CCNP2 CAP 6 PPT

8/18/2019 CCNP2 CAP 6 PPT

1/49

First-Hop RedundancyImplementing Cisco IP Switched

Networks (SWI CH! Foundation"earning #uide

8/18/2019 CCNP2 CAP 6 PPT

2/49

SWI CH Chapter $ %&er&iew• %&er&iew o' First Hop or e'ault-

gateway Redundancy•

Con)gure and &eri'y HSRP• Con)gure and &eri'y *RRP• Con)gure and &eri'y #"+P

8/18/2019 CCNP2 CAP 6 PPT

3/49

%&er&iew o' FHRP and HSRP• HSRP o&er&iew• HSRP state transitions• ,ligning HSRP with S P topology• Con)guring and tuning HSRP• "oad sharing with HSRP• %ptions 'or HSRP• Con)guring HSRP inter'ace tracking• Con)guring o .ect tracking in com ination with

HSRP• Con)guring HSRP authentication• uning HSRP timers• he di/erences etween HSRP&0 and HSRP&1

8/18/2019 CCNP2 CAP 6 PPT

4/49

%&er&iew o' de'ault gatewayredundancy

• Hosts and ser&ers in a su net need agateway to reach de&ices that are not inthe same su net

• Hosts either use de'ault-gateway or pro2y-arp to reach de&ices on the other su nets

• With pro2y-arp techni3ue4 a layer 5 de&iceo/ers its own 6,C address in response toan ,RP 3uery to a 6,C address that e2istoutside the source su net and handling thecommunication

8/18/2019 CCNP2 CAP 6 PPT

5/49

he need 'or First-HopRedundancy

8/18/2019 CCNP2 CAP 6 PPT

6/49

First-Hop Redundancy%&er&iew

8/18/2019 CCNP2 CAP 6 PPT

7/49

HSRP %&er&iew

• *irtual router• ,cti&e router• Stand y router•

%ther routers

8/18/2019 CCNP2 CAP 6 PPT

8/49

HSRP ,cti&e Router%peration

8/18/2019 CCNP2 CAP 6 PPT

9/49

HSRP State ransition

• Stand y 7777 ip 7777777 de'ault group is 8• e'ault priority is 088• e'ault is N% preempt

8/18/2019 CCNP2 CAP 6 PPT

10/49

HSRP State ransition

8/18/2019 CCNP2 CAP 6 PPT

11/49

,ligning HSRP with S P opology

•

"ayer 1 ad.acency re3uirs hello e2change• HSRP &0 destination address 119:8:8:1 ; udp?• HSRP &0 6,C@ 8888:8c8A:,C22 ; 22 is the group id• HSRP &1 6,C@ 8888:8c=F:F222 ; 222 is the group id• HSRP &1 destination address 119:8:8:081 ; udp?• IP&$ 6,C@ 88@8?@A5@a8@8B@BB FF81@@$$ ; udp

8/18/2019 CCNP2 CAP 6 PPT

12/49

Con)guring and uningHSRP

8/18/2019 CCNP2 CAP 6 PPT

13/49

etailed opology with IP addresses

8/18/2019 CCNP2 CAP 6 PPT

14/49

Forwarding through the ,cti&e Router

8/18/2019 CCNP2 CAP 6 PPT

15/49

HSRP %peration -R1 ,cti&e

8/18/2019 CCNP2 CAP 6 PPT

16/49

HSRP %peration -R1 Failure

8/18/2019 CCNP2 CAP 6 PPT

17/49

HSRP States ,'ter R1 Failure

8/18/2019 CCNP2 CAP 6 PPT

18/49

,'ter R1 Reco&ers

8/18/2019 CCNP2 CAP 6 PPT

19/49

"oad Sharing with HSRP

8/18/2019 CCNP2 CAP 6 PPT

20/49

6ulti#roup HSRP Con)g onSW0

8/18/2019 CCNP2 CAP 6 PPT

21/49

6ulti#roup HSRP Con)g onSW1

8/18/2019 CCNP2 CAP 6 PPT

22/49

The need for interface tracking withHSRP

• HSRP can track inter'aces or o .ects• ecrement priority ased on tracked o .ect status• HSRP tracking 'eature ensures that a router with

an una&aila le key inter'ace will relin3uish theacti&e router role

• When the de)ned conditions remain the same therouter priority remains the same 088 de'ault

•

When the tracked o .ect status changes4 therouter priority is decremented 08 de'ault

8/18/2019 CCNP2 CAP 6 PPT

23/49

HSRP Inter'ace racking

8/18/2019 CCNP2 CAP 6 PPT

24/49

HSRP Inter'ace racking Connected inter'ace 'ailure

8/18/2019 CCNP2 CAP 6 PPT

25/49

HSRP Inter'ace racking Path'ailure

8/18/2019 CCNP2 CAP 6 PPT

26/49

HSRP ,uthentication• HSRP authentication pre&ents rogue "ayer

5 de&ices on the network 'rom .oining theHSRP group

• , rogue de&ice may claim the acti&e role

and can pre&ent the hosts 'romcommunicating with the rest o' the networkcreating a denial-o'-ser&ice ( oS! attack:

• HSRP pro&ides two types o' authentication@ – Plain te2t (Dight characters! – 6 ?

8/18/2019 CCNP2 CAP 6 PPT

27/49

HSRP imers• , hello message contains the priority

o' the router4 the hello time4 andhold-time parameters:

•

Hello time 5s de'ault• Hold-time 08s de'ault• Can e con)gured su -seconds with

msec keyword

8/18/2019 CCNP2 CAP 6 PPT

28/49

HSRP *ersions• here are two &ersions a&aila le on most

Cisco routers and layer 5 multilayer switches• HSRP&0 - 119:8:8:1 - udp?• HSRP&1 E 119:8:8:081 udp?• HSRP &ersion 1 has a di/erent packet 'ormat

that includes $- ytes identi)er )eld thatuni3uely identi)es the sender:

•

*ersions should e changed on all de&ices inthe same group: %therwise4 you might getduplicate IP address messages

8/18/2019 CCNP2 CAP 6 PPT

29/49

",+ -> HSRP (%mit *RRP!#roup work indi&idual su mission

Fa0/12

Fa0/

11

F a

0 / 7

DLS1

DLS2

Fa0/

11Fa0/12

Fa0/12

Fa0/11 Fa0/12

Fa0/11

F a

0 / 8

F a

0 / 7

F a

0 / 8

F a

0 / 7

F a

0 / 8

F a

0 / 7

F a

0 / 8

ALS1

ALS2

Fa0/6

Host A

Payr oll

Engineering

Host B

VLAN 10172.16.10.100/2

VLAN 20172.16.20.100/2

Fa0/6

Fa0/6

Fa0/6

VLAN !!172.16.!!.100/2

VLAN 0172.16. 0.100/2

Ser"er S#LSer"er

All S$it%&'to'S$it%& %onne%tions are 802.1(tr)n*s

VLAN !!+172.16.!!.1

VLAN !!+172.16.!!.2

VLAN !!+172.16.!!.

VLAN !!+172.16.!!.,

Po,

Po

,

Po2

Po1

Po1

20!.16-.200.2-

8/18/2019 CCNP2 CAP 6 PPT

30/49

HSRP&1 IP&$ support• HSRP 'or IP&$ address-'amily does

not play well with IP&9 address-'amily on the same inter'ace

• isa le pre&ious IP&9 HSRP con)ge'ore proceeding with the IP&$

HSRP con)g

8/18/2019 CCNP2 CAP 6 PPT

31/49

HSRP&1 IP&$ support

Lin*'lo%al A ress all inter3a%es4 Lo0

8/18/2019 CCNP2 CAP 6 PPT

32/49

",+ =@ HSRP 'orIP&$

Lo0

0/1 0/1

S0/0/0D E

S0/0/0S0/0/1

S0/0/1

,

F0/-

ALS1

F0/7

F0/8

F0/7

F0/8

F0/11

F0/12

F0/11

F0/12

F0/!F0/10

F0/!

F0/10

F0/-

,1

2

DLS1DLS2

Po1 Po2

802.1# 802.1#

802.1#

Po10

Lo0

Lin lo%al A ress all inter3a%es41 5 FE80++1 DLS1 5 FE80++D12 5 FE80++2 DLS2 5 FE80++D2, 5 FE80++, ALS1 5 FE80++A1

Lo02001+ 8+%a3e+101++1/6

2001+ 8+%a3e+11++/6

.D1

.1

E P 1o)ters an

L, s$it%&es4

2001+ 8+%a3e+12++/6

.1

.2 .2

2001+ 8+%a3e+2,++/6

2001+ 8+%a3e+,2++/6.,

.D2DLS1 Ps+ 2001+DB8+ AFE+ ++D1++/6 9:!!;100;110;120;200

DLS2 Ps+ Ps+ 2001+DB8+ AFE+ ++D2/6 9:!!;100;110;120;200

VLAN !!

F0/6

Lo02001+ 8+%a3e+201++1/6

.,

8/18/2019 CCNP2 CAP 6 PPT

33/49

*RRP %&er&iew

• *RRP 6aster ; HSRP ,cti&e• *RRP +ackup ; HSRP Stand y• %ne 6aster one or more ackups• Gsing actual address used y a router makes that router master:• Priority 8 to 1?? de'ault 088 - 8 has special meaning the

current master is not a&aila le• 119:8:8:0> protocol 001• e'ault hello ad&ertisement 0 sec and hold time a out 5 seconds:

%nly master sends hello•

he 5?$8 switches in the la % N% support *RRP or #"+P

8/18/2019 CCNP2 CAP 6 PPT

34/49

IP addressing the 'or the *RRP topology

8/18/2019 CCNP2 CAP 6 PPT

35/49

*RRP ,uthentication

8/18/2019 CCNP2 CAP 6 PPT

36/49

*RRP % .ect racking

8/18/2019 CCNP2 CAP 6 PPT

37/49

#"+P

8/18/2019 CCNP2 CAP 6 PPT

38/49

#"+P Con)guration opology

8/18/2019 CCNP2 CAP 6 PPT

39/49

IP addresses used in #"+P Con)guration

8/18/2019 CCNP2 CAP 6 PPT

40/49

#"+P Final Con)guration

8/18/2019 CCNP2 CAP 6 PPT

41/49

#"+P %peration@ ,RP+roadcast

8/18/2019 CCNP2 CAP 6 PPT

42/49

#"+P %peration@ *irtual 6,C,ddress ,ssignment

8/18/2019 CCNP2 CAP 6 PPT

43/49

#"+P %peration@ ra c Path 'or eachPC

8/18/2019 CCNP2 CAP 6 PPT

44/49

#"+P %peration@ Failed R0 new datapath

8/18/2019 CCNP2 CAP 6 PPT

45/49

#"+P and S P

8/18/2019 CCNP2 CAP 6 PPT

46/49

#"+P % .ect racking

8/18/2019 CCNP2 CAP 6 PPT

47/49

#"+P racking etects inter'ace'ailure

8/18/2019 CCNP2 CAP 6 PPT

48/49

#"+P % .ect racking sample con)g

" 08@ #"+PL 0

8/18/2019 CCNP2 CAP 6 PPT

49/49

"a 08@ #"+P*RRP

F0/1 F0/1

S0/0/0

S0/0/0S0/0/1

D E

S0/0/1

,

F0/-

ALS1

F0/7

F0/11

F0/7

F0/8

F0/8

F0/12

F0/11

F0/12

F0!F0/10

F0/!

F0/10

F0/18

F0/18

F0/-

-

,1

F0/6

2

DLS1 DLS2

VLAN 10

VLAN 10 VLAN 10

Lo0

SRV1

-B