I'm reviewing the configuration of a pair of pair routers. Each pair of routers has a satellite link between them (which is also redundant). They are in use – One pair has HSRP configured for all routed interfaces. However the other pair has HSRP and VRRP. The VRRP is configured on the link to the modems for the satellite links and HSRP is for all the local systems.
My questions is, is this safe to have both VRRP and HSRP (others have done so – so I believe this is OK). However, is there a possible reason for doing this?
The modems are identical at both ends, so I am trying to see why HSRP could not of been used at both ends.
They are all new and just installed in the last few days.
The configurations for the VRRP/HSRP pair of routers is below (IP addresses have been changed -so there maybe typos in the IP addresses):
track 1 interface FastEthernet0/0/0 ip routing
track 2 interface GigabitEthernet0/0.2 ip routing
interface GigabitEthernet0/0.2 interface GigabitEthernet0/0.2
encapsulation dot1Q 2 encapsulation dot1Q 2
ip address 1.1.2.2 255.255.255.0 ip address 1.1.2.3 255.255.255.0
ip nat inside
ip virtual-reassembly in ip virtual-reassembly in
standby 1 ip 1.1.1.1 standby 1 ip 1.1.1.1
standby 1 priority 105
standby 1 preempt standby 1 preempt
standby 1 track 1 decrement 10
standby 1 track 2 decrement 10
! !
interface GigabitEthernet0/0.4 interface GigabitEthernet0/0.4
encapsulation dot1Q 4 encapsulation dot1Q 4
ip address 1.1.4.2 255.255.255.0 ip address 1.1.4.3 255.255.255.0
ip nat inside
ip virtual-reassembly in ip virtual-reassembly in
standby 1 ip 1.1.4.1 standby 1 ip 1.1.4.1
standby 1 preempt standby 1 priority 105
standby 1 track 1 decrement 10
! standby 1 track 2 decrement 10
! !
interface GigabitEthernet0/0.22 interface GigabitEthernet0/0.22
encapsulation dot1Q 22 encapsulation dot1Q 22
ip address 1.1.22.2 255.255.255.240 ip address 1.1.22.3 255.255.255.240
ip nat inside
ip virtual-reassembly in ip virtual-reassembly in
standby 1 ip 1.1.22.1 standby 1 ip 1.1.22.1
standby 1 priority 105
standby 1 preempt standby 1 preempt
standby 1 track 1 decrement 10
standby 1 track 2 decrement 10
! !
interface FastEthernet0/0/0 interface FastEthernet0/0/0
description SATELLITE MODEMS description SATELLITE MODEMS
ip address 1.1.1.2 255.255.255.0 ip address 1.1.1.3 255.255.255.0
ip nat outside
ip virtual-reassembly in ip virtual-reassembly in
duplex auto duplex auto
speed auto speed auto
vrrp 1 ip 1.1.1.1 vrrp 1 ip 1.1.1.1
vrrp 1 priority 105
vrrp 1 track 1 decrement 15
vrrp 1 track 2 decrement 15
There is no NAT, and I can see things such as there is a nat inside statement on one router but not the other, so I believe there are errors.
Best Answer
Having both HSRP and VRRP on a router is fine, as long as they are configured on different interfaces, which seems to be the case.
There are probably several things wrong with the way this is configured. For example,
preemptin not used consistently (seeinterface GigabitEthernet0/0.4,ip address 1.1.4.3 255.255.255.0), and I would actually put a delay on it so that minor bounces don't have it jumping back and forth unnecessarily.HSRP and VRRP are protocols for redundancy for the LAN hosts. It may be that whoever set this up thinks it is redundancy for the routers (many people do, but they are wrong). The routers must be able to communicate with each other over the LAN defined by the interface configuration, else each will think it is master for that LAN. Both protocols work by fooling the hosts on the LAN. Unless the satellite link is a LAN host that can be fooled by VRRP, then it really is incorrect.
If NAT is not being used, then there is no need for any NAT statements, and that may be the result of a poor cleanup job.
You should really just rethink this from scratch, put your proposed solution in the lab (never replace a working configuration with out testing), then fix the routers to make sense to you.