Preemption enabled
 Active router is local
  Standby router is 10.1.128.3, priority 100 (expires in 11.184 sec)
  Priority 105 (configured 105)
    Track object 1 state Up decrement 10
  Group name is "hsrp-Vl10-10" (default)
Vlan101 - Group 101
  State is Active

From the host devices you can also use the trace command to see the path your packets are taking through the network. Trace normally displays the physical router IP addresses so you will be able to identify the real router acting as the gateway. 

VPCS> trace 1.2.3.4
trace to 1.2.3.4, 8 hops max, press Ctrl+C to stop
 1   10.1.128.2   4.549 ms  2.150 ms  2.951 ms   <--- PerDL1 acting as the active router.
 2   10.1.255.2   3.283 ms  3.498 ms  3.028 ms
 3   *200.100.50.129   11.660 ms (ICMP type:3, code:3, Destination port unreachable)  *
  • You need to configure HSRP on each vlan interface on the distribution layer VLAN interfaces and set the active router in accordance with the gateway requirements in the scenario.
  • You also need to set the gateway address on each host to point to the IP address of the virtual router to benefit from it.


What questions could I see on the practical exam?

  • You could be asked to identify the active HSRP router or report on the routers HSRP role in particular VLANs.
  • You could be asked to change the active router to a different device.
  • A host may not be pointing to the correct gateway and you may need to troubleshoot the problem.
  • HSRP could be misconfigured and you need to fix it.
Retrieved from "https://csn.murdoch.edu.au/mediawiki/index.php?title=Hotel_case_study_-_HSRP_Configuration&oldid=644"