2

When using 4 port switching module where each port is configured to switchport access vlan ##, for HRSP should I track the vlan interface or the FastEthernet interface?

interface FastEthernet0/0/0
 switchport access vlan 10

interface Vlan10
 ip address 12.12.12.1 255.255.255.0

int FastEthernet0/1
 ip address 192.168.1.2 255.255.255.0
 standyby ip 192.168.128.1
 standby track ?? ! FastEthernet 0/0/0 or Vlan 10?
Kyle Brandt
  • 82,107
  • 71
  • 302
  • 444

2 Answers2

3

For basic HSRP functionality, you don't have to do any tracking. HSRP failover checks IP (layer 3) reachability of the other router(s). Tracking can allow you to affect HSRP priority for more specialized circumstances such as lowering the HSRP priority when a WAN link on the same router goes down.

A basic HSRP setup could include two routers with layer 3 interfaces on the same ip network. The router with the higher HSRP priority will become 'active' and answer for the standby IP. If that router were to go offline, the other router will become active and start responding to packets sent to the standby IP.

You can set up HSRP on most types of layer 3 LAN interfaces, including physical interfaces and VLAN interfaces. You can also have independent instances of HSRP running on multiple layer 3 interfaces if you want. If there is something specific you're trying to accomplish with tracking, please elaborate.

MT.
  • 321
  • 2
  • 8
  • MT: The Tracking is in place to follow the WAN link. Where 12.12.12.1 is the WAN link. I guess I should made the public IP a /30, but doesn't matter, the question still stands. – Kyle Brandt Mar 11 '10 at 18:22
  • Kyle: If I understand you correctly, you probably want to track physical Ethernet0/0/0 then (which would go down if you unplugged the cable or layer 2 dropped for any reason). – MT. Mar 11 '10 at 19:39
3

If you are attempting to track the WAN link and you are receiving an Ethernet hand-off from your provider, I would suggest tracking the ICMP reachability of an IP address within your service provider's network. Physical interface tracking will not help you in the case where there is an L2 failure beyond the handoff interface between you and your provider.

The first option would be to track the first hop router (I'm guessing 12.12.12.2 from your example?); a better solution would be to ask your ISP for the IP of one of their DNS servers or similar.

The way to do this is to create an IP SLA monitor operation, and create an object that tracks the state of the operation. The tracker object can then be used to decrement the HSRP priority of the LAN interface when the WAN interface goes down. This will vary depending on the code version you are running, but sample config below:

ip sla monitor 1
 type echo protocol ipIcmpEcho 12.12.12.2
 timeout 10
 frequency 5
!

ip sla schedule 1 life forever start-time now

track 123 rtr 1 state

interface FastEthernet0/1
 ip address 192.168.1.2 255.255.255.0
 standby 1 ip 192.168.128.1
 standby 1 priority 105
 standby 1 preempt
 standby 1 track 123 decrement 10
!

In summary, this:

  • Creates an IP SLA operation that performs an ICMP echo targeted at 12.12.12.2, with a timeout of 10 milliseconds, with an interval of 5 seconds between probes.
  • Schedules the IP SLA operation to run forever.
  • Creates a tracking object which tracks the state of the IP SLA operation.
  • Configures interface Fa0/1 with an HSRP address; configures HSRP to preempt; and configures HSRP to decrement its priority by 10 should the tracking object associated with the ICMP IP SLA monitor enter a down state.

This is very rough config based on referring to CCO; I will see if I can find something a little more polished in my notes.

Murali Suriar
  • 10,166
  • 8
  • 40
  • 62
  • In this case BGP is used on the WAN side with a private AS (all I get is the default gateway), and they are ethernet handoffs. In this case will the tracking function the way I think or will is still not follow? If doesn't follow it actually should matter because of the link between the two routers, I just thought if the LAN and WAN stayed on the same router is might be a little cleaner. – Kyle Brandt Mar 12 '10 at 11:26
  • @Kyle: If you are running BGP with your provider, you shouldn't need interface tracking? If the physical interface with your provider goes down, your BGP session will also go down and the default route originated from your provider will be removed. Do you have a layer-3 link between your two routers? As long as this is the case, even if HSRP remains active on the router with the failed WAN link, traffic will route across the IRL to the other WAN router, and will be forwarded out to the internet. – Murali Suriar Mar 12 '10 at 16:01
  • Yup, exactly, my take is that I don't need the HSRP either, and in my LAB the situation worked exactly as you described with the layer 3 link between them. I just thought the keeping the LAN and WAN links on the same router might be 'safer', but it is not a requirement. – Kyle Brandt Mar 12 '10 at 16:21
  • @Kyle: to be clear, you still need HSRP to ensure that your users have a default gateway should one of the routers fail; what you don't need is interface or object tracking; BGP takes care of this for you. – Murali Suriar Mar 12 '10 at 16:26
  • @Kyle: This is how I do it as well (keeping the wan/lan links on the same router where possible). As you said, not a requirement, but cleaner (and one less hop). – MT. Mar 12 '10 at 16:53
  • Murali: Yup, I know I would need HSRP, just the interface tracking part of HSRP isn't required to function. I think we are on the same page. – Kyle Brandt Mar 12 '10 at 18:02