Configuring Cisco High Availability Campus Network Design (HSRP Model)

featured-image

Hi everyone this my first post and it’s about High Availability Campus Network Design from Cisco Validated Design. The design is one of the best practice topologies when you are using a separate standalone L3 switch as your Collapsed Core/Distribution layer device and L2 switch as your access layer device.

In this topology, STP/RSTP are not required for convergence, and that is because of the layer 3 link between distribution switch. So all the uplink ports in access layer switches are in forwarding mode. You can also add link redundancy in your uplink ports in your access switch to distribution switch by implementing layer 2 etherchannel and layer 3 etherchannel between your distribution switch (see Figure 1)

etherchannel
Figure 1 – EtherChannel

The topology also recommend that, no VLAN span across access switch also called as localized VLAN. Example (see Figure 2) when you create vlan 10 and vlan 50 for your  data and voice on acc-sw-01, you need to create a unique vlan on other access switch, it may with same functional or not. In this case you create vlan 11 and 51 for your voice and data on acc-sw-02.

vlan1
Figure 2 – No VLAN span across access switch

The last piece of the design is to implement gateway redundancy. In this lab we will be using Hot Standby Router Protocol (HSRP). One of the features of HSRP is that, you can configure the hello and hold time to msec and Cisco recommend a 250 msec hello and 750 msec hold time, meaning in less than a second, the standby router will become the active router if the active router fails. HSRP also has a features that can track the interface status and based on that, the HSRP group decide which router will be active and standby.

hsrp1I this lab, I’ll be using GNS3 and Cisco L2 and L3 IOUs.

With this, lets dive to the configurations


Configurations

################ acc-sw-01 ################
vlan 10
 name VOICE_Flr1
!
int e1/3
 switchport mode access
 switchport access vlan 10
!
int e0/0
 description -> core-sw-01
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 10 
!
int e0/1
 description -> core-sw-02
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 10
!
################ acc-sw-02 #################
vlan 51
 name DATA_Flr2
!
int e1/3
 switchport mode access
 switchport access vlan 51
!
int e0/0 
 description -> core-sw-02
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 51 
!
int e0/1
 description -> core-sw-01
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 51
!
################ core-sw-01 ################
vlan 10 
 name VOICE_Flr1
vlan 51
 name DATA_Flr2
! 
int e0/0
 description -> acc-sw-01
 switchport mode dynamic desirable
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 10
!
int e0/1
 description -> acc-sw-02
 switchport mode dynamic desirable
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 51
!
int e1/3
 description Layer 3 link -> core-sw-02
 no switchport ! Convert L2 port to a routed port.
 ip add 192.168.150.1 255.255.255.0
!
int e1/0
 description -> router1
 no switchport ! Convert L2 port to routed port.
 ip add 192.168.1.1 255.255.255.0
!
! Create Switch Virtual Interface (SVI) for the VLANs.
int vlan 10
 ip add 192.168.10.1 255.255.255.0
 delay 200 ! This set the interface delay to manipulate the
 ! preferred route for EIGRP. In this case it will select the 
 ! route directly connected to core-sw-02 or interface e1/3.
!
int vlan 51
 ip add 192.168.51.1 255.255.255.0
 delay 200
!
! HSRP Configuration.
int vlan 10
 standby version 2
 standby 1 ip 192.168.10.254 ! This IP will served as a default 
 ! gateway your PC on specific VLAN
 standby 1 timers msec 250 msec 750 ! This is the command to 
 ! determine how fast the standby router will become the active 
 ! router if the active router fails. 
 standby 1 priority 110 ! This command will determine which 
 ! router will be active the higher the priority will become 
 ! the active router
 standby 1 preempt delay minimum 10 ! This command will force 
 ! the higher priority router to become the active router after 
 ! it recover from failures.
!
int vlan 51
 standby version 2
 standby 1 ip 192.168.10.254
 standby 1 timers msec 250 msec 750
!
! EIGRP Configuration.
router eigrp 1
 network 192.168.1.1 0.0.0.0
 network 192.168.150.1 0.0.0.0
 network 192.168.10.1 0.0.0.0
 network 192.168.51.1 0.0.0.0
################ core-sw-02 ################
vlan 10 
 name VOICE_Flr1
vlan 51
 name DATA_Flr2
!
int e0/0
 description -> acc-sw-02
 switchport mode dynamic desirable
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 51
!
int e0/1
 description -> acc-sw-02
 switchport mode dynamic desirable
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 51
!
int e1/3
 description Layer 3 link -> core-sw-02
 no switchport
 ip add 192.168.150.2 255.255.255.0
!
int e1/0
 description -> router1
 no switches 
 ip add 192.168.2.1 255.255.255.0
!
! Create Switch Virtual Interface (SVI) for VLANs.
int vlan 10
 ip add 192.168.10.2 255.255.255.0
 delay 200
!
int vlan 51
 ip add 192.168.51.2 255.255.255.0
 delay 200
!
! HSRP Configuration.
int vlan 10
 standby version 2
 standby 1 ip 192.168.10.254
 standby 1 msec 250 msec 750
!
int vlan 51
 standby ver 2
 standby 1 ip 192.168.51.254
 standby 1 timer msec 250 msec 750
 standby 1 priority 110
 standby 1 preempt delay minimum 10
!
! EIGRP Configuration.
router eigrp 1
 network 192.168.2.1 0.0.0.0
 network 192.168.150.2 0.0.0.0
 network 192.168.10.2 0.0.0.0
 network 192.168.51.2 0.0.0.0
################ router1 ################
int e0/0
 description -> core-sw-01
 ip add 192.168.1.2 255.255.255.0
 ip nat inside
!
int e0/1
 description -> core-sw-02
 ip add 192.168.2.2 255.255.255.0
 ip nat inside
!
int e1/0
 ip address 192.168.91.3 255.255.255.0
 ip nat outside
!
! Acess-list configuration to permit VLAN 10 and 51 to access 
! to Internet.
ip access-list standard NAT 
 permit 192.168.10.0 0.0.0.255
 permit 192.168.51.0 0.0.0.255
!
! NAT Configuration.
ip nat inside source list NAT interface e1/0 overload
!
! Default Route to ISP.
ip route 0.0.0.0 0.0.0.0 192.168.91.2
!
! EIGRP Configuration
router eigrp 1
 no auto-summary
 network 192.168.2.2 0.0.0.0
 network 192.168.1.2 0.0.0.0
 redistribute static ! This will redistribute the default route.

If you have something to ask don’t hesitate to leave a comment or email, I be willing to answer any question related to the topic.

Thanks for stopping by.

Reference: Cisco Campus Network for High Availability Design Guide

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s