HSRP with a layer 3 switch?

[drewdown]

I am trying to figure out how to configure HSRP/VRRP on two routers and do layer 3 IP routing on a core switch.

Say I have two vlans (vlan1: 10.30.3.0/24 and vlan2: 172.68.8.0/24) and ip routing enable on a 3750. So default gateways for those two subnets would be 10.30.31.1 and 172.68.8.1 respectively. The 3750 connects to 2 cisco routers (R1 and R2) running VRRP.

VRRP address would be 10.30.3.1 on R1 and 10.30.3.2 on R2, the virutal shared private ID would then be 10.30.3.1 (default gateway as well).

Is this poossible? And if so any ideas on how to do this? Basically I want VRRP, and do layer 3 routing on a 3750 for a couple vlans.

 

[voltron1011]

I think you have the addressing a little skewed. In HSRP, two routers will share the same standby ip of 10.30.3.1, however each of the routers will have 10.30.3.2 and 10.30.3.1 as their respective ip's.

 

[voltron1011]

***CORRECTION****

I think you have the addressing a little skewed. In HSRP, two routers will share the same standby ip of 10.30.3.1, however each of the routers will have 10.30.3.2 and 10.30.3.3 as their respective ip's.

 

[drewdown]

Cool I understand that. But that configuration will work then correct?

Would it work like this?

R1 ip: 10.30.3.2 R2 ip: 10.30.3.3
VID:10.30.3.1

3750: vlan1: 10.30.3.0/24 and vlan2: 172.68.8.0/24


Would that work?

 

[norteldude78]

That is right. You need another HSRP group if you want vlan2 to be routed.

standby 1 ip 10.30.3.1
standby 2 ip 172.68.8.1

 

[drewdown]

Thanks.

I am still a little confused.

If I did the layer 3 routing on a 3750 and had the routers connected directly to the 3750, would I be able to configure it this way? I would like to configre ip routing on the 3750 and allow that to route traffic inside. But not sure how/or where to create the default gateways.

So I could configre a default gateway of 10.30.3.8 and 172.68.8.8 on the 3750? Then configure the HSRP settings on the routers??

I think I am confusing myself more, but if anyone can shed some light on it I would appreciate it.


TIA

 

[norteldude78]

I think your confusing the need/location for hsrp. hsrp is for redundancy. Why would you need to route on the L3 switches and then do HSRP on the routers? This doesn't accomplish much.

HSRP is for redundancy of the gateways. So if you only have 1 L3 switch, then you shouldn't use HSRP there. However, if you are using the routers as the gateways, then use HSRP there.

Can you send a rough drawing of how the devices are connected?

 

[drewdown]

Right now I have two routers, both directly connect to a 3750 stack. I wanted to run HSRP on the routers and then do the layer 3 routing on the 3750 and use the 3750 as the gateway and the routers as VPNs/firewalls with redundancy. I am trying to see how to do that, or whether or not its possible.

Below is my poor attempt at a drawing.

INTERNET
| |
R1 R2
| |
| |
3750 Stack

 

[norteldude78]

I dont understand why you want HSRP on the routers but want the 3750's to do the routing. HSRP on the routers will not provide redundancy for the default gateway if the default gateway is on the 3750. If the routers provide a next hop towards the Internet then you can use HSRP there.

But here is your current conflict:

If vlans 1 and 2 are 10.30.3.0 and 172.68.8.0...then the subnet between the switch stack and the routers MUST be different. Otherwise you wouldn't be routing on the 3750, you would be switching at layer 2.

 

[drewdown]

Neither do I, but my boss was all up on it as of late. But I wasnt sure how to work it with a layer 3 switch in the mix.

So I would need something like 192.168.66.0 between the stack and the routers. If I did then would I be able to do it?

Do you have another suggestion on how to do this? Just forget about HSRP? Or route on the routers and run HSRP there? Is HSRP viable for a multi-vlan envrionment? Or is better suited for single subnet/vlan?

 

[voltron1011]

We have HSRP running on our corp switches (4500's) with multiple vlans. Every other vlan is set to be primary each switch:

SWITCH 1:

Vl1 1 100 P Active local 172.20.1.3 172.20.1.1
Vl100 1 90 Standby 192.168.100.203 local 192.168.100.201
Vl101 1 100 P Active local 10.100.1.3 10.100.1.1
Vl102 1 90 Standby 10.100.2.3 local 10.100.2.1
Vl104 1 90 Standby 10.100.240.3 local 10.100.240.1
Vl105 1 100 P Active local 10.100.1.163 10.100.1.161

Switch 2:

Vl1 1 90 Standby 172.20.1.2 local 172.20.1.1
Vl100 1 100 P Active local 192.168.100.202 192.168.100.201
Vl101 1 90 Standby 10.100.1.2 local 10.100.1.1
Vl102 1 100 P Active local 10.100.2.2 10.100.2.1
Vl104 1 100 P Active local 10.100.240.2 10.100.240.1
Vl105 1 90 Standby 10.100.1.162 local 10.100.1.161

These vlans are routed using eigrp throughout our network, or sent to one of our two gateway router running BGP.

 

[norteldude78]

HSRP is always viable if you have multiple devices to provide redundancy. Make no mistake - HSRP is a good thing. I can't really offer detailed advice for your scenario, but this is what you could do:

Use the 3750 as the default router to route traffic between vlans and towards R1 and R2 for the Internet. Make a default route on the 3750 to point to the HSRP group ("standby 1 ip 192.168.66.1" on R1 and R2 for example).

The 3750 passes Internet traffic to the HSRP routers.
The 3750 routes Inter-vlan traffic.
The 3750 is basically your Access/Distribution/Core switch all in one.

This would take some load off the routers for Inter-vlan routing and provide redundancy for the Internet in case a router went down.

Make sense?

 

[drewdown]

Yeah it does, thats the jist of what I wanted to do, just not sure how to implement it.

So in your scenario nortekdude78, I could lay it out like this:

R1: 192.168.66.3 R2: 192.168.66.2
VRID: 192.168.66.1
|
|
3750 stack:
default route: 0.0.0.0 0.0.0.0 192.168.66.1
vlan2: 10.30.3.1 (gateway)
vlan4: 172.68.8.1 (gateway)

 

[norteldude78]

yep, that's it

 

[drewdown]

Solid.

Thanks a lot my man.