HSRP Version 2 Configuration on Cisco Switch for Multiple VLANs

Introduction:

Hot Standby Router Protocol (HSRP) is a Cisco proprietary redundancy protocol designed to ensure high availability of the default gateway in a network. This post will explore how to configure HSRP on Cisco switches for multiple VLANs to provide seamless failover and enhance network reliability.

Understanding HSRP:

HSRP allows multiple switches to work together to present the appearance of a single virtual router to the hosts on the network. This virtual router has a designated virtual IP address that clients use as their default gateway. When the active switch fails, HSRP automatically switches to a standby switch, minimizing downtime and maintaining network connectivity.

Requirements:

Before we start the configuration, ensure the following:

• Two Cisco switches (SW1 and SW2).
• Both switches are connected to each other through trunk ports and can ping each other.
• VLANs 10, 11, 12, 13, 14, and 15 are configured on both switches.

HSRP Configuration Steps:

We will configure HSRP on two switches (SW1 and SW2) for six VLANs: 10, 11, 12, 13, 14, and 15. In this configuration, SW1 will be the active switch for VLANs 10, 12, and 14, while SW2 will handle VLANs 11, 13, and 15.

SW1 Configuration:

! VLAN 10 Configuration
interface Vlan10
 ip address 10.10.10.2 255.255.255.0
 standby 10 ip 10.10.10.1
 standby 10 priority 110
 standby 10 preempt
 standby 10 preempt delay minimum 60
 standby 10 authentication md5 key-string cisco@#123
 standby 10 timers msec 100 msec 300
 standby version 2

! VLAN 11 Configuration
interface Vlan11
 ip address 10.10.11.2 255.255.255.0
 standby 11 ip 10.10.11.1
 standby 11 priority 95
 standby 11 authentication md5 key-string cisco@#123
 standby 11 timers msec 100 msec 300
 standby version 2

! VLAN 12 Configuration
interface Vlan12
 ip address 10.10.12.2 255.255.255.0
 standby 12 ip 10.10.12.1
 standby 12 priority 110
 standby 12 preempt
 standby 12 preempt delay minimum 60
 standby 12 authentication md5 key-string cisco@#123
 standby 12 timers msec 100 msec 300
 standby version 2

! VLAN 13 Configuration
interface Vlan13
 ip address 10.10.13.2 255.255.255.0
 standby 13 ip 10.10.13.1
 standby 13 priority 95
 standby 13 authentication md5 key-string cisco@#123
 standby 13 timers msec 100 msec 300
 standby version 2

! VLAN 14 Configuration
interface Vlan14
 ip address 10.10.14.2 255.255.255.0
 standby 14 ip 10.10.14.1
 standby 14 priority 110
 standby 14 preempt
 standby 14 preempt delay minimum 60
 standby 14 authentication md5 key-string cisco@#123
 standby 14 timers msec 100 msec 300
 standby version 2

! VLAN 15 Configuration
interface Vlan15
 ip address 10.10.15.2 255.255.255.0
 standby 15 ip 10.10.15.1
 standby 15 priority 95
 standby 15 authentication md5 key-string cisco@#123
 standby 15 timers msec 100 msec 300
 standby version 2

SW2 Configuration:

  ! VLAN 10 Configuration
interface Vlan10
 ip address 10.10.10.3 255.255.255.0
 standby 10 ip 10.10.10.1
 standby 10 priority 95
 standby 10 authentication md5 key-string cisco@#123
 standby 10 timers msec 100 msec 300
 standby version 2

! VLAN 11 Configuration
interface Vlan11
 ip address 10.10.11.3 255.255.255.0
 standby 11 ip 10.10.11.1
 standby 11 priority 110
 standby 11 preempt
 standby 11 preempt delay minimum 60
 standby 11 authentication md5 key-string cisco@#123
 standby 11 timers msec 100 msec 300
 standby version 2

! VLAN 12 Configuration
interface Vlan12
 ip address 10.10.12.3 255.255.255.0
 standby 12 ip 10.10.12.1
 standby 12 priority 95
 standby 12 authentication md5 key-string cisco@#123
 standby 12 timers msec 100 msec 300
 standby version 2

! VLAN 13 Configuration
interface Vlan13
 ip address 10.10.13.3 255.255.255.0
 standby 13 ip 10.10.13.1
 standby 13 priority 110
 standby 13 preempt
 standby 13 preempt delay minimum 60
 standby 13 authentication md5 key-string cisco@#123
 standby 13 timers msec 100 msec 300
 standby version 2

! VLAN 14 Configuration
interface Vlan14
 ip address 10.10.14.3 255.255.255.0
 standby 14 ip 10.10.14.1
 standby 14 priority 95
 standby 14 authentication md5 key-string cisco@#123
 standby 14 timers msec 100 msec 300
 standby version 2

! VLAN 15 Configuration
interface Vlan15
 ip address 10.10.15.3 255.255.255.0
 standby 15 ip 10.10.15.1
 standby 15 priority 110
 standby 15 preempt
 standby 15 preempt delay minimum 60
 standby 15 authentication md5 key-string cisco@#123
 standby 15 timers msec 100 msec 300
 standby version 2
  

Verification:

show standby

This command will display the HSRP status, including the active and standby switches for each VLAN. Check the output to ensure that the correct switch is listed as active for each VLAN.

Troubleshooting:

If you encounter issues with HSRP, consider the following troubleshooting steps:

• Check VLAN Configuration: Ensure that the VLAN interfaces are correctly configured and active on both switches.
• Verify HSRP Status: Use the show standby command to check the status of HSRP on each switch. Look for mismatched priorities or IP addresses.
• Ensure Connectivity: Make sure there is Layer 2 connectivity between the switches and that they can communicate with each other.
• Authentication Issues: If you're using authentication, verify that the key-string is the same on both switches.
• Check for Preemption: If preemption is not working as expected, ensure that the switch with the higher priority has the standby preempt command configured.

Conclusion:

In this post, we covered the configuration of HSRP on Cisco switches for multiple VLANs. By implementing HSRP, you can enhance the reliability of your network and ensure continuous availability of the default gateway. The troubleshooting steps outlined will help you quickly identify and resolve any issues.