CCNP Switch Lab 5-1 Hot Standby Router Protocol

CCNP Switch Lab 5-1 Hot Standby Router Protocol



  • Configure inter-VLAN routing with HSRP to provide redundant, fault-tolerant routing to the internal network.

Hot Standby Router Protocol (HSRP) is a Cisco-proprietary redundancy protocol for establishing a faulttolerant default gateway. It is described in RFC 2281 . HSRP provides a transparent failover mechanism to the end stations on the network. This provides users at the access layer with uninterrupted service to the network if the primary gateway becomes inaccessible. The Virtual Router Redundancy Protocol (VRRP) is a standards-based alternative to HSRP and is defined in RFC 3768. The two technologies are similar but not compatible. This lab focuses on HSRP.

Note: This lab uses Cisco WS-C2960-24TT-L switches with the Cisco IOS image c2960-lanbasek9-mz.122- 46.SE.bin, and Catalyst 3560-24PS with the Cisco IOS image c3560-advipservicesk9-mz.122-46.SE.bin. You can use other switches (such as 2950 or 3550) and Cisco IOS Software versions if they have comparable capabilities and features. Depending on the switch model and Cisco IOS Software version, the commands available and output produced might vary from what is shown in this lab.

Required Resources

  • 2 switches (Cisco 2960 with the Cisco IOS Release 12.2(46)SE C2960-LANBASEK9-M image or comparable)
  • 2 switches (Cisco 3560 with the Cisco IOS Release 12.2(46)SE C3560-ADVIPSERVICESK9-mz image or comparable)
  • Ethernet and console cables

Step 1: Prepare the switches for the lab.

Erase the startup config, delete the vlan.dat file, and reload the switches. Refer to Lab 1 -1, “Clearing a Switch” and Lab 1 -2, “Clearing a Switch Connected to a Larger Network” to prepare the switches for this lab. Cable the equipment as shown.

Step 2: Configure the host IP settings.

Configure each host with the IP address, subnet mask, and default gateway shown in the topology.

Step 3: Configure basic switch parameters.

a. Configure management IP addresses in VLAN 1, and the hostname, password, and Telnet access on all four switches.

b. Configure default gateways on the access layer switches ALS1 and ALS2. The distribution layer switches will not use a default gateway because they act as Layer 3 devices. The access layer switches act as Layer 2 devices and need a default gateway to send management VLAN traffic off of the local subnet for the management VLAN.

Step 4: Configure trunks and EtherChannels between switches.

EtherChannel is used for the trunks because it allows you to utilize both Fast Ethernet interfaces that are available between each device, thereby doubling the bandwidth.

Note: It is good practice to shut down the interfaces on both sides of the link before a port channel is created and then reenable them after the port channel is configured.

a. Configure trunks and EtherChannels from DLS1 and DLS2 to the other three switches according to the diagram. The switchport trunk encapsulation {isl | dot1q} command is used because these switches also support ISL encapsulation.

b. Configure the trunks and EtherChannel from ALS1 and ALS2 to the other switches. Notice that no encapsulation type is needed because the 2960 supports only 802.1q trunks.

Creating a port-channel interface Port-channel 3

c. Verify trunking between DLS1, ALS1, and ALS2 using the show interface trunk command on all switches.

d. Issue the show etherchannel summary command on each switch to verify the EtherChannels. In the following sample output from ALS1, notice the three EtherChannels on the access and distribution layer switches.

Which EtherChannel negotiation protocol is in use here?
The EtherChannel negotiation protocol in use is PAgP.

Step 5: Configure VTP on ALS1 and ALS2.

a. Change the VTP mode of ALS1 and ALS2 to client.

b. Verify the VTP changes with the show vtp status command.

How many VLANs can be supported locally on the 2960 switch?
This switch and Cisco IOS Software version can support 255 VLANs.

Step 6: Configure VTP on DLS1.

a. Create the VTP domain on VTP server DLS1 and create VLANs 10, 20, 30, and 40 for the domain.

b. Verify VTP information throughout the domain using the show vlan and show vtp status commands.

How many existing VLANs are in the VTP domain?
There should be nine VLANs: the five built-in ones, plus the four new VLANs that you just created.

Step 7: Configure access ports.

a. Configure the host ports of all four switches. The following commands configure the switch port mode as access, place the port in the proper VLANs, and turn on spanning-tree PortFast for the ports.

b. Ping from the host on VLAN 10 to the host on VLAN 40. The ping should fail. Are these results expected at this point? Why?
Yes, it is expected that the pings will fail because no SVIs have been created on DLS1 and DLS2, except for VLAN 1. Therefore, there is no default gateway for the hosts.

Note: The switchport host command can be used to configure individual access ports. This command automatically activates access mode, PortFast, and removes all associations of the physical switch port with the port-channel interfaces (if there are any).

Step 8: Configure HSRP interfaces and enable routing.

HSRP provides redundancy in the network. The VLANs can be load-balanced by using the standby group priority priority command. The ip routing command is used on DLS1 and DLS2 to activate routing capabilities on these Layer 3 switches. Each route processor can route between the various SVIs configured on its switch. In addition to the real IP address assigned to each distribution switch SVI, assign a third IP address in each subnet to be used as a virtual gateway address. HSRP negotiates and determines which switch accepts information forwarded to the virtual gateway IP address.

The standby command configures the IP address of the virtual gateway, sets the priority for each VLAN, and configures the router for preempt. Preemption allows the router with the higher priority to become the active router after a network failure has been resolved.

In the following configurations, the priority for VLANs 1, 10, and 20 is 150 on DLS1, making it the active router for those VLANs. VLANs 30 and 40 have a priority of 100 on DLS1, making DLS1 the standby router for these VLANs. DLS2 is configured to be the active router for VLANs 30 and 40 with a priority of 150, and the standby router for VLANs 1, 10, and 20 with a priority of 100.

Step 9: Verify the HSRP configuration.

a. Issue the show standby command on both DLS1 and DLS2.

b. Issue the show standby brief command on both DLS1 and DLS2.


Which router is the active router for VLANs 1, 10, and 20? Which is the active router for 30 and 40?
For VLANs 1, 10, and 20, the active router is DLS1. For VLANs 30 and 40, the active router is DLS2.

What is the default hello time for each VLAN? What is the default hold time?
The default hello time is 3 seconds. The default hold time is 10 seconds.

How is the active HSRP router selected?
The router with the highest priority is selected as the active HSRP router. If more routers share the highest priority, the HSRP router with the highest IP address on the segment becomes the active router.

c. Use the show ip route command to verify routing on both DLS1 and DLS2.

Step 10: Verify connectivity between VLANs.

Verify connectivity between VLANs using the ping command from the SQL Server (VLAN 40) to the other hosts and servers on the network.

The following is from the SQL Server (VLAN 40) to the Engineering host (VLAN 20):

Step 11: Verify HSRP functionally.

a. Verify HSRP by disconnecting the trunks to DLS2. You can simulate this using the shutdown command on those interfaces.

b. Verify that DLS1 is acting as the backup default gateway for VLANs 30 and 40 using the show standby
brief command. DLS1 is now the active HSRP router for all VLANs and the standby router is unknown.

c. Repeat this process by bringing up the DLS2 trunks and shutting down the DLS1 interfaces. Use the show standby brief command to see the results.

Note: If both DLS1 and DLS2 have links to the Internet, failure of either switch will cause HSRP to redirect packets to the other switch. The functioning switch will take over as the default gateway to provide virtually uninterrupted connectivity for hosts at the access layer.

Device Configurations (Instructor version)

Note: VTP and VLAN commands do not display in the running configuration, unless the switch is in transparent mode. DLS1 and DLS2 are VTP servers, and ALS1 and ALS2 are VTP clients. Refer to the appropriate steps in the lab for the necessary VTP and VLAN configuration commands.

Switch DLS1

Switch DLS2

Switch ALS1

Switch ALS2

More Resources

About the author


Leave a Comment