1

My colocation provider has setup HSRP for us and has provided us 2 drops (plugged into 1/1/1 and 1/1/2) from their routers as well as a /29 with 2 HSRP IP's and the rest of the /29 usable for the switch.

I know that HSRP should be pretty much plug and play as long as the ports are in the same VLAN.

However I'm confused as to how to the IP setup should work.

Currently I've assigned port 1/1/1 the full /29 however I think this is incorrect because if I were to unplug it port 1/1/2 wouldn't work as it has no IP assignment.

What's the proper way to do this?

WinkyWolly
  • 598
  • 6
  • 19

1 Answers1

1

Here's how it works:

112.168/29 - NETWORK ADDRESS

112.170 - Virtual HSRP Address

112.171 - Colo Router A

112.172 - Colo Router B

Then you have options:

Terminate the connections into the same VLAN, and then put your devices right into that VLAN and give them public addresses, with 172-174 being usable.

OR

Terminate the connections into the same VLAN, and connect either a router or a firewall into that same VLAN, which would have a .172-174 address to provide routing, NAT, and security for privately addressed devices behind it.

SpacemanSpiff
  • 8,733
  • 1
  • 23
  • 35
  • I think I'm confusing what I need to do. I need to be able to have the ability to ensure that if say port 1/1/1 gets unplugged port 1/1/2 will fail-over (2 drops to 2 core routers). I have a single /29 and a few usable IP's to assign to my switch. How do I make this happen since I can't statically assign a single subnet to one port and then the other (overlap). I've currently setup a ip-subnet in VLAN1 and have assigned the /29. Then I created a virtual interface and assigned it 112.172. It seems to be "working" although I feel this is incorrect. – WinkyWolly Nov 01 '12 at 00:47
  • Actually the virtual interface I setup and assigned 112.172 stops pinging after a few minutes. When unplugging either it begins to ping again. – WinkyWolly Nov 01 '12 at 00:52
  • You can only have one interface on your switch be on the the subnet from your provider. You can't put one IP directly on 1/1/1 and the other on 1/1/2 or you'll have split your access into the providers subnet. Your interfaces 1/1/1 and 1/1/2 should be set as ACCESS ports on a VLAN (don't use VLAN1, please) and should not have any IP addressing information on them at all. The VLAN interface for that VLAN will then have an IP in the provider's subnet. Are you planning to use a firewall, or are you publicly addressing your devices? What kind of switch? – SpacemanSpiff Nov 01 '12 at 01:01
  • I'm using a Brocade FCX device. I've setup a vlan with ports 1/1/1 and 1/1/2. I've added the /29 subnet and have added a virtual ethernet (ve) device sing 112.172. While this works the 112.172 IP seems to stop pinging after awhile until one of the 1/1/1 and 1/1/2 ports are unplugged. Here is the commands I'm running: http://pastie.org/private/bsyw1gwohmn4qjugwrjeha – WinkyWolly Nov 01 '12 at 01:21
  • Also no Firewall. It's going straight to the next router from upstream. When the IP stops pinging there is a small latency jump as if it's switching to the other link and then it starts timing out. I'm not sure what would cause this. – WinkyWolly Nov 01 '12 at 01:28
  • I've gotten this resolved. The issue was the router wasn't going out the virtual gateway but to one of the routers directly causing goofy things to happen. Thanks! – WinkyWolly Nov 02 '12 at 23:58
  • Ya that'll work for a little, you'll get ICMP redirects probably and after a while they stop working. – SpacemanSpiff Nov 03 '12 at 01:35