Cisco HSRP – HSRP on Switch Interfaces

ciscocisco-catalysthsrplayer3switch

As part of my internship/thesis, I am looking to implement HSRP in a network.

The network has 2 separate locations that are connected with a fibre cable (layer 3 to layer 3).

Each layer 3 (Cisco 3560-x) is connected to an HP-router that is managed by our ISP.

I was thinking about setting up HSRP on one interface of both switches, but I imagine an IP route to the virtual IP address won't work because it is on the same switch.

Would I be correct to think that in my current configuration, HSRP is only possible on the routers?

Any other input regarding the issue is welcome.

EDIT

extra info:

Router 1 IP address is 10.10.255.251 and Router 2 IP address is 10.10.255.252.

Switch1 :

interface FastEthernet0/1
 no switchport
 ip address 10.10.255.253 255.255.255.248
 standby 1 ip 10.10.255.250
 standby priority 110
 exit

Switch2:

interface FastEthernet0/1
 no switchport
 ip address 10.10.255.254 255.255.255.248
 standby 1 ip 10.10.255.250
 standby priority 110
 exit

The reason why I want to do this on the switches is that I can't configure the routers as they are managed by our ISP.

The virtual IP address would be 10.10.255.250, but when this is configured on the switch interfaces, I cannot add an IP route to this virtual IP address because the next hop would be on the same switch.

I also don't see how the Internet traffic would reach the routers in this configuration.

So, to repeat the question: am I right in thinking this won't work, or is this possible in a way that I did not try yet?

Best Answer

What you seem to be proposing is running HSRP toward the ISP routers in attempt to fool your own routers, but HSRP is a protocol designed to fool LAN hosts, e.g. PCs.

On your layer-3 switches, you will have one or more VLANs configured in SVIs. For example:

ip routing
!
interface Vlan10
 ip address 10.10.10.1 255.255.255.0
!
interface Vlan20
 ip address 10.20.20.1 255.255.255.0

Those are the interfaces on which you would configure HSRP to give a redundant gateway to your LAN hosts.

If you want redundancy to the ISP routers, you need to do that with routing. You probably have a static default route. For example, assume the ISP routers are 10.10.255.249 (primary) and 10.10.255.250 (backup):

ip route 0.0.0.0 0.0.0.0 10.10.255.249     ! primary route with AD of 1
ip route 0.0.0.0 0.0.0.0 10.10.255.250 10  ! backup route with AD of 10

This establishes two static default routes. A lower AD will be in the routing table unless it goes down, at which point it is removed from the routing table, and the backup route is put into the routing table.

This is invisible to the hosts because the hosts use the layer-3 switches for their gateways. Hosts don't know or care about the routing; all they care about is that they have a configured gateway, and the gateway is supposed to know how to route traffic toward the destination.

Related Topic