Documente Academic
Documente Profesional
Documente Cultură
Normally, after the active router fails and the standby becomes active, the original
active
router cannot immediately become active when it is restored.
You can configure a router to preempt or immediately take over the active role if its
priority is the highest at any time.
Switch(config-if)# standby group preempt [delay [minimum seconds] [reload
seconds]]
Add the minimum keyword to force the router to wait for seconds (0 to 3600 seconds) before attempting to overthrow an active router with a lower priority.
Add the reload keyword to force the router to wait for seconds (0 to 3600 seconds)
after it has been reloaded or restarted.
The local router should not become the active gateway before
its routing table is fully populated; otherwise, it might not be capable of routing traffic properly.
HSRP also can use an authentication method to prevent unexpected devices from
spoofing or participating in HSRP.
Plain-Text HSRP Authentication
Switch(config-if)# standby group authentication string
MD5 Authentication
Switch(config-if)# standby group authentication md5 key-string [0 | 7] string
Alternatively, you can define an MD5 key string as a key on a key chain.
Switch(config)# key chain chain-name
Switch(config-keychain)# key key-number
Switch(config-keychain-key)# key-string [0 | 7] string
Switch(config)# interface type mod/num
Switch(config-if)# standby group authentication md5 key-chain chain-name
Tip: HSRP MD5 authentication was introduced into some Catalyst switch
platforms with
Cisco IOS Software Release 12.2(25)S. At the time of this writing, this
feature is available
only on the Catalyst 3560 and 3750.
Conceding the Election
HSRP has a mechanism for detecting link failures and swaying the election, giving
another router an opportunity to take over the active role.
To configure interface tracking, use the following interface configuration command:
Switch(config-if)# standby group track type mod/num [decrementvalue]
By default, the decrementvalue for an interface is 10.
You also should be aware
that the only way another router can take over the active role after interface
tracking reduces the priority is if the following two conditions are met:
Another router now has a higher HSRP priority.
That same router is using preempt in its HSRP configuration.
Without preemption, the active role cannot be given to any other router.
A group of clients sends packets to it for forwarding, and it has one or more links to
the rest of the world. If one of those links fails, the router remains active. If all of
those links fail, the router still remains active.
HSRP Gateway Addressing
Each router has a common gateway IP address, the virtual router address, which is
kept alive by HSRP. This address also is referred to as the HSRP address or the
standby address.
The actual interface address and the virtual (standby) address must be configured
to be in the same IP subnet.
Switch(config-if)# standby group ip ip-address [secondary]
For the virtual router address, HSRP defines a special MAC address of the form
0000.0c07.acxx, where
xx represents the HSRP group number as a two-digit hex value.
For example, HSRP
Group 1 appears as 0000.0c07.ac01, HSRP Group 16 appears as 0000.0c07.ac10,
and so on.
Verification
Router# show standby [brief] [vlan vlan-id | type mod/num]
Displaying the HSRP Router Role of a Switch: CatalystA
CatalystA# show standby vlan 50 brief
P indicates configured to preempt.
|
Interface
Vl50
1 200 P Active
Vl50
100
Active addr
local
Standby addr
192.168.1.11
Standby 192.168.1.11
local
CatalystA#
CatalystA# show standby vlan 50
Vlan50 - Group 1
Local state is Active, priority 200, may preempt
Hellotime 3 sec, holdtime 10 sec
Group addr
192.168.1.1
192.168.1.2
1 100
Active addr
Standby 192.168.1.10
2 200 P Active
local
Standby addr
local
192.168.1.10
Group addr
192.168.1.1
192.168.1.2
CatalystB#
CatalystB# show standby vlan 50
Vlan50 - Group 1
Local state is Standby, priority 100
Hellotime 3 sec, holdtime 10 sec
Next hello sent in 0.980
Virtual IP address is 192.168.1.1 configured
Active router is 192.168.1.10, priority 200 expires in 8.128
Standby router is local
Authentication text MyKey
1 state changes, last state change 00:01:12
IP redundancy name is hsrp-Vl50-1 (default)
Vlan50 - Group 2
Local state is Active, priority 200, may preempt
Hellotime 3 sec, holdtime 10 sec
Next hello sent in 2.888
Virtual IP address is 192.168.1.2 configured
Active router is local
Standby router is 192.168.1.10 expires in 8.500
Virtual mac address is 0000.0c07.ac02
Authentication text MyKey
1 state changes, last state change 00:01:16
CatalystB#
Virtual Router Redundancy Protocol
(VRRP) is a standards-based alternative to HSRP.
VRRP provides one redundant gateway address from a group of routers. The active
router is called the master router, whereas all others are in the backup state. The
master router is the one with the highest router priority in the VRRP group.
VRRP group numbers range from 0 to 255; router priorities range from 1 to 254.
254 is the highest.
100 is the default.
The virtual router MAC address is of the form 0000.5e00.01xx, where xx is a twodigit
hex VRRP group number.
VRRP advertisements are sent at 1-second intervals. Backup routers optionally can
learn the advertisement interval from the master router.
By default, all VRRP routers are configured to preempt the current master router if
their priorities are greater.
VRRP has no mechanism for tracking interfaces to allow more capable routers to
take over the master role.
Note: VRRP sends its advertisements to the multicast destination address
224.0.0.18 (VRRP), using IP protocol 112. VRRP was introduced in Cisco IOS
Software Release 12.0(18)ST for routers. At press time, VRRP is available only for
the Catalyst 4500 (Cisco IOS Release 12.2[31]SG), Catalyst 6500 Supervisor 2 (Cisco
IOS Software Release 12.2[9]ZA or later) and Catalyst 6500 Supervisor 720 (Cisco
IOS Software Release 12.2[17a]SX4 or later).
VRRP Configuration Commands
Verification
Note: GLBP was introduced in Cisco IOS Software Release 12.2(14)S for
routers. At the
time of this writing, GLBP is available only for the Catalyst 6500
Supervisor 2 with IOS
Release 12.2(14)SY4 or later and Supervisor 720 with IOS Release
12.2(17a)SX4 switch platforms.
Instead of having just one active router performing forwarding for the virtual router
address, all routers in the group can participate and offer load balancing by
forwarding a portion of the overall traffic.
As a client sends an ARP request looking for the virtual router address, GLBP sends
back an ARP reply with the virtual MAC address of a selected router in the group.
The result is that all clients use the same gateway address but have differing MAC
addresses for it.
Active Virtual Gateway
Active virtual gateway (AVG) is the router having the highest priority value, or the
highest IP address in the group, if there is no highest priority.
The AVG answers all ARP requests for the virtual router address.
The AVG also assigns the necessary virtual MAC addresses to each of the routers
participating in the GLBP group. Up to four virtual MAC addresses can be used in
any group.
Each of these routers is referred to as an active virtual forwarder (AVF), forwarding
traffic received on its virtual MAC address. Other routers in the group serve as
backup or secondary virtual forwarders, in case the AVF fails. The AVG also assigns
secondary roles.
Switch(config-if)# glbp group priority level
GLBP group numbers range from 0 to 1023. The router priority can be 1 to 255 (255
is the highest priority), defaulting to 100.
Switch(config-if)# glbp group preempt [delay minimum seconds]
AVG sends periodic hello messages to each of the other GLBP peers. In addition, it
expects to receive hello messages from each of them.
Hello messages are sent at hellotime intervals, with a default of 3 seconds. If hellos
are not received from a peer within a holdtime, defaulting to 10 seconds, that peer
is presumed to have failed.
to adjust the weight. You first must define an interface as a tracked object with the
following global configuration command:
Switch(config)# track object-number interface type mod/num {line-protocol | ip
routing}
GLBP Load Balancing
Switch(config-if)# glbp group load-balancing [round-robin | weighted |
host-dependent]
Enabling GLBP
Switch(config-if)# glbp group ip [ip-address [secondary]]
Notice that CatalystA is shown to be the AVG because it has a dash in the
Fwd column and is in the Active state.
CatalystA# show glbp
Vlan50 - Group 1
State is Active
7 state changes, last state change 03:28:05
Virtual IP address is 192.168.1.1
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.672 secs
Redirect time 600 sec, forwarder time-out 14400 sec
Preemption enabled, min delay 0 sec
Active is local