You must use the authentication type configured within the standby command. Preemption should work on both devices and you must monitor the serial 1/0 link on the opposite router.
R1
__
key chain HSRP
key 1
key-string cisco
accept-lifetime 00:00:00 Jan 1 1993 infinite
send-lifetime 00:00:00 Jan 1 2010 infinite
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
no keepalive
standby 1 ip 192.168.1.11
standby 1 priority 255
standby 1 preempt
standby 1 authentication md5 key-string HSRP
standby 1 name HSRP1
standby 2 ip 192.168.1.12
standby 2 priority 50
standby 2 authentication secur3
standby 2 name HSRP2
R2
__
key chain HSRP
key 1
key-string cisco
accept-lifetime 00:00:00 Jan 1 1993 infinite
send-lifetime 00:00:00 Jan 1 1993 infinite
interface FastEthernet0/0
ip address 192.168.1.2 255.255.255.0
duplex auto
speed auto
no keepalive
standby 1 ip 192.168.1.111
standby 1 priority 50
standby 1 authentication md5 key-string HSRP
standby 1 name HSRP1
standby 2 ip 192.168.1.12
standby 2 priority 255
standby 2 authentication s3cur3
standby 2 name HSPR2
standby 2 preempt
Have you been studying for an AWS certification and have yet to actually
test? Now might be the time. AWS is currently offering free retakes of
their cer...
2 months ago
3 comments:
Comment provided by Steve DiBias
Well here is what I did in order to get this working, let me know if I missed something somewhere. Thanks!
Group 1 has standby IP mismatch
R2
int fa0/0
no standby 1 ip 192.168.1.111
standby 1 ip 192.168.1.11
Group 2 has authentication string mismatch
R1
int fa0/0
no standby 2 authentication secur3
standby 2 authentication s3cur3
The key chains are irrelevant since you are using an MD5 key-string. I left it as is but if we needed to we could change group 1 to use it
standby 1 authentication md5 key-chain HSRP
Both R1 and R2 has preemption enabled for the groups they are active for, however if we want failback preemption will need to be enabled everywhere
R1
int fa0/0
standby 2 preempt
R2
int fa0/0
standby 1 preempt
Now for the interface tracking
track 1 interface serial 0/0 line-protocol
int fa0/0
standby 2 track 1 dec 210
Now to see if it works
R2#sh standby fa0/0 2
FastEthernet0/0 - Group 2
State is Active
2 state changes, last state change 00:21:48
Virtual IP address is 192.168.1.12
Active virtual MAC address is 0000.0c07.ac02
Local virtual MAC address is 0000.0c07.ac02 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 2.580 secs
Authentication text, string "s3cur3"
Preemption enabled
Active router is local
Standby router is 192.168.1.1, priority 50 (expires in 7.448 sec)
Priority 255 (configured 255)
Track object 1 state Up decrement 210
IP redundancy name is "HSPR2" (cfgd)
R2(config)#int s0/0
R2(config-if)#shutdown
*May 20 10:43:12.135: %TRACKING-5-STATE: 1 interface Se0/0 line-protocol Up->Down
*May 20 10:43:12.703: %HSRP-5-STATECHANGE: FastEthernet0/0 Grp 2 state Active -> Speak
*May 20 10:43:22.703: %HSRP-5-STATECHANGE: FastEthernet0/0 Grp 2 state Speak -> Standby
R2(config-if)#do sh standby fa0/0 2
FastEthernet0/0 - Group 2
State is Standby
4 state changes, last state change 00:01:01
Virtual IP address is 192.168.1.12
Active virtual MAC address is 0000.0c07.ac02
Local virtual MAC address is 0000.0c07.ac02 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.188 secs
Authentication text, string "s3cur3"
Preemption enabled
Active router is 192.168.1.1, priority 50 (expires in 7.188 sec)
Standby router is local
Priority 45 (configured 255)
Track object 1 state Down decrement 210
IP redundancy name is "HSPR2" (cfgd)
and on R1
R1(config-if)#do sh stand fa0/0 2
FastEthernet0/0 - Group 2
State is Active
5 state changes, last state change 00:01:56
Virtual IP address is 192.168.1.12
Active virtual MAC address is 0000.0c07.ac02
Local virtual MAC address is 0000.0c07.ac02 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.132 secs
Authentication text, string "s3cur3"
Preemption enabled
Active router is local
Standby router is 192.168.1.2, priority 45 (expires in 8.128 sec)
Priority 50 (configured 50)
IP redundancy name is "HSRP2" (cfgd)
Well done!!
The key-chain is irrelevant and it is there to make you think it is important and may have issues. (Again to make you waste time)
What is it that we are accomplishing with this type of HSRP configuration?
I thought I would close out this scenario
What is it that we are accomplishing with this type of HSRP configuration? This would help with load balancing (You would have to give half of the hosts the gateway of Standby Group 1 and the other half of the hosts would receive the gateway of Standby Group 2). This is also known as Multigroup HSRP (MHSRP)
Post a Comment