Router redundany using HSRP (CISCO)

13/11/2018 FN Comments 0 Comment

PROBLEM: I would like would like to use the second router/switch as a backup one.
SOLUTION: Use very simple HSRP!

[?] What is EIGRP?
https://www.cisco.com/c/en/us/support/docs/ip/enhanced-interior-gateway-routing-protocol-eigrp/16406-eigrp-toc.html

Let’s have a look at the topology diagram, at first: We can see two networks (A, B) and two Routers (1, 2). We would like to keep one router as a primary (e.g. Router 1) and the second one as a backup. So e.g. if Router 1 goes down, we can still access the other network through Router 2. Very simple, isn’t it?

Now, let’s move to the configuration part. We have a small network, with two LANs with PCs, one router with a DHCP server (R3) and two nodes (R1 & R2) in the middle. R1 and R2 are redundant and we will configure HSRP on them. But let’s start with routing, at first.

We have to use some dynamic routing here. I chose EIGRP, just because I like it. You can use RIP, OSPF or other. Configuration is very easy, just apply this config to all routers.
Number 10 (router eigrp 10) means the number of AS (Autonomous System), which is a system where devices are under signle technical administration. After this paste all network inside this AS you would like to route between. And that’s it – we have routing set.

Router(config)# router eigrp 10
Router(config-router)# network 192.168.1.0
Router(config-router)# network 172.16.0.0
Router(config-router)# network 172.16.1.0
Router(config-router)# network 10.0.0.0

Router(config)# router eigrp 10

Router(config-router)# network 192.168.1.0

Router(config-router)# network 172.16.0.0

Router(config-router)# network 172.16.1.0

Router(config-router)# network 10.0.0.0

Now, we will configure HSRP on R1 and R2. HSRP uses virtual IP and virtual MAC and this IP should be used as a default gateway for all devices connected to this network. Configuration is very simple. 192.168.1.10 will be our virtual IP.

R1(config)# interface fastEthernet0/0
R1(config-if)# standby 1 ip 192.168.1.10

1 2	R1(config)# interface fastEthernet0/0 R1(config-if)# standby 1 ip 192.168.1.10

Do the same on the second router as well.

R2(config)# interface fastEthernet0/0
R2(config-if)# standby 1 ip 192.168.1.10

1 2	R2(config)# interface fastEthernet0/0 R2(config-if)# standby 1 ip 192.168.1.10

We should set up a priority and one more thing to make it working smoothly. Priority has a range 1 – 255 (higher number = higher priority), so using it we will define primary router. Default priority (if not set) is 100. Preempt will ensure switching back to our primary router once it will be back online.

R1(config-if)# standby 1 priority 150 //PRIMARY router
R1(config-if)# standby 1 preempt

R2(config-if)# standby 1 priority 120 //BACKUP router
R2(config-if)# standby 1 preempt

R1(config-if)# standby 1 priority 150 //PRIMARY router

R1(config-if)# standby 1 preempt

R2(config-if)# standby 1 priority 120 //BACKUP router

R2(config-if)# standby 1 preempt

Now we should see HSRP state update on both routers and we can test how it works.
OUTPUT

R1#sh standby br
                     P indicates configured to preempt.
                     |
Interface   Grp  Pri P State   Active          Standby         Virtual IP
Fa0/0       1    150 P Active  local           unknown         192.168.1.10

R2#sh standby br
                     P indicates configured to preempt.
                     |
Interface   Grp  Pri P State   Active          Standby         Virtual IP
Fa0/0       1    120 P Active  local           192.168.1.1     192.168.1.10

R1#sh standby br

P indicates configured to preempt.

Interface Grp Pri P State Active Standby Virtual IP

Fa0/0 1 150 P Active local unknown 192.168.1.10

R2#sh standby br

P indicates configured to preempt.

Interface Grp Pri P State Active Standby Virtual IP

Fa0/0 1 120 P Active local 192.168.1.1 192.168.1.10

Trace from PC-1 (192.168.1.100) to PC-3 (10.0.0.11)

PC-1&gt; trace 10.0.0.11
trace to 10.0.0.11, 8 hops max, press Ctrl+C to stop
 1   192.168.1.1   19.840 ms  15.376 ms  11.408 ms
 2   172.16.0.2   56.544 ms  36.705 ms  50.096 ms
 3   *10.0.0.11   104.656 ms (ICMP type:3, code:3, Destination port unreachable)

PC-1> trace 10.0.0.11

trace to 10.0.0.11, 8 hops max, press Ctrl+C to stop

1 192.168.1.1 19.840 ms 15.376 ms 11.408 ms

2 172.16.0.2 56.544 ms 36.705 ms 50.096 ms

3 *10.0.0.11 104.656 ms (ICMP type:3, code:3, Destination port unreachable)

And we can turn R1 off and see, what happen.

PC-1&gt; trace 10.0.0.11
trace to 10.0.0.11, 8 hops max, press Ctrl+C to stop
 1   192.168.1.2   9.424 ms  9.920 ms  10.416 ms
 2   172.16.1.2   32.240 ms  32.240 ms  30.751 ms
 3   *10.0.0.11   42.656 ms (ICMP type:3, code:3, Destination port unreachable)

PC-1> trace 10.0.0.11

trace to 10.0.0.11, 8 hops max, press Ctrl+C to stop

1 192.168.1.2 9.424 ms 9.920 ms 10.416 ms

2 172.16.1.2 32.240 ms 32.240 ms 30.751 ms

3 *10.0.0.11 42.656 ms (ICMP type:3, code:3, Destination port unreachable)

We can run a continous ping to check the delay. There is update every 10 sec by default. But we can change it using timers, hello packet is send every 1 second and failover is after 4 seconds.

R1(config-if)# standby 1 timers 1 4

1	R1(config-if)# standby 1 timers 1 4

Before:

84 bytes from 10.0.0.11 icmp_seq=27 ttl=62 time=40.176 ms
84 bytes from 10.0.0.11 icmp_seq=28 ttl=62 time=71.424 ms
84 bytes from 10.0.0.11 icmp_seq=29 ttl=62 time=30.752 ms
84 bytes from 10.0.0.11 icmp_seq=30 ttl=62 time=33.232 ms
84 bytes from 10.0.0.11 icmp_seq=31 ttl=62 time=29.266 ms
10.0.0.11 icmp_seq=32 timeout
10.0.0.11 icmp_seq=33 timeout
10.0.0.11 icmp_seq=34 timeout
10.0.0.11 icmp_seq=35 timeout
10.0.0.11 icmp_seq=36 timeout
10.0.0.11 icmp_seq=37 timeout
84 bytes from 10.0.0.11 icmp_seq=38 ttl=62 time=25.295 ms
84 bytes from 10.0.0.11 icmp_seq=39 ttl=62 time=32.242 ms
84 bytes from 10.0.0.11 icmp_seq=40 ttl=62 time=30.752 ms
84 bytes from 10.0.0.11 icmp_seq=41 ttl=62 time=22.816 ms
84 bytes from 10.0.0.11 icmp_seq=42 ttl=62 time=32.735 ms

84 bytes from 10.0.0.11 icmp_seq=27 ttl=62 time=40.176 ms

84 bytes from 10.0.0.11 icmp_seq=28 ttl=62 time=71.424 ms

84 bytes from 10.0.0.11 icmp_seq=29 ttl=62 time=30.752 ms

84 bytes from 10.0.0.11 icmp_seq=30 ttl=62 time=33.232 ms

84 bytes from 10.0.0.11 icmp_seq=31 ttl=62 time=29.266 ms

10.0.0.11 icmp_seq=32 timeout

10.0.0.11 icmp_seq=33 timeout

10.0.0.11 icmp_seq=34 timeout

10.0.0.11 icmp_seq=35 timeout

10.0.0.11 icmp_seq=36 timeout

10.0.0.11 icmp_seq=37 timeout

84 bytes from 10.0.0.11 icmp_seq=38 ttl=62 time=25.295 ms

84 bytes from 10.0.0.11 icmp_seq=39 ttl=62 time=32.242 ms

84 bytes from 10.0.0.11 icmp_seq=40 ttl=62 time=30.752 ms

84 bytes from 10.0.0.11 icmp_seq=41 ttl=62 time=22.816 ms

84 bytes from 10.0.0.11 icmp_seq=42 ttl=62 time=32.735 ms

After:

84 bytes from 10.0.0.11 icmp_seq=11 ttl=254 time=14.880 ms
84 bytes from 10.0.0.11 icmp_seq=12 ttl=254 time=33.238 ms
84 bytes from 10.0.0.11 icmp_seq=13 ttl=254 time=34.226 ms
10.0.0.11 icmp_seq=14 timeout
10.0.0.11 icmp_seq=15 timeout
84 bytes from 10.0.0.11 icmp_seq=16 ttl=254 time=30.259 ms
84 bytes from 10.0.0.11 icmp_seq=17 ttl=254 time=24.800 ms
84 bytes from 10.0.0.11 icmp_seq=18 ttl=254 time=18.848 ms

84 bytes from 10.0.0.11 icmp_seq=11 ttl=254 time=14.880 ms

84 bytes from 10.0.0.11 icmp_seq=12 ttl=254 time=33.238 ms

84 bytes from 10.0.0.11 icmp_seq=13 ttl=254 time=34.226 ms

10.0.0.11 icmp_seq=14 timeout

10.0.0.11 icmp_seq=15 timeout

84 bytes from 10.0.0.11 icmp_seq=16 ttl=254 time=30.259 ms

84 bytes from 10.0.0.11 icmp_seq=17 ttl=254 time=24.800 ms

84 bytes from 10.0.0.11 icmp_seq=18 ttl=254 time=18.848 ms

We can load balance using multiple HSRP, I will show it later.