Are you sure you want to cancel your subscription?

If you cancel, your subscription will remain active through the paid term. You will be able to reactivate the subscription until that date.

Sorry to see you go

Your subscription will remain active until . If you change your mind, you may rectivate your subscription anytime before that date.

Are you sure you want to reactivate?
Welcome Back!

Your subscription has been reactivated and you will continue to be charged on .

Reactivate Subscription

Thank you for choosing to reactivate your subscription. In order to lock in your previous subscription rate, you owe: .

Your Subscription term is from - .

Questions? Call Sales.

541-284-5522
Payment Due:

OK
Auto-Renew Subscription

To auto-renew your subscription you need to select or enter your payment method in "Your Account" under Manage Payments.

Click continue to set up your payments.

CBT Nuggets License Agreement


Unless otherwise stated all references to “training videos” or to “videos” includes both individual videos within a series, entire series, series packages, and streaming subscription access to CBT Nuggets content. All references to CBT or CBT Nuggets shall mean CBT Nuggets LLC, a Delaware limited liability company located at 44 Country Club Road, Ste. 150, Eugene, Oregon.


A CBT Nuggets license is defined as a single user license. Accounts may purchase multiple users, and each user is assigned a single license.


  • GRANT OF LICENSE. CBT Nuggets grants you a non-transferable, non-exclusive license to use the training videos contained in this package or streaming subscription access to CBT content (the “Products”), solely for internal use by your business or for your own personal use. You may not copy, reproduce, reverse engineer, translate, port, modify or make derivative works of the Products without the express consent of CBT. You may not rent, disclose, publish, sell, assign, lease, sublicense, market, or transfer the Products or use them in any manner not expressly authorized by this Agreement without the express consent of CBT. You shall not derive or attempt to derive the source code, source files or structure of all or any portion of the Products by reverse engineering, disassembly, decompilation or any other means. You do not receive any, and CBT Nuggets retains all, ownership rights in the Products. The Products are copyrighted and may not be copied, distributed or reproduced in any form, in whole or in part even if modified or merged with other Products. You shall not alter or remove any copyright notice or proprietary legend contained in or on the Products.
  • TERMINATION OF LICENSE. Once any applicable subscription period has concluded, the license granted by this Agreement shall immediately terminate and you shall have no further right to access, review or use in any manner any CBT Nuggets content. CBT reserves the right to terminate your subscription if, at its sole discretion, CBT believes you are in violation of this Agreement. CBT reserves the right to terminate your subscription if, at its sole discretion, CBT believes you have exceeded reasonable usage. In these events no refund will be made of any amounts previously paid to CBT.
  • DISCLAIMER OF WARRANTY AND LIABILITY. The products are provided to you on an “as is” and “with all faults” basis. You assume the entire risk of loss in using the products. The products are complex and may contain some nonconformities, defects or errors. CBT Nuggets does not warrant that the products will meet your needs, “expectations or intended use,” that operations of the products will be error-free or uninterrupted, or that all nonconformities can or will be corrected. CBT Nuggets makes and user receives no warranty, whether express or implied, and all warranties of merchantability, title, and fitness for any particular purpose are expressly excluded. In no event shall CBT Nuggets be liable to you or any third party for any damages, claim or loss incurred (including, without limitation, compensatory, incidental, indirect, special, consequential or exemplary damages, lost profits, lost sales or business, expenditures, investments, or commitments in connection with any business, loss of any goodwill, or damages resulting from lost data or inability to use data) irrespective of whether CBT Nuggets has been informed of, knew of, or should have known of the likelihood of such damages. This limitation applies to all causes of action in the aggregate including without limitation breach of contract, breach of warranty, negligence, strict liability, misrepresentation, and other torts. In no event shall CBT Nuggets’ liability to you or any third party exceed $100.00.
  • REMEDIES. In the event of any breach of the terms of the Agreement CBT reserves the right to seek and recover damages for such breach, including but not limited to damages for copyright infringement and for unauthorized use of CBT content. CBT also reserves the right to seek and obtain injunctive relief in addition to all other remedies at law or in equity.
  • MISCELLANEOUS. This is the exclusive Agreement between CBT Nuggets and you regarding its subject matter. You may not assign any part of this Agreement without CBT Nuggets’ prior written consent. This Agreement shall be governed by the laws of the State of Oregon and venue of any legal proceeding shall be in Lane County, Oregon. In any proceeding to enforce or interpret this Agreement, the prevailing party shall be entitled to recover from the losing party reasonable attorney fees, costs and expenses incurred by the prevailing party before and at any trial, arbitration, bankruptcy or other proceeding and in any appeal or review. You shall pay any sales tax, use tax, excise, duty or any other form of tax relating to the Products or transactions. If any provision of this Agreement is declared invalid or unenforceable, the remaining provisions of this Agreement shall remain in effect. Any notice to CBT under this Agreement shall be delivered by U.S. certified mail, return receipt requested, or by overnight courier to CBT Nuggets at the following address: 44 Club Rd Suite 150, Eugene, OR 97401 or such other address as CBT may designate.

CBT Nuggets reserves the right, in its sole discretion, to change, modify, add, or remove all or part of the License Agreement at any time, with or without notice.

Billing Agreement


  • By entering into a Billing Agreement with CBT Nuggets, you authorize CBT Nuggets to use automatic billing and to charge your credit card on a recurring basis.
  • You agree to pay subscription charges on a monthly basis, under the following terms and conditions:
    • CBT Nuggets will periodically charge your credit card each monthly billing cycle as your subscription charges become due;
    • All payments are non-refundable and charges made to the credit card under this agreement will constitute in effect a "sales receipt" and confirmation that services were rendered and received;
    • To terminate the recurring billing process and/or arrange for an alternative method of payment, you must notify CBT Nuggets at least 24 hours prior to the end of the monthly billing cycle;
    • You will not dispute CBT Nugget’s recurring billing charges with your credit card issuer so long as the amount in question was for periods prior to the receipt and acknowledgement of a written request to cancel your account or cancel individual licenses on your account.
  • You guarantee and warrant that you are the legal cardholder for the credit card associated with the account, and that you are legally authorized to enter into this recurring billing agreement.
  • You agree to indemnify, defend and hold CBT Nuggets harmless, against any liability pursuant to this authorization.
  • You agree that CBT Nuggets is not obligated to verify or confirm the amount for the purpose of processing these types of payments. You acknowledge and agree that Recurring Payments may be variable and scheduled to occur at certain times.
  • If your payment requires a currency conversion by us, the amount of the currency conversion fee will be determined at the time of your payment. You acknowledge that the exchange rate determined at the time of each payment transaction will differ and you agree to the future execution of payments being based on fluctuating exchange rates.

CBT Nuggets reserves the right, in its sole discretion, to change, modify, add, or remove all or part of the Billing Agreement at any time, with or without notice.

Cisco CCNP SWITCH 642-813

Redundancy in the Campus: HSRP, VRRP, and GLBP Part 1

This video is only available to subscribers.
Start your 7-day free trial today.

A free trial includes:

  • Unlimited 24/7 access to our entire IT training video library.
  • Ability to train on the go with our mobile website and iOS/Android apps.
  • Note-taking, bookmarking, speed control, and closed captioning features.

Welcome to Cisco Switch: Watch Me First!

The Switches Domain: Core Concepts and Design

VLANs: Configuration and Verification

VLANs: In-Depth Trunking

VLANs: VLAN Trunking Protocol

STP: Foundation Per-VLAN Spanning Tree Concepts, Part 1

STP: Foundation Per-VLAN Spanning Tree Concepts, Part 2

STP: Rapid Spanning Tree Concepts and Configuration

EtherChannel: Aggregating Redundant Links

L3 Switching: InterVLAN Routing Extraordinaire

L3 Switching: Understanding CEF Optimization

Redundancy in the Campus: HSRP, VRRP, and GLBP Part 1

00:00:00 - It's time to make our campus redundant by using
00:00:06 - HSRP, VRRP and GLBP, hopefully not all at the same time because
00:00:10 - I can't imagine saying those acronyms. This is one of my favorite
00:00:15 - sections of the whole series. In my opinion, it's just awesome.
00:00:19 - To be able to set up your network to where if any single piece
00:00:23 - of equipment fails, everybody just kind of is like, oop, failure,
00:00:26 - let's reroute around it or reswitch around it as we look at the
00:00:30 - switching environment. We're going to look at how we can apply
00:00:33 - redundancy to our switches, but the same concept will apply directly
00:00:38 - to routers, even though this is a series focused on nothing,
00:00:40 - but Cisco switches. So the first thing we're going to talk about
00:00:44 - is redundancy is good. Right? I mean, it's good to have redundant
00:00:48 - connections, just like down here we have these two little critters
00:00:52 - and they're redundant. It's good to have two critters, until
00:00:56 - you find out those critters are responsible for dismembering
00:00:59 - a 50 year old woman in Colorado this last weekend. Actually,
00:01:03 - that's not true at all, I don't know where that came from. But
00:01:06 - in our campus networks for sure redundancy is good. You want
00:01:09 - redundant devices, redundant routing. We'll, then look at the
00:01:12 - protocols that you see up there. I'm not going to go through
00:01:14 - all the acronyms again. What's the difference between all of
00:01:17 - these? The only thing they have in common it seems like is that
00:01:20 - "P" at the very end. Configuring and tuning HSRP will be our
00:01:24 - focus of the final piece of this video and I really want to emphasize
00:01:28 - that understanding HSRP is kind of the key to understanding the
00:01:32 - other two, VRRP and GLBP, which we're going to talk about in
00:01:36 - Part 2, so that's going to be a critical piece of looking at
00:01:40 - setting up redundant connections in the campus networks. Let's
00:01:43 - get going.
00:01:45 - I doubt that I really even need to make the argument that redundancy
00:01:49 - is good, rather just present to you that there are redundant
00:01:54 - forms of networks all around. We can have redundant routers connected
00:01:58 - to the internet, so if one of those ISPs or maybe one of those
00:02:02 - routers fails or a link to the router or just about anywhere
00:02:05 - in the network fails, we have some other backup path out this
00:02:09 - other router. Now, over here we have redundant core switches
00:02:13 - or distribution layer switches. So if maybe we've got our clients
00:02:17 - down here or our server farm down here that's coming up to the
00:02:20 - switch, they have multiple paths that they can go through to
00:02:25 - reach other VLANs and I guess you could combine these models
00:02:28 - and say reach the internet if we have redundant connections up
00:02:31 - here to our routers that gets off to our internet. If one of
00:02:34 - our core switches fail, we can always route over to the other
00:02:37 - one. So redundancy is a good thing, but now how do we make this
00:02:42 - all possible? I mean, how do we set this up in a way that allows
00:02:46 - this router to fail and auto magically this client says, oh well,
00:02:50 - I'll use this router or this router suddenly takes over for that
00:02:54 - client and likewise, if this core switch goes down, all of these
00:02:58 - guys will be using the other core switch. I mean, if you think
00:03:00 - about it, it's not like we can run around to the network and
00:03:04 - change everybody's default Gateway to a new IP address or assign
00:03:08 - a new DHCP scope, this has to be automatic, so the network should
00:03:13 - recover when one of these pieces of equipment fail.
00:03:17 - This opens the door to a whole bunch of questions that you might
00:03:20 - have with redundancy, as in how fast can this fail over happen?
00:03:25 - How fast can this router say, I'll take over for you when that
00:03:28 - one goes down and how does it even know it goes down or what
00:03:32 - if for instance the LAN interfaces are fine on both of these
00:03:36 - routers, but the WAN link goes down? How does this one know that
00:03:40 - that router's WAN link went down and know to take over when it's
00:03:45 - not directed to the WAN, it is not like it can send hello messages
00:03:48 - over to that WAN link. So how does it know when it fails? That's
00:03:52 - the last question I have in that list. How does the client know?
00:03:56 - For example, how does the client know that I should stop using
00:03:59 - that router and start using that router? Or if this is some kind
00:04:04 - of shared IP address thing, where maybe we just have both of
00:04:07 - these routers responding to we'll say 191268.1.1,
00:04:12 - then there has to be a Mac address that maps to that IP address
00:04:16 - when this one goes down that Mac address is going to be in everybody's
00:04:20 - cache. So that immediately tells you that you've got five, 10
00:04:24 - minutes of outage right there while everybody figures out that
00:04:28 - Mac address is no longer available, let's time out the ARP Cache
00:04:31 - and fail over to here. So how do we fix all of that? I mean all
00:04:36 - of these are questions that deal with that redundancy and that's
00:04:39 - what we're going to answer right now.
00:04:42 - There are three protocols that make redundancy happen: HSRP,
00:04:46 - VRRP and GLBP. Don't
00:04:50 - let this slide scare you because it's really just a laundry list
00:04:53 - dump of all the facts about these protocols. We're going to spend
00:04:56 - the rest of this video and the next exploring each of these in
00:05:00 - depth. Overall, HSRP was the first, Cisco was the first to gain
00:05:05 - with this with hot standby routing protocol or router protocol.
00:05:10 - Now this was originally designed for routers because it came
00:05:12 - out back in 1994
00:05:14 - before layer three switching was really mainstream or actually
00:05:18 - I don't even know if layer three switching was around back then,
00:05:21 - that was maybe the newest thing on the market, if so. But this
00:05:26 - uses something known as a hello timer of every three seconds.
00:05:29 - So every three seconds the routers or now layer three switches
00:05:34 - say hello to each other. And if the switch or router doesn't
00:05:37 - say hello within 10 seconds, the other one's like, well, he's
00:05:40 - dead and I'll take over for all the clients. And I know we still
00:05:44 - have questions on that and that's going to be answered as we
00:05:46 - dive into these. The virtual router redundancy protocol, or VRRP,
00:05:51 - came out in 1999,
00:05:53 - so five years later the other vendors caught up, meaning that
00:05:59 - this is now an industry standard protocol. And I shouldn't say
00:06:02 - the other vendors caught up, I'll sure everybody had their own
00:06:04 - little proprietary version of this, but this protocol now allows
00:06:09 - this concept, this redundancy to work if you've got a Cisco router
00:06:13 - and some other brand router sitting next to each other, they
00:06:16 - can communicate and be redundant for each other. Now the cool
00:06:20 - thing about VRRP is since it came out in 1999,
00:06:24 - the timers are much faster, meaning the bandwidth that was available
00:06:28 - in '99 was much more than it was in 1994, so by default the timers
00:06:33 - can recover and find a failure much faster and you can see hello
00:06:37 - timer of one second and a hold timer or dead timer of three seconds,
00:06:42 - plus a little bit more and we'll talk about that when we get
00:06:44 - there. The last one came out in 2005,
00:06:49 - GLBP by Cisco for Cisco. It's Cisco proprietary. Does the same
00:06:54 - thing as these other two, except
00:06:57 - allows load balancing. That is pretty cool to where both routers
00:07:03 - can be forwarding traffic at the same time or both layer three
00:07:05 - switches can be accepting traffic at the same time and load balancing
00:07:09 - between each other. Now when you think about them sharing an
00:07:13 - IP address this starts blowing your mind even more. I mean it's
00:07:16 - like the questions abound when you get to GLBP. You got to stay
00:07:20 - tuned for that one because just the whole concept of how that
00:07:24 - happens will blow your mind away. It's just awesome. So let's
00:07:28 - start off with HSRP.
00:07:30 - As you just saw, the hot standby routing protocol or HSRP was
00:07:35 - the first protocol that did this redundancy thing. And since
00:07:38 - this is a switching course, I'm going to focus now on the switches
00:07:42 - in layer three switch capabilities, rather than talking about
00:07:45 - routers. But do keep in mind that these same concepts that we're
00:07:49 - talking about now can apply to routers just as well. HSRP allows
00:07:54 - the Gateways to be organized and to stand by groups. Now when
00:07:58 - we're talking layer three switches, we're typically talking VLAN
00:08:01 - interfaces. For example, let me dive a little bit into the demonstration
00:08:07 - I'm going to do for you in just a moment. These routers have
00:08:11 - VLAN 70. The VLAN 70 interface and that interface is assigned
00:08:16 - this IP address. That is the real VLAN address, VLAN 70 interface
00:08:21 - and this IP address. So those are assigned to their interfaces,
00:08:25 - but HSRP allows me to organize these layer three switches into
00:08:31 - standby groups. Now they both share the same group number. For
00:08:36 - example, I might say this is HSRP group 5 and both of these interfaces
00:08:43 - are placed into standby group 5. Now when I do that, I will generate
00:08:48 - a standby or virtual
00:08:51 - IP address and get this, get this, a virtual Mac address. Brilliant,
00:08:57 - isn't it? So right down here you see VIP, that's my virtual IP
00:09:01 - address and a virtual Mac address, that has a specific format
00:09:06 - and we're going to talk about that in just a second that both
00:09:09 - switches respond to. But make sure you catch this, that HSRP
00:09:13 - is not a load balancing thing like that one protocol GLBP. This
00:09:18 - is more of an active standby system, so one of these routers,
00:09:22 - the primary one, will be active in responding to this IP address
00:09:26 - and this Mac address and if this ever goes offline, the standby
00:09:31 - or other layer three switches, they're all in standby, there
00:09:34 - could be more than one standby switch or layer 3 switch, but
00:09:39 - they're going to take over and start being the active router
00:09:42 - for that VLAN interface and it will respond to this virtual IP
00:09:47 - address and virtual Mac address. Now the good news, the reason
00:09:50 - I get so psyched about that virtual IP and Mac is because that
00:09:54 - means nothing has to change on our clients or our servers right
00:09:59 - here. They have their default Gateway of 172.30.70.1,
00:10:05 - and they have their Mac address and their ARP cache and that's
00:10:08 - one of the problems we talked about, it's in the ARP cache of
00:10:11 - 00000C07ACL1, that's my Mac address that I have right here. So
00:10:18 - if one of these fails as long as this one takes over for it and
00:10:21 - starts responding for this Mac address and IP address, the servers
00:10:25 - won't notice any different. The cool new system they can send
00:10:28 - a little gratuitous art message on here, so these switches will
00:10:32 - immediately divert traffic to that Mac address from this port
00:10:36 - out that port. And they can do that very quickly, just by receiving
00:10:41 - that gratuitous art message. Now by default,
00:10:45 - hello messages are sent once every three seconds and a Gateway
00:10:50 - is dead after 10 seconds. What that means I've got all this chicken
00:10:55 - scratch up here, let me just wipe that clean real quick. This
00:11:00 - primary Gateway, if this is the one, is saying, hello, hello,
00:11:03 - hello, every three seconds and this one even though it's the
00:11:06 - stand by is saying hello every three seconds. So if it stops
00:11:10 - receiving hello messages for 10 seconds and the reason it's 10
00:11:14 - instead of nine is because if it was nine, then you'd never really
00:11:17 - count that third hello. Right? If you missed two hellos, you
00:11:21 - would consider them down right as the third hello is getting
00:11:24 - there. Just multiply three times three and you'll find that out.
00:11:28 - So they add a bonus second, and the 10 second for some latency
00:11:32 - reason and that is why this one knows to take over because if
00:11:36 - it's missed that many hellos, this guy might be down. So what
00:11:41 - was I going to say on that? Oh, timers. Those timers aren't very
00:11:46 - quick, meaning that those timers were designed for networks back
00:11:50 - in 1994, as I was mentioning. So they are tunable to be equal
00:11:55 - to VRRP, which is the newer of the two protocols, so it can converge
00:12:00 - just as fast, but remember HSRP's only weakness at that point
00:12:04 - is that it is Cisco proprietary.
00:12:07 - I say that because a lot of people might just be anxious to move
00:12:10 - to VRRP, not realizing they're not getting any other benefit
00:12:14 - other than multi vendor compatibility. And I'm not saying this
00:12:18 - just because I'm a Cisco guy, but usually when you have Cisco
00:12:21 - routers and you want them to be redundant, they're going to be
00:12:24 - Cisco routers. It's very rare that you're going to mix a Cisco
00:12:29 - router with an HP router for redundancy purposes or a pick a
00:12:34 - vendor, I just threw HP out there. So HSRP can do the same thing
00:12:38 - as VRRP, it just takes a little more tuning. Now there is a specific
00:12:43 - structure to this virtual Mac address that I want to mention
00:12:46 - to you. Right here oh, let me just fix that real quick. This
00:12:50 - virtual Mac address is generated when I create that standby group,
00:12:55 - meaning if I chose standby group number five that both these
00:12:58 - layer three switches respond to, it automatically will generate
00:13:02 - this well known Mac address. The first section of that Mac address
00:13:06 - all zeros and then 0C is Cisco's vendor ID. When you get pools
00:13:11 - of Mac addresses, you have to go to the great Mac address Gods
00:13:15 - in the sky and say, please grant me a range and they will say,
00:13:18 - why yes, you have this range. So Cisco got 000.0C
00:13:23 - as one of their ranges and that's what they chose for HSRP.
00:13:27 - By seeing 07AC as the second group of digits there, you're going
00:13:34 - to immediately know that this is HSRP. It's good to know because
00:13:39 - you can be on a network and just do an ARP A command from a Windows
00:13:43 - command line or I think that works in Linux, and you are going
00:13:46 - to find out
00:13:48 - we're using HSRP, without even having to go to the router because
00:13:51 - you can recognize that Mac address. The last two digits will
00:13:55 - be the HSRP standby group number. For instance, if I had chose
00:13:59 - 5, it would be 05 for that Mac address. Actually this doesn't
00:14:03 - match to my scenario, this one would be group number 1 that I
00:14:06 - would have chosen rather than 5. And that is in hexa decimal.
00:14:10 - If I choose group number 10 it is going to be 0A.
00:14:15 - Well let's get this set up and I'd like to start by getting familiar
00:14:18 - with the topology of this lab environment here. I have two layer
00:14:21 - three switches, switch A and switch C, they're 3550
00:14:25 - series and they are routing right now for VLAN 70. One of them
00:14:30 - is assigned 172.30.70.2
00:14:33 - and the other is 70.3, switch A and switch C. As of right now
00:14:37 - I have them connected to 2950 here, actually two of them, but
00:14:42 - I don't have the second one connected. Switch B is I guess physically
00:14:46 - this is what it looks like, but if we wanted true redundancy,
00:14:49 - we would want two switches here and by the way, I don't have
00:14:52 - all of the necessary connections just because it got too messy
00:14:55 - when I had that with all the texts, but to have true redundancy,
00:14:59 - you want a connection here, you want a connection here and you
00:15:02 - want a connection here between these switches and why not just
00:15:05 - go and throw in another one for good measure. But that's what
00:15:07 - a truly redundant network looks like, it's just hard to read
00:15:10 - all the text. But with that in mind, we have just one switch,
00:15:14 - 2950 here, that is connected to a server. Now as of right now,
00:15:18 - this isn't set up for redundancy, meaning the server is configured
00:15:23 - to 172.30.70.3
00:15:26 - as its default gateway. Let me goat you familiar with the server,
00:15:30 - this is it. I'm going to do an IP config here. All of these adapters,
00:15:34 - but really only one of them are active. You can see 170.30.70.50
00:15:40 - and it is hard coded to a default Gateway of 70.3, which is
00:15:45 - that switch right there. So it's using switch C. Just to prove
00:15:48 - that we can get out there, I'm going to do a ping, 172.30.70.3,
00:15:56 - at the default Gateway. We're getting there and it can ping.2,
00:16:01 - I thought wait an sec, it should be. Oh, okay there we go, it
00:16:06 - just took an sec. It should be able to ping 70.2, so they're
00:16:09 - both right there, both switches are responding, it's just as
00:16:13 - of right now since the default Gateway is hard coded to .3, if
00:16:16 - A goes down, there's no redundancy, so we need to set up a standby
00:16:20 - group. I've got my virtual IP address 172.30.70.1,
00:16:25 - that I want to use and I want these two switches to share it.
00:16:28 - Now I want let's see, what do I want? Hmmm. I would like switch
00:16:34 - A, to be the primary switch on this and I'd like Switch C to
00:16:39 - be the standby. So switch A should respond to the Ping messages
00:16:43 - while it's online, but if it goes offline then I want switch
00:16:46 - C to take over and carry the burden, so here's how we do it.
00:16:52 - I don't need that window right now, I need this one. I'm on switch
00:16:55 - A. I'm going to go just do a show IP interface brief and you
00:16:59 - can verify that right there is my VLAN 70 interface, with the
00:17:03 - .2 address assigned. Now my server is plugged into oh, the 2950
00:17:08 - below. These are my trunk links that are connected to the 29.50
00:17:13 - and the 35.50. All right. So I'm going to go into interface VLAN
00:17:18 - 70. So I'm in the routed interface and make sure you distinguish
00:17:22 - going into VLAN 70 is much different from going into interface
00:17:26 - VLAN 70. Just VLAN 70 is the layer 2 VLAN, that's how you segment
00:17:29 - your ports. Interface VLAN 70 is the routed interface for that
00:17:34 - VLAN. The command I'm going to type is standby followed by my
00:17:39 - group number. By the way, there is no HSRP command, whenever
00:17:43 - you type standby that tells the switch or router you're after
00:17:48 - HSRP. Now there's a lot of options, here we're going to go through
00:17:51 - each one of them, but I'm going to start off with the group number
00:17:55 - because we have to set up the group. So I'm going to say standby
00:17:59 - let's do a group number of 1, just use real nice generic one.
00:18:05 - Once we type in the group number, it's going to ask us, well,
00:18:07 - what sort of IP address do you want that as the virtual IP address?
00:18:11 - Or do you want to have preemption enabled? And we'll talk about
00:18:14 - all of those. First step, as you can see right here, create the
00:18:18 - standby group and reassign the IP address, so that means I need
00:18:21 - to create group 1 and set up this virtual IP. It's almost like
00:18:26 - step 1 and step 2 are one and the same except when I was meaning
00:18:30 - reassign IP address, I meant on the client. So I'm going to type
00:18:33 - in standby 1 IP and then what is my virtual IP address?
00:18:42 - 70.1. By the way, some people call this a phantom IP address.
00:18:47 - I think it's older terminology.
00:18:52 - People used to call the virtual IP like a phantom IP because
00:18:55 - it emulated like there's this phantom router in the middle, but
00:18:58 - that's it. Believe it or not, that's all I need to do to set
00:19:02 - up HSRP, at least on switch A. So that's not running and my standby
00:19:06 - group is operating. Now I'm going to introduce one more command
00:19:10 - at this point. I was going to introduce in the next slide, but
00:19:14 - I think it's so important that I'll say it now. It is the priority.
00:19:20 - Standby 1 priority and then a number. Now by default every single
00:19:26 - router will have a default priority of 100.
00:19:30 - Now when you think priority you should think higher is better.
00:19:33 - I mean if you are a higher priority dinner guest you are going
00:19:37 - to go in first, right? So the higher your priority, the better
00:19:40 - you are. Since everything is a default of 100,
00:19:44 - we need to adjust switch A, if we want to make sure that it becomes
00:19:48 - the HSRP active router at the time. If you don't adjust it, everybody
00:19:54 - will be 100 and it just relies on the highest IP address to break
00:19:58 - the tie, in which switch C would become the active router because
00:20:02 - it's got the higher IP address. So I'm going to come into here
00:20:05 - and say, priority and let's just say 150.
00:20:09 - Now these are arbitrary values. It's not like I can say 150 is
00:20:13 - always great. It's all relative based on what you've set up on
00:20:15 - the rest of your switches. So this point I now have HSRP configured
00:20:19 - on switch A. Let me configure it on switch C, and
00:20:23 - then we'll do some verification. Let me go into global config,
00:20:27 - interface VLAN 70 and I'll do. Let me type in do terminal monitor
00:20:33 - just so we can see some of the status messages that happen. I'm
00:20:36 - going to type in standby
00:20:39 - group number 1, looks like I've got a more recent IOS version
00:20:44 - on this, I've got some more commands. Standby group 1 and I'll
00:20:47 - put the IP address and this is going to be the same as it was
00:20:50 - on the other. 172.30.70.1.
00:20:55 - That is the virtual or phantom IP address I want this to respond
00:20:59 - to. So at this point, this will have the default priority of
00:21:04 - 100. So I don't need to worry about setting this any higher or
00:21:08 - lower because 150 is going to be the King of the Hill. Now before
00:21:13 - we verify this on the switches, I want to verify it from the
00:21:19 - client itself. Let me bring that prompt back up. Now again I
00:21:22 - just want to make sure and let me shrink this down a little bit
00:21:26 - so you can see the IP addresses here. Right about there. All
00:21:30 - right. To a clear screen. I'm going to make sure I can still
00:21:36 - ping 172.30.70.3.
00:21:38 - Sure enough I can and this is from the client, remember, I'm
00:21:41 - not on a switch here. I'm going to see if I can ping 172.30.70.2,
00:21:47 - and I can. That's switch A. Now let's see if we can ping that
00:21:50 - new virtual IP address 172.30.70.1.
00:21:55 - We can. Interesting. Now let's check this out. I'm going to telenet
00:21:59 - to 172.30.70.3,
00:22:02 - that's switch C. You can see that. Telenet 172.30.70.2,
00:22:09 - that is switch A and let's telenet to 172.30.70.1,
00:22:14 - the virtual IP address. Look at that, I'm on switch A. Is that
00:22:19 - the respected or I should see there? Yeah. You bet
00:22:26 - it is. Because switch A, is the active router at this time for
00:22:30 - that network. Let's go ahead and do the verification from the
00:22:33 - switch and I don't need my terit term, I am there now. Let me
00:22:37 - just do a show standby. By the way, this is about the only command
00:22:41 - you usually use. Show stand by will show right there VLAN 70
00:22:46 - group 1, the local state is active, it has a priority of 150.
00:22:51 - Hello timer is three seconds, as we know, hold down timer is
00:22:55 - 10 seconds. The next hello will be sent in 2.196 seconds. The
00:22:59 - virtual IP address is this. Standby router, look at that. It
00:23:04 - even tells us who this standby router will be, that's switch
00:23:07 - C. 172.30.70.3
00:23:09 - over there. And it's going to die in eight seconds flat. Meaning
00:23:13 - that that's the countdown, the 10 second count down, if it doesn't
00:23:17 - keep getting hellos from the standby, it's going to assume it's
00:23:20 - dead. Now right there is the Mac address and remember those pieces
00:23:24 - let me get right here, 0000C,
00:23:29 - is Cisco's vendor ID, 07AC means you're running HSRP and
00:23:35 - 01 is your group number.
00:23:38 - Isn't that cool? So this point we actually have a redundant setup.
00:23:42 - Now let's verify this from switch C's perspective. I'm going
00:23:46 - to telenet over to switch C to
00:23:50 - show standby over here. Now look at what switch C sees. Huh.
00:23:55 - The state is standby. So if you remember, the state on the other
00:24:00 - oh, it erases the screen, I can't scroll back, was active. It
00:24:03 - sees the virtual IP address, it sees the active Mac address.
00:24:07 - It sees who the active router is that would be switch A, 172.30.70.2,
00:24:13 - priority 150. Expires in nine seconds. So you know standby router
00:24:19 - is me, local, and my priority is 100, that is what we expected
00:24:23 - to see because that is the default. Now what I would then do
00:24:27 - if I was doing a full blown network config here, I would go to
00:24:30 - the client and I would
00:24:34 - set up this client to use a default Gateway of 30.70.1. And I'm
00:24:41 - done at that point, at least with the primary pieces, because
00:24:45 - the virtual
00:24:47 - IP address is set up. So really it's two commands. Standby, group
00:24:51 - number and the IP address, followed by standby, group number,
00:24:54 - priority, to set the priority of who's going to be the active
00:24:57 - router. Now before we move on to the tuning and optimizing HSRP,
00:25:01 - let's do a little test. I'm going to do a ping, 172.30.70.1
00:25:08 - t. So I'm going to have this ping going and let me tell you my
00:25:12 - thought process before I do it. I'm going to kill the connection
00:25:17 - to the active router, I'm just tracing a cable as I'm talking
00:25:21 - now to see which one to pull. Okay. Got it. I'm going to kill
00:25:24 - the connection to the active router from this client, so let's
00:25:28 - see how long it takes the standby router to fill over. So I'm
00:25:33 - going to start the ping. There it goes. I'm pulling the cable
00:25:37 - now. The cable is down. Holy cow, did you see that?
00:25:44 - That was amazing. Hang on. Did I pull the right cable? Oh, you
00:25:50 - know what, I'll bet you I did pull the right cable. I'm going
00:25:52 - to telenet over to 70.1.
00:25:55 - No, I pulled the wrong cable. Horrible. Did I really? I must
00:26:00 - have. 70.1
00:26:04 - what cable did I pull? Oh, I know why. You know why? Because
00:26:10 - I pulled this cable from switch B, but by the way I really have
00:26:14 - a connection like this. I pulled this cable right here,
00:26:19 - this was brilliant. Jeremy, simply brilliant. I pulled this cable
00:26:22 - and you can see, let me plug that cable back in. You can see
00:26:25 - that that's no worries, right? Because switch B is like, that's
00:26:29 - great, I'm running rapid spanning tree, I'm going to fail over
00:26:31 - to switch C and just use this redundant connection over to switch
00:26:35 - A. So it was still using switch A. All right, hang on. I got
00:26:39 - to build this up again. We need some dramatic music here, going
00:26:43 - to exit out, do a clear screen. Drrrr. What am I going to kill?
00:26:47 - I'm going to kill both I'm going
00:26:51 - to kill every cable I have connected to switch A, because I don't
00:26:56 - really have that much going on, on switch A. It's my redundant
00:26:59 - router. So here is what I'm going to do. I'm going to start the
00:27:02 - ping again.
00:27:04 - Sorry, I got to make sure this works right. I'm going to start
00:27:07 - the ping again. I'm going to pull all the cables, meaning this
00:27:12 - one right here. Choo, choo. And this one right here to switch
00:27:17 - A. And then I have a connection like that. We'll see how long
00:27:21 - it takes switch B, to fail over to the it shouldn't be switch
00:27:25 - B, for HSRP to fill over to BC as the active router. So much
00:27:29 - explanation. Good grief, let's just pull some cables here. I've
00:27:32 - got my pings going, I'm pulling them now. Much better. That is
00:27:37 - what I expected to see. Okay. So at that point, the active
00:27:43 - HSRP switch has failed. The standby is missing hellos at this
00:27:49 - point. Oh, you see it? Right there, the standby took over and
00:27:52 - kicked on. Now if I tell net over to 172.30.70.1,
00:27:57 - I should arrive at which switch? C, right? And sure enough, I
00:28:01 - do. I do a show standby and you can see right here, it is now
00:28:05 - switch C, is now the active one. It flipped over to become the
00:28:10 - active. It's now acting as the virtual IP and virtual Mac address.
00:28:15 - Standby routers unknown because it has taken over and switch
00:28:20 - A is currently down. Now that was pretty cool. Right? We've got
00:28:26 - HSRP recovering failing over right before our very eyes, but
00:28:29 - we can make it even better by tuning and optimizing HSRP. And
00:28:34 - nothing has changed except the slide, I flipped it over. I've
00:28:37 - still got the same configuration, I just actually I reconnected
00:28:41 - the cables to switch A. And I want to show you something. I'm
00:28:44 - telenetted into switch C right now. I'll do a show standby and
00:28:48 - I want to show you that as of right now, switch C is still the
00:28:52 - active router. Because you know even though I've reconnected
00:28:57 - switch A, it by the way it sees itself as the active router,
00:29:00 - but it sees switch A, as the standby router. Now here is the
00:29:05 - irony of the whole thing, it says: Yeah, yeah, my priority is
00:29:08 - 100, and my standby router's priority is 150.
00:29:13 - The reason for that is because HSRP is kind of a one fail over
00:29:17 - deal, meaning once switch A over here, I think I remove my switch
00:29:24 - numbers. Once switch A failed and it went over to switch C, as
00:29:28 - the active router, switch C remains the active router until switch
00:29:32 - C fails and then it will fail over again to switch A. That is
00:29:36 - unless you configure preemption. Now priority, we've already
00:29:39 - talked about, we did that a little bit early. Preemption is configured
00:29:43 - that says, if you are a higher priority, then kind of kick the
00:29:48 - other guy back down. When you come back online, say that's me.
00:29:52 - Now the thing you've got to be careful of with preemption is
00:29:57 - if you have a router that's kind of flapping, meaning maybe it's
00:30:00 - got some IOS glitch or some hardware failure, and it's constantly
00:30:04 - rebooting, maybe once every couple minutes, well, it's going
00:30:07 - to constantly kick the other one back down, cause a temporarily
00:30:10 - a few seconds outage and then fail again and another 10 seconds
00:30:13 - outage while HSRP fails over again to the other one and all the
00:30:18 - magic happens. So be careful with preemption. Sometimes it's
00:30:21 - good for it to stay with the backup until you can come over and
00:30:24 - find out why it failed. But if you want to set up preemption,
00:30:27 - here is how you do it. Now I'm on switch C right now, so let
00:30:30 - me open another command prompt and telenet over to switch A.
00:30:37 - Oops. 70.2.
00:30:42 - All right. I'm on switch A. I'm keeping both windows here for
00:30:46 - a reason. We go into global config, interface VLAN 170. It's
00:30:50 - one command, stand by group 1 and then you can see it right there,
00:30:56 - preempt. I love the description, overthrow
00:31:00 - domination. Preempt.
00:31:03 - Enter. And at that point, this now says I will overthrow the
00:31:07 - router with the lower priority and I'll just hit the Up arrow.
00:31:10 - You see what happened? It says connection to host lost because
00:31:14 - I was telenetted to the HSRP router and of course as soon as
00:31:18 - I typed
00:31:19 - in preempt, switch C is no longer the HSRP virtual IP address
00:31:23 - and switch A took over. So I guess if I just telenet to that,
00:31:27 - that will verify it, I'm on switch A, now because it is the active
00:31:31 - router. So that is the idea of preempt. Now interface tracking
00:31:36 - is pretty powerful. What this one does, is answer the question
00:31:40 - that we had of remember I had the two routers in a picture and
00:31:44 - I had them going to the switches? And I said, well, what if what
00:31:50 - if, you know, these guys are sending hellos back and forth, but
00:31:53 - then the serial link goes down, but since the hellos are still
00:31:58 - going back and forth, nothing is going to change. This one is
00:32:00 - still going to think, yeah, that guy is just an okay because
00:32:04 - you know he is still sending hellos. It is kind of like a happy
00:32:06 - face with glasses right there. The hellos are still coming. Well,
00:32:11 - that's where interface tracking can come into play. Interface
00:32:14 - tracking says if this interface goes down,
00:32:21 - I will decrement my priority, subtract a certain number off my
00:32:26 - priority that is specified by you, the administrator. So if fails
00:32:30 - maybe I'll take off 51 for my priority, kind of our example right
00:32:34 - here. So my priority will drop to 99. Now this feature has to
00:32:40 - be configured with preemption, of course, right? Because if the
00:32:43 - priority drops to 99, but this is the active router, well, preemption
00:32:47 - is not set up, this won't say, well, I'm going to overthrow you
00:32:50 - because my priority is 100. So those two features tie hand in
00:32:56 - hand. Here is how you set up tracking.
00:32:59 - Just clear off my gibberish here.
00:33:03 - I'm going to bring up actually let me resize my window for a
00:33:07 - second. There we go. Okay. Here is what I'm going to do. I'm
00:33:11 - going to take this switch ooh, I got a good idea here. I'm going
00:33:16 - to take this switch
00:33:20 - right here, which is currently the active. It's got the priority,
00:33:23 - I'll put priority 150 on this switch. And I'm going to set up
00:33:27 - interface tracking because remember our topology looks like that,
00:33:31 - that if this one fails, we won't have the problem that we had
00:33:35 - when I first tried to demonstrate HSRP. Remember where it stayed
00:33:38 - the active router, it's just this guy went that way to get to
00:33:42 - it? That's why we didn't have any interruption on our ping. So
00:33:45 - here's what I'm going to do. I'm going to set up tracking to
00:33:47 - where if this interface fails, then I'm going to decrement my
00:33:52 - priority by
00:33:55 - let's do 60.
00:33:58 - I'll say subtract 60 from your priority so you will end up becoming
00:34:02 - hang on, this is switch A, this is switch C. You will end up
00:34:05 - becoming the standby router as long as switch C is considered
00:34:08 - for preemption. Actually, let's do that first. Going to telenet
00:34:13 - over to switch C. 230.70.3.
00:34:18 - And go into interface VLAN 70 and do standby group 1 preempt.
00:34:23 - So it's set up for preemption, verify to show standby.
00:34:29 - And correct, preemption is enabled, you can see it right there.
00:34:33 - It is still the standby router, priority is 100 and the primary
00:34:37 - priority is still 150. So let's exit out here and I'm going to
00:34:42 - on switch A, let me clear my screen.
00:34:46 - I'm going to go into global config mode and I'm going to go under
00:34:51 - interface VLAN 70. I set it up from the same place. I'm going
00:34:55 - to say for the standby group 1, I want to set up tracking
00:35:00 - where if my fast ethernet. Let's see which one is that? This
00:35:05 - link here is 0 0/23,
00:35:09 - where if FA0/23
00:35:13 - goes down,
00:35:16 - we don't have to type in goes down, it just we identify it. Track
00:35:19 - this interface. And If that one goes down, I'm going to decrement
00:35:23 - my priority by 60, thus making me a priority of 90 and the other
00:35:28 - switch to take over. So oh, let's see, how do I want to demonstrate
00:35:32 - this. This will this could be cool. Mmm. Let's do the ping again.
00:35:37 - Um, I'm going to stay telenetted over to let me exit out here.
00:35:43 - Oh that was great. Let me I'm going to telenet over to
00:35:49 - switch C. Here is what happens. I get so excited to show this
00:35:54 - stuff and I'm going to do a terminal monitor. All my windows
00:35:59 - start closing on me. All right, so I'm going to do terminal monitor
00:36:02 - on switch C. I'm going to bring up my terminal
00:36:08 - prompt and I'm just going to do a ping, 172.30.70.1.
00:36:12 - Are you following what I'm doing here? I know I'm just flying
00:36:15 - all over the place, as of right now I'm going to ping this and
00:36:18 - I'm going to down the tracked interface, 0/23. Right now.
00:36:26 - How is it? Do
00:36:28 - you see that? Did you see that? Right there. No pings at all
00:36:33 - failed. Right there. It immediately went standby to active. Now
00:36:38 - I'm sitting on switch C. I'm going to type in show standby, and
00:36:42 - it's active. Now you might be thinking well, why did that happen?
00:36:46 - I expected did you expect some timeouts there with that ping?
00:36:51 - I mean, nothing happened at all. It was immediate. Well, remember
00:36:54 - how this happened. The first time we caused the failure, I literally
00:36:58 - severed all ties to switch A. It's down. And that's where we
00:37:02 - saw the 10 second timer kick in before switch C became the active
00:37:06 - router. Well in this case, I just killed this link to switch
00:37:10 - A, and as soon as that link went down, I mean instantaneously,
00:37:15 - like the millisecond it happened, switch A said, I am no longer
00:37:19 - the active router because I subtracted 60. Switch C, which is
00:37:22 - configured for preemption said I'm a priority of 100 and you're
00:37:27 - 90, so immediately I'm booting you down. Now the time is taking
00:37:31 - me to explain this is far less time than it actually took to
00:37:34 - happen. I mean, we're talking milliseconds here, right? So switch
00:37:38 - C took over as the active router. Switch A, demoted itself until
00:37:42 - that interface goes back online and we did not miss a single
00:37:46 - ping at all because of that instantaneous transition. We didn't
00:37:50 - have to wait for those hello timers to time out. Speaking of
00:37:55 - timers, that's the last thing we need to talk about. How we can
00:37:58 - tune HSRP to be fast, even when a fail over occurs, meaning a
00:38:03 - complete fail over like we talked about before. Well, watch this.
00:38:07 - There's a couple timers that you can tune and you can make HSRP
00:38:10 - scream. I'm going to go into switch C, that's the switch I'm
00:38:14 - on right now. Get into interface VLAN 70 and actually before
00:38:18 - I talk about making HSRP extremely fast, let me talk about an
00:38:21 - important timer, deals with preemption. I'm going to type in
00:38:26 - standby 1 preempt, and that is what we talked about before, to
00:38:30 - turn on preemption, this will become King of the Hill once it
00:38:35 - reboots and it finds it's a higher priority. But there's some
00:38:38 - timers that you can adjust on preemption, you can see you have
00:38:41 - a delay before preempting. Now notice there's a few of them that
00:38:46 - says minimum reload or sync that says, wait
00:38:51 - wait at least this long before you preempt across the board.
00:38:55 - Wait after you reload or wait for the clients to sync up with
00:38:59 - you, you know, this long wait until clients are accessing you
00:39:02 - for this long before you preempt and become HSRP. The activate
00:39:07 - HSRP router. The two most often used one are these two and I
00:39:11 - would highly recommend using the reload. Because if your switch
00:39:15 - is rebooting, you usually don't want it as soon as it comes back
00:39:19 - online to be active right away or that goes for routers, too.
00:39:23 - And the reason why is because when the router boots, it's kind
00:39:27 - of, you know, learning routing tables. It's learning
00:39:32 - routing tables, it's doing CDP, it's finishing the process that
00:39:37 - occurred to boot. When it booted, so the processor time is more
00:39:40 - utilized. Think of it when you boot a windows PC, and you log
00:39:44 - in, right? You kind of just sit there for a couple minutes, at
00:39:47 - least I do on my slow computer, because it's loading all these
00:39:51 - other processes and I know if I do anything, it's just going
00:39:53 - to kind of hang there and be really slow acting. So it's the
00:39:57 - same way with a router. So you might say, delay after reload,
00:40:01 - you know, maybe 180 seconds. So it's going to wait. If this is
00:40:06 - the primary router, it will wait three minutes before it says,
00:40:11 - okay, I'm up and I've been stable long enough for me to become
00:40:14 - active, now I will preempt and become King of the Hill. Now I'll
00:40:19 - talk about how to make HSRP scream. I can type,
00:40:23 - not literally, I can type in standby 1 timers and then how I
00:40:29 - want to tune down my timers. Now we know that the default timers
00:40:33 - in HSRP is hello once every 3 seconds, dead after 10.
00:40:39 - I can tune that down, I'll say first off to equal VRRP, the latest
00:40:44 - and greatest ones. I just type in timers one to say hello once
00:40:48 - every second, and then three to say, you're dead if you don't
00:40:52 - respond after three seconds, and you're good to go and actually
00:40:55 - do four, so you get three missed hellos before that happens.
00:40:59 - Now that kind of makes it compete with VRRP, but why compete
00:41:04 - when you can do better? Did you notice this one right here? Oh,
00:41:09 - yeah. Timers in milliseconds and I can have it say, hello. Now
00:41:15 - I wouldn't recommend 15 there, that's a little crazy. But I can
00:41:19 - say, you know, maybe send a hello message once every 150 milliseconds
00:41:25 - and consider somebody dead in
00:41:29 - we have to type in the milliseconds both times, consider somebody
00:41:33 - dead after we'll say 700 milliseconds. At that point, your layer
00:41:40 - three devices, routers or switches, will converge in less than
00:41:44 - a second when a major failure has occurred. Now that's good news
00:41:49 - because less than a second convergence means most likely nobody
00:41:54 - notices because it transitions that process as fast as you can
00:42:00 - snap your finger. Now there are other criteria that have to go
00:42:03 - in with that nobody notices like statefulnat(ph) and so on. But
00:42:07 - that is a way that you can allow HSRP to start moving very fast.
00:42:13 - Now the only drawback to doing that is do realize that now your
00:42:18 - switch is generating what would that be? Like seven, eight packets
00:42:21 - a second of hellos for HSRP. So not only does your network bandwidth
00:42:26 - go up and I would say that's the least of the concerns since
00:42:29 - usually you've got gig uplinks between the switches, what I would
00:42:33 - say to watch out for is your processor cycles because now both
00:42:36 - switches are having to generate and receive potentially eight
00:42:42 - or nine hello messages every single second for HSRP and there's
00:42:46 - always an interrupt associated with that to the processor.
00:42:50 - On our newer switches, though, I wouldn't consider that much
00:42:53 - of a problem because their processors are usually pretty heavy,
00:42:57 - especially with those soup modules, soup 720 or whatever else
00:43:01 - we've got in our 6500 series switches nowadays. So let's wrap
00:43:05 - this up. It's been ooh, I'm out of breath after this one. Good
00:43:09 - stuff. HSRP in action. We did see of course redundancy is good,
00:43:14 - having two puppies is better than one. HSRP VRR, GLBP,
00:43:18 - what's the difference between them all? We had kind of the cram
00:43:21 - section slide of that, but really focused in this video on HSRP,
00:43:26 - everything about it. Part 2 of this is going to focus on the
00:43:29 - other two protocols,
00:43:31 - VRRP and GLBP. I hope this has been informative for you and I'd
00:43:35 - like to thank you for viewing.
00:00:00 - It's time to make our campus redundant by using
00:00:06 - HSRP, VRRP and GLBP, hopefully not all at the same time because
00:00:10 - I can't imagine saying those acronyms. This is one of my favorite
00:00:15 - sections of the whole series. In my opinion, it's just awesome.
00:00:19 - To be able to set up your network to where if any single piece
00:00:23 - of equipment fails, everybody just kind of is like, oop, failure,
00:00:26 - let's reroute around it or reswitch around it as we look at the
00:00:30 - switching environment. We're going to look at how we can apply
00:00:33 - redundancy to our switches, but the same concept will apply directly
00:00:38 - to routers, even though this is a series focused on nothing,
00:00:40 - but Cisco switches. So the first thing we're going to talk about
00:00:44 - is redundancy is good. Right? I mean, it's good to have redundant
00:00:48 - connections, just like down here we have these two little critters
00:00:52 - and they're redundant. It's good to have two critters, until
00:00:56 - you find out those critters are responsible for dismembering
00:00:59 - a 50 year old woman in Colorado this last weekend. Actually,
00:01:03 - that's not true at all, I don't know where that came from. But
00:01:06 - in our campus networks for sure redundancy is good. You want
00:01:09 - redundant devices, redundant routing. We'll, then look at the
00:01:12 - protocols that you see up there. I'm not going to go through
00:01:14 - all the acronyms again. What's the difference between all of
00:01:17 - these? The only thing they have in common it seems like is that
00:01:20 - "P" at the very end. Configuring and tuning HSRP will be our
00:01:24 - focus of the final piece of this video and I really want to emphasize
00:01:28 - that understanding HSRP is kind of the key to understanding the
00:01:32 - other two, VRRP and GLBP, which we're going to talk about in
00:01:36 - Part 2, so that's going to be a critical piece of looking at
00:01:40 - setting up redundant connections in the campus networks. Let's
00:01:43 - get going.
00:01:45 - I doubt that I really even need to make the argument that redundancy
00:01:49 - is good, rather just present to you that there are redundant
00:01:54 - forms of networks all around. We can have redundant routers connected
00:01:58 - to the internet, so if one of those ISPs or maybe one of those
00:02:02 - routers fails or a link to the router or just about anywhere
00:02:05 - in the network fails, we have some other backup path out this
00:02:09 - other router. Now, over here we have redundant core switches
00:02:13 - or distribution layer switches. So if maybe we've got our clients
00:02:17 - down here or our server farm down here that's coming up to the
00:02:20 - switch, they have multiple paths that they can go through to
00:02:25 - reach other VLANs and I guess you could combine these models
00:02:28 - and say reach the internet if we have redundant connections up
00:02:31 - here to our routers that gets off to our internet. If one of
00:02:34 - our core switches fail, we can always route over to the other
00:02:37 - one. So redundancy is a good thing, but now how do we make this
00:02:42 - all possible? I mean, how do we set this up in a way that allows
00:02:46 - this router to fail and auto magically this client says, oh well,
00:02:50 - I'll use this router or this router suddenly takes over for that
00:02:54 - client and likewise, if this core switch goes down, all of these
00:02:58 - guys will be using the other core switch. I mean, if you think
00:03:00 - about it, it's not like we can run around to the network and
00:03:04 - change everybody's default Gateway to a new IP address or assign
00:03:08 - a new DHCP scope, this has to be automatic, so the network should
00:03:13 - recover when one of these pieces of equipment fail.
00:03:17 - This opens the door to a whole bunch of questions that you might
00:03:20 - have with redundancy, as in how fast can this fail over happen?
00:03:25 - How fast can this router say, I'll take over for you when that
00:03:28 - one goes down and how does it even know it goes down or what
00:03:32 - if for instance the LAN interfaces are fine on both of these
00:03:36 - routers, but the WAN link goes down? How does this one know that
00:03:40 - that router's WAN link went down and know to take over when it's
00:03:45 - not directed to the WAN, it is not like it can send hello messages
00:03:48 - over to that WAN link. So how does it know when it fails? That's
00:03:52 - the last question I have in that list. How does the client know?
00:03:56 - For example, how does the client know that I should stop using
00:03:59 - that router and start using that router? Or if this is some kind
00:04:04 - of shared IP address thing, where maybe we just have both of
00:04:07 - these routers responding to we'll say 191268.1.1,
00:04:12 - then there has to be a Mac address that maps to that IP address
00:04:16 - when this one goes down that Mac address is going to be in everybody's
00:04:20 - cache. So that immediately tells you that you've got five, 10
00:04:24 - minutes of outage right there while everybody figures out that
00:04:28 - Mac address is no longer available, let's time out the ARP Cache
00:04:31 - and fail over to here. So how do we fix all of that? I mean all
00:04:36 - of these are questions that deal with that redundancy and that's
00:04:39 - what we're going to answer right now.
00:04:42 - There are three protocols that make redundancy happen: HSRP,
00:04:46 - VRRP and GLBP. Don't
00:04:50 - let this slide scare you because it's really just a laundry list
00:04:53 - dump of all the facts about these protocols. We're going to spend
00:04:56 - the rest of this video and the next exploring each of these in
00:05:00 - depth. Overall, HSRP was the first, Cisco was the first to gain
00:05:05 - with this with hot standby routing protocol or router protocol.
00:05:10 - Now this was originally designed for routers because it came
00:05:12 - out back in 1994
00:05:14 - before layer three switching was really mainstream or actually
00:05:18 - I don't even know if layer three switching was around back then,
00:05:21 - that was maybe the newest thing on the market, if so. But this
00:05:26 - uses something known as a hello timer of every three seconds.
00:05:29 - So every three seconds the routers or now layer three switches
00:05:34 - say hello to each other. And if the switch or router doesn't
00:05:37 - say hello within 10 seconds, the other one's like, well, he's
00:05:40 - dead and I'll take over for all the clients. And I know we still
00:05:44 - have questions on that and that's going to be answered as we
00:05:46 - dive into these. The virtual router redundancy protocol, or VRRP,
00:05:51 - came out in 1999,
00:05:53 - so five years later the other vendors caught up, meaning that
00:05:59 - this is now an industry standard protocol. And I shouldn't say
00:06:02 - the other vendors caught up, I'll sure everybody had their own
00:06:04 - little proprietary version of this, but this protocol now allows
00:06:09 - this concept, this redundancy to work if you've got a Cisco router
00:06:13 - and some other brand router sitting next to each other, they
00:06:16 - can communicate and be redundant for each other. Now the cool
00:06:20 - thing about VRRP is since it came out in 1999,
00:06:24 - the timers are much faster, meaning the bandwidth that was available
00:06:28 - in '99 was much more than it was in 1994, so by default the timers
00:06:33 - can recover and find a failure much faster and you can see hello
00:06:37 - timer of one second and a hold timer or dead timer of three seconds,
00:06:42 - plus a little bit more and we'll talk about that when we get
00:06:44 - there. The last one came out in 2005,
00:06:49 - GLBP by Cisco for Cisco. It's Cisco proprietary. Does the same
00:06:54 - thing as these other two, except
00:06:57 - allows load balancing. That is pretty cool to where both routers
00:07:03 - can be forwarding traffic at the same time or both layer three
00:07:05 - switches can be accepting traffic at the same time and load balancing
00:07:09 - between each other. Now when you think about them sharing an
00:07:13 - IP address this starts blowing your mind even more. I mean it's
00:07:16 - like the questions abound when you get to GLBP. You got to stay
00:07:20 - tuned for that one because just the whole concept of how that
00:07:24 - happens will blow your mind away. It's just awesome. So let's
00:07:28 - start off with HSRP.
00:07:30 - As you just saw, the hot standby routing protocol or HSRP was
00:07:35 - the first protocol that did this redundancy thing. And since
00:07:38 - this is a switching course, I'm going to focus now on the switches
00:07:42 - in layer three switch capabilities, rather than talking about
00:07:45 - routers. But do keep in mind that these same concepts that we're
00:07:49 - talking about now can apply to routers just as well. HSRP allows
00:07:54 - the Gateways to be organized and to stand by groups. Now when
00:07:58 - we're talking layer three switches, we're typically talking VLAN
00:08:01 - interfaces. For example, let me dive a little bit into the demonstration
00:08:07 - I'm going to do for you in just a moment. These routers have
00:08:11 - VLAN 70. The VLAN 70 interface and that interface is assigned
00:08:16 - this IP address. That is the real VLAN address, VLAN 70 interface
00:08:21 - and this IP address. So those are assigned to their interfaces,
00:08:25 - but HSRP allows me to organize these layer three switches into
00:08:31 - standby groups. Now they both share the same group number. For
00:08:36 - example, I might say this is HSRP group 5 and both of these interfaces
00:08:43 - are placed into standby group 5. Now when I do that, I will generate
00:08:48 - a standby or virtual
00:08:51 - IP address and get this, get this, a virtual Mac address. Brilliant,
00:08:57 - isn't it? So right down here you see VIP, that's my virtual IP
00:09:01 - address and a virtual Mac address, that has a specific format
00:09:06 - and we're going to talk about that in just a second that both
00:09:09 - switches respond to. But make sure you catch this, that HSRP
00:09:13 - is not a load balancing thing like that one protocol GLBP. This
00:09:18 - is more of an active standby system, so one of these routers,
00:09:22 - the primary one, will be active in responding to this IP address
00:09:26 - and this Mac address and if this ever goes offline, the standby
00:09:31 - or other layer three switches, they're all in standby, there
00:09:34 - could be more than one standby switch or layer 3 switch, but
00:09:39 - they're going to take over and start being the active router
00:09:42 - for that VLAN interface and it will respond to this virtual IP
00:09:47 - address and virtual Mac address. Now the good news, the reason
00:09:50 - I get so psyched about that virtual IP and Mac is because that
00:09:54 - means nothing has to change on our clients or our servers right
00:09:59 - here. They have their default Gateway of 172.30.70.1,
00:10:05 - and they have their Mac address and their ARP cache and that's
00:10:08 - one of the problems we talked about, it's in the ARP cache of
00:10:11 - 00000C07ACL1, that's my Mac address that I have right here. So
00:10:18 - if one of these fails as long as this one takes over for it and
00:10:21 - starts responding for this Mac address and IP address, the servers
00:10:25 - won't notice any different. The cool new system they can send
00:10:28 - a little gratuitous art message on here, so these switches will
00:10:32 - immediately divert traffic to that Mac address from this port
00:10:36 - out that port. And they can do that very quickly, just by receiving
00:10:41 - that gratuitous art message. Now by default,
00:10:45 - hello messages are sent once every three seconds and a Gateway
00:10:50 - is dead after 10 seconds. What that means I've got all this chicken
00:10:55 - scratch up here, let me just wipe that clean real quick. This
00:11:00 - primary Gateway, if this is the one, is saying, hello, hello,
00:11:03 - hello, every three seconds and this one even though it's the
00:11:06 - stand by is saying hello every three seconds. So if it stops
00:11:10 - receiving hello messages for 10 seconds and the reason it's 10
00:11:14 - instead of nine is because if it was nine, then you'd never really
00:11:17 - count that third hello. Right? If you missed two hellos, you
00:11:21 - would consider them down right as the third hello is getting
00:11:24 - there. Just multiply three times three and you'll find that out.
00:11:28 - So they add a bonus second, and the 10 second for some latency
00:11:32 - reason and that is why this one knows to take over because if
00:11:36 - it's missed that many hellos, this guy might be down. So what
00:11:41 - was I going to say on that? Oh, timers. Those timers aren't very
00:11:46 - quick, meaning that those timers were designed for networks back
00:11:50 - in 1994, as I was mentioning. So they are tunable to be equal
00:11:55 - to VRRP, which is the newer of the two protocols, so it can converge
00:12:00 - just as fast, but remember HSRP's only weakness at that point
00:12:04 - is that it is Cisco proprietary.
00:12:07 - I say that because a lot of people might just be anxious to move
00:12:10 - to VRRP, not realizing they're not getting any other benefit
00:12:14 - other than multi vendor compatibility. And I'm not saying this
00:12:18 - just because I'm a Cisco guy, but usually when you have Cisco
00:12:21 - routers and you want them to be redundant, they're going to be
00:12:24 - Cisco routers. It's very rare that you're going to mix a Cisco
00:12:29 - router with an HP router for redundancy purposes or a pick a
00:12:34 - vendor, I just threw HP out there. So HSRP can do the same thing
00:12:38 - as VRRP, it just takes a little more tuning. Now there is a specific
00:12:43 - structure to this virtual Mac address that I want to mention
00:12:46 - to you. Right here oh, let me just fix that real quick. This
00:12:50 - virtual Mac address is generated when I create that standby group,
00:12:55 - meaning if I chose standby group number five that both these
00:12:58 - layer three switches respond to, it automatically will generate
00:13:02 - this well known Mac address. The first section of that Mac address
00:13:06 - all zeros and then 0C is Cisco's vendor ID. When you get pools
00:13:11 - of Mac addresses, you have to go to the great Mac address Gods
00:13:15 - in the sky and say, please grant me a range and they will say,
00:13:18 - why yes, you have this range. So Cisco got 000.0C
00:13:23 - as one of their ranges and that's what they chose for HSRP.
00:13:27 - By seeing 07AC as the second group of digits there, you're going
00:13:34 - to immediately know that this is HSRP. It's good to know because
00:13:39 - you can be on a network and just do an ARP A command from a Windows
00:13:43 - command line or I think that works in Linux, and you are going
00:13:46 - to find out
00:13:48 - we're using HSRP, without even having to go to the router because
00:13:51 - you can recognize that Mac address. The last two digits will
00:13:55 - be the HSRP standby group number. For instance, if I had chose
00:13:59 - 5, it would be 05 for that Mac address. Actually this doesn't
00:14:03 - match to my scenario, this one would be group number 1 that I
00:14:06 - would have chosen rather than 5. And that is in hexa decimal.
00:14:10 - If I choose group number 10 it is going to be 0A.
00:14:15 - Well let's get this set up and I'd like to start by getting familiar
00:14:18 - with the topology of this lab environment here. I have two layer
00:14:21 - three switches, switch A and switch C, they're 3550
00:14:25 - series and they are routing right now for VLAN 70. One of them
00:14:30 - is assigned 172.30.70.2
00:14:33 - and the other is 70.3, switch A and switch C. As of right now
00:14:37 - I have them connected to 2950 here, actually two of them, but
00:14:42 - I don't have the second one connected. Switch B is I guess physically
00:14:46 - this is what it looks like, but if we wanted true redundancy,
00:14:49 - we would want two switches here and by the way, I don't have
00:14:52 - all of the necessary connections just because it got too messy
00:14:55 - when I had that with all the texts, but to have true redundancy,
00:14:59 - you want a connection here, you want a connection here and you
00:15:02 - want a connection here between these switches and why not just
00:15:05 - go and throw in another one for good measure. But that's what
00:15:07 - a truly redundant network looks like, it's just hard to read
00:15:10 - all the text. But with that in mind, we have just one switch,
00:15:14 - 2950 here, that is connected to a server. Now as of right now,
00:15:18 - this isn't set up for redundancy, meaning the server is configured
00:15:23 - to 172.30.70.3
00:15:26 - as its default gateway. Let me goat you familiar with the server,
00:15:30 - this is it. I'm going to do an IP config here. All of these adapters,
00:15:34 - but really only one of them are active. You can see 170.30.70.50
00:15:40 - and it is hard coded to a default Gateway of 70.3, which is
00:15:45 - that switch right there. So it's using switch C. Just to prove
00:15:48 - that we can get out there, I'm going to do a ping, 172.30.70.3,
00:15:56 - at the default Gateway. We're getting there and it can ping .2,
00:16:01 - I thought wait an sec, it should be. Oh, okay there we go, it
00:16:06 - just took an sec. It should be able to ping 70.2, so they're
00:16:09 - both right there, both switches are responding, it's just as
00:16:13 - of right now since the default Gateway is hard coded to .3, if
00:16:16 - A goes down, there's no redundancy, so we need to set up a standby
00:16:20 - group. I've got my virtual IP address 172.30.70.1,
00:16:25 - that I want to use and I want these two switches to share it.
00:16:28 - Now I want let's see, what do I want? Hmmm. I would like switch
00:16:34 - A, to be the primary switch on this and I'd like Switch C to
00:16:39 - be the standby. So switch A should respond to the Ping messages
00:16:43 - while it's online, but if it goes offline then I want switch
00:16:46 - C to take over and carry the burden, so here's how we do it.
00:16:52 - I don't need that window right now, I need this one. I'm on switch
00:16:55 - A. I'm going to go just do a show IP interface brief and you
00:16:59 - can verify that right there is my VLAN 70 interface, with the
00:17:03 - .2 address assigned. Now my server is plugged into oh, the 2950
00:17:08 - below. These are my trunk links that are connected to the 29.50
00:17:13 - and the 35.50. All right. So I'm going to go into interface VLAN
00:17:18 - 70. So I'm in the routed interface and make sure you distinguish
00:17:22 - going into VLAN 70 is much different from going into interface
00:17:26 - VLAN 70. Just VLAN 70 is the layer 2 VLAN, that's how you segment
00:17:29 - your ports. Interface VLAN 70 is the routed interface for that
00:17:34 - VLAN. The command I'm going to type is standby followed by my
00:17:39 - group number. By the way, there is no HSRP command, whenever
00:17:43 - you type standby that tells the switch or router you're after
00:17:48 - HSRP. Now there's a lot of options, here we're going to go through
00:17:51 - each one of them, but I'm going to start off with the group number
00:17:55 - because we have to set up the group. So I'm going to say standby
00:17:59 - let's do a group number of 1, just use real nice generic one.
00:18:05 - Once we type in the group number, it's going to ask us, well,
00:18:07 - what sort of IP address do you want that as the virtual IP address?
00:18:11 - Or do you want to have preemption enabled? And we'll talk about
00:18:14 - all of those. First step, as you can see right here, create the
00:18:18 - standby group and reassign the IP address, so that means I need
00:18:21 - to create group 1 and set up this virtual IP. It's almost like
00:18:26 - step 1 and step 2 are one and the same except when I was meaning
00:18:30 - reassign IP address, I meant on the client. So I'm going to type
00:18:33 - in standby 1 IP and then what is my virtual IP address?
00:18:42 - 70.1. By the way, some people call this a phantom IP address.
00:18:47 - I think it's older terminology.
00:18:52 - People used to call the virtual IP like a phantom IP because
00:18:55 - it emulated like there's this phantom router in the middle, but
00:18:58 - that's it. Believe it or not, that's all I need to do to set
00:19:02 - up HSRP, at least on switch A. So that's not running and my standby
00:19:06 - group is operating. Now I'm going to introduce one more command
00:19:10 - at this point. I was going to introduce in the next slide, but
00:19:14 - I think it's so important that I'll say it now. It is the priority.
00:19:20 - Standby 1 priority and then a number. Now by default every single
00:19:26 - router will have a default priority of 100.
00:19:30 - Now when you think priority you should think higher is better.
00:19:33 - I mean if you are a higher priority dinner guest you are going
00:19:37 - to go in first, right? So the higher your priority, the better
00:19:40 - you are. Since everything is a default of 100,
00:19:44 - we need to adjust switch A, if we want to make sure that it becomes
00:19:48 - the HSRP active router at the time. If you don't adjust it, everybody
00:19:54 - will be 100 and it just relies on the highest IP address to break
00:19:58 - the tie, in which switch C would become the active router because
00:20:02 - it's got the higher IP address. So I'm going to come into here
00:20:05 - and say, priority and let's just say 150.
00:20:09 - Now these are arbitrary values. It's not like I can say 150 is
00:20:13 - always great. It's all relative based on what you've set up on
00:20:15 - the rest of your switches. So this point I now have HSRP configured
00:20:19 - on switch A. Let me configure it on switch C, and
00:20:23 - then we'll do some verification. Let me go into global config,
00:20:27 - interface VLAN 70 and I'll do. Let me type in do terminal monitor
00:20:33 - just so we can see some of the status messages that happen. I'm
00:20:36 - going to type in standby
00:20:39 - group number 1, looks like I've got a more recent IOS version
00:20:44 - on this, I've got some more commands. Standby group 1 and I'll
00:20:47 - put the IP address and this is going to be the same as it was
00:20:50 - on the other. 172.30.70.1.
00:20:55 - That is the virtual or phantom IP address I want this to respond
00:20:59 - to. So at this point, this will have the default priority of
00:21:04 - 100. So I don't need to worry about setting this any higher or
00:21:08 - lower because 150 is going to be the King of the Hill. Now before
00:21:13 - we verify this on the switches, I want to verify it from the
00:21:19 - client itself. Let me bring that prompt back up. Now again I
00:21:22 - just want to make sure and let me shrink this down a little bit
00:21:26 - so you can see the IP addresses here. Right about there. All
00:21:30 - right. To a clear screen. I'm going to make sure I can still
00:21:36 - ping 172.30.70.3.
00:21:38 - Sure enough I can and this is from the client, remember, I'm
00:21:41 - not on a switch here. I'm going to see if I can ping 172.30.70.2,
00:21:47 - and I can. That's switch A. Now let's see if we can ping that
00:21:50 - new virtual IP address 172.30.70.1.
00:21:55 - We can. Interesting. Now let's check this out. I'm going to telenet
00:21:59 - to 172.30.70.3,
00:22:02 - that's switch C. You can see that. Telenet 172.30.70.2,
00:22:09 - that is switch A and let's telenet to 172.30.70.1,
00:22:14 - the virtual IP address. Look at that, I'm on switch A. Is that
00:22:19 - the respected or I should see there? Yeah. You bet
00:22:26 - it is. Because switch A, is the active router at this time for
00:22:30 - that network. Let's go ahead and do the verification from the
00:22:33 - switch and I don't need my terit term, I am there now. Let me
00:22:37 - just do a show standby. By the way, this is about the only command
00:22:41 - you usually use. Show stand by will show right there VLAN 70
00:22:46 - group 1, the local state is active, it has a priority of 150.
00:22:51 - Hello timer is three seconds, as we know, hold down timer is
00:22:55 - 10 seconds. The next hello will be sent in 2.196 seconds. The
00:22:59 - virtual IP address is this. Standby router, look at that. It
00:23:04 - even tells us who this standby router will be, that's switch
00:23:07 - C. 172.30.70.3
00:23:09 - over there. And it's going to die in eight seconds flat. Meaning
00:23:13 - that that's the countdown, the 10 second count down, if it doesn't
00:23:17 - keep getting hellos from the standby, it's going to assume it's
00:23:20 - dead. Now right there is the Mac address and remember those pieces
00:23:24 - let me get right here, 0000C,
00:23:29 - is Cisco's vendor ID, 07AC means you're running HSRP and
00:23:35 - 01 is your group number.
00:23:38 - Isn't that cool? So this point we actually have a redundant setup.
00:23:42 - Now let's verify this from switch C's perspective. I'm going
00:23:46 - to telenet over to switch C to
00:23:50 - show standby over here. Now look at what switch C sees. Huh.
00:23:55 - The state is standby. So if you remember, the state on the other
00:24:00 - oh, it erases the screen, I can't scroll back, was active. It
00:24:03 - sees the virtual IP address, it sees the active Mac address.
00:24:07 - It sees who the active router is that would be switch A, 172.30.70.2,
00:24:13 - priority 150. Expires in nine seconds. So you know standby router
00:24:19 - is me, local, and my priority is 100, that is what we expected
00:24:23 - to see because that is the default. Now what I would then do
00:24:27 - if I was doing a full blown network config here, I would go to
00:24:30 - the client and I would
00:24:34 - set up this client to use a default Gateway of 30.70.1. And I'm
00:24:41 - done at that point, at least with the primary pieces, because
00:24:45 - the virtual
00:24:47 - IP address is set up. So really it's two commands. Standby, group
00:24:51 - number and the IP address, followed by standby, group number,
00:24:54 - priority, to set the priority of who's going to be the active
00:24:57 - router. Now before we move on to the tuning and optimizing HSRP,
00:25:01 - let's do a little test. I'm going to do a ping, 172.30.70.1
00:25:08 - t. So I'm going to have this ping going and let me tell you my
00:25:12 - thought process before I do it. I'm going to kill the connection
00:25:17 - to the active router, I'm just tracing a cable as I'm talking
00:25:21 - now to see which one to pull. Okay. Got it. I'm going to kill
00:25:24 - the connection to the active router from this client, so let's
00:25:28 - see how long it takes the standby router to fill over. So I'm
00:25:33 - going to start the ping. There it goes. I'm pulling the cable
00:25:37 - now. The cable is down. Holy cow, did you see that?
00:25:44 - That was amazing. Hang on. Did I pull the right cable? Oh, you
00:25:50 - know what, I'll bet you I did pull the right cable. I'm going
00:25:52 - to telenet over to 70.1.
00:25:55 - No, I pulled the wrong cable. Horrible. Did I really? I must
00:26:00 - have. 70.1
00:26:04 - what cable did I pull? Oh, I know why. You know why? Because
00:26:10 - I pulled this cable from switch B, but by the way I really have
00:26:14 - a connection like this. I pulled this cable right here,
00:26:19 - this was brilliant. Jeremy, simply brilliant. I pulled this cable
00:26:22 - and you can see, let me plug that cable back in. You can see
00:26:25 - that that's no worries, right? Because switch B is like, that's
00:26:29 - great, I'm running rapid spanning tree, I'm going to fail over
00:26:31 - to switch C and just use this redundant connection over to switch
00:26:35 - A. So it was still using switch A. All right, hang on. I got
00:26:39 - to build this up again. We need some dramatic music here, going
00:26:43 - to exit out, do a clear screen. Drrrr. What am I going to kill?
00:26:47 - I'm going to kill both I'm going
00:26:51 - to kill every cable I have connected to switch A, because I don't
00:26:56 - really have that much going on, on switch A. It's my redundant
00:26:59 - router. So here is what I'm going to do. I'm going to start the
00:27:02 - ping again.
00:27:04 - Sorry, I got to make sure this works right. I'm going to start
00:27:07 - the ping again. I'm going to pull all the cables, meaning this
00:27:12 - one right here. Choo, choo. And this one right here to switch
00:27:17 - A. And then I have a connection like that. We'll see how long
00:27:21 - it takes switch B, to fail over to the it shouldn't be switch
00:27:25 - B, for HSRP to fill over to BC as the active router. So much
00:27:29 - explanation. Good grief, let's just pull some cables here. I've
00:27:32 - got my pings going, I'm pulling them now. Much better. That is
00:27:37 - what I expected to see. Okay. So at that point, the active
00:27:43 - HSRP switch has failed. The standby is missing hellos at this
00:27:49 - point. Oh, you see it? Right there, the standby took over and
00:27:52 - kicked on. Now if I tell net over to 172.30.70.1,
00:27:57 - I should arrive at which switch? C, right? And sure enough, I
00:28:01 - do. I do a show standby and you can see right here, it is now
00:28:05 - switch C, is now the active one. It flipped over to become the
00:28:10 - active. It's now acting as the virtual IP and virtual Mac address.
00:28:15 - Standby routers unknown because it has taken over and switch
00:28:20 - A is currently down. Now that was pretty cool. Right? We've got
00:28:26 - HSRP recovering failing over right before our very eyes, but
00:28:29 - we can make it even better by tuning and optimizing HSRP. And
00:28:34 - nothing has changed except the slide, I flipped it over. I've
00:28:37 - still got the same configuration, I just actually I reconnected
00:28:41 - the cables to switch A. And I want to show you something. I'm
00:28:44 - telenetted into switch C right now. I'll do a show standby and
00:28:48 - I want to show you that as of right now, switch C is still the
00:28:52 - active router. Because you know even though I've reconnected
00:28:57 - switch A, it by the way it sees itself as the active router,
00:29:00 - but it sees switch A, as the standby router. Now here is the
00:29:05 - irony of the whole thing, it says: Yeah, yeah, my priority is
00:29:08 - 100, and my standby router's priority is 150.
00:29:13 - The reason for that is because HSRP is kind of a one fail over
00:29:17 - deal, meaning once switch A over here, I think I remove my switch
00:29:24 - numbers. Once switch A failed and it went over to switch C, as
00:29:28 - the active router, switch C remains the active router until switch
00:29:32 - C fails and then it will fail over again to switch A. That is
00:29:36 - unless you configure preemption. Now priority, we've already
00:29:39 - talked about, we did that a little bit early. Preemption is configured
00:29:43 - that says, if you are a higher priority, then kind of kick the
00:29:48 - other guy back down. When you come back online, say that's me.
00:29:52 - Now the thing you've got to be careful of with preemption is
00:29:57 - if you have a router that's kind of flapping, meaning maybe it's
00:30:00 - got some IOS glitch or some hardware failure, and it's constantly
00:30:04 - rebooting, maybe once every couple minutes, well, it's going
00:30:07 - to constantly kick the other one back down, cause a temporarily
00:30:10 - a few seconds outage and then fail again and another 10 seconds
00:30:13 - outage while HSRP fails over again to the other one and all the
00:30:18 - magic happens. So be careful with preemption. Sometimes it's
00:30:21 - good for it to stay with the backup until you can come over and
00:30:24 - find out why it failed. But if you want to set up preemption,
00:30:27 - here is how you do it. Now I'm on switch C right now, so let
00:30:30 - me open another command prompt and telenet over to switch A.
00:30:37 - Oops. 70.2.
00:30:42 - All right. I'm on switch A. I'm keeping both windows here for
00:30:46 - a reason. We go into global config, interface VLAN 170. It's
00:30:50 - one command, stand by group 1 and then you can see it right there,
00:30:56 - preempt. I love the description, overthrow
00:31:00 - domination. Preempt.
00:31:03 - Enter. And at that point, this now says I will overthrow the
00:31:07 - router with the lower priority and I'll just hit the Up arrow.
00:31:10 - You see what happened? It says connection to host lost because
00:31:14 - I was telenetted to the HSRP router and of course as soon as
00:31:18 - I typed
00:31:19 - in preempt, switch C is no longer the HSRP virtual IP address
00:31:23 - and switch A took over. So I guess if I just telenet to that,
00:31:27 - that will verify it, I'm on switch A, now because it is the active
00:31:31 - router. So that is the idea of preempt. Now interface tracking
00:31:36 - is pretty powerful. What this one does, is answer the question
00:31:40 - that we had of remember I had the two routers in a picture and
00:31:44 - I had them going to the switches? And I said, well, what if what
00:31:50 - if, you know, these guys are sending hellos back and forth, but
00:31:53 - then the serial link goes down, but since the hellos are still
00:31:58 - going back and forth, nothing is going to change. This one is
00:32:00 - still going to think, yeah, that guy is just an okay because
00:32:04 - you know he is still sending hellos. It is kind of like a happy
00:32:06 - face with glasses right there. The hellos are still coming. Well,
00:32:11 - that's where interface tracking can come into play. Interface
00:32:14 - tracking says if this interface goes down,
00:32:21 - I will decrement my priority, subtract a certain number off my
00:32:26 - priority that is specified by you, the administrator. So if fails
00:32:30 - maybe I'll take off 51 for my priority, kind of our example right
00:32:34 - here. So my priority will drop to 99. Now this feature has to
00:32:40 - be configured with preemption, of course, right? Because if the
00:32:43 - priority drops to 99, but this is the active router, well, preemption
00:32:47 - is not set up, this won't say, well, I'm going to overthrow you
00:32:50 - because my priority is 100. So those two features tie hand in
00:32:56 - hand. Here is how you set up tracking.
00:32:59 - Just clear off my gibberish here.
00:33:03 - I'm going to bring up actually let me resize my window for a
00:33:07 - second. There we go. Okay. Here is what I'm going to do. I'm
00:33:11 - going to take this switch ooh, I got a good idea here. I'm going
00:33:16 - to take this switch
00:33:20 - right here, which is currently the active. It's got the priority,
00:33:23 - I'll put priority 150 on this switch. And I'm going to set up
00:33:27 - interface tracking because remember our topology looks like that,
00:33:31 - that if this one fails, we won't have the problem that we had
00:33:35 - when I first tried to demonstrate HSRP. Remember where it stayed
00:33:38 - the active router, it's just this guy went that way to get to
00:33:42 - it? That's why we didn't have any interruption on our ping. So
00:33:45 - here's what I'm going to do. I'm going to set up tracking to
00:33:47 - where if this interface fails, then I'm going to decrement my
00:33:52 - priority by
00:33:55 - let's do 60.
00:33:58 - I'll say subtract 60 from your priority so you will end up becoming
00:34:02 - hang on, this is switch A, this is switch C. You will end up
00:34:05 - becoming the standby router as long as switch C is considered
00:34:08 - for preemption. Actually, let's do that first. Going to telenet
00:34:13 - over to switch C. 230.70.3.
00:34:18 - And go into interface VLAN 70 and do standby group 1 preempt.
00:34:23 - So it's set up for preemption, verify to show standby.
00:34:29 - And correct, preemption is enabled, you can see it right there.
00:34:33 - It is still the standby router, priority is 100 and the primary
00:34:37 - priority is still 150. So let's exit out here and I'm going to
00:34:42 - on switch A, let me clear my screen.
00:34:46 - I'm going to go into global config mode and I'm going to go under
00:34:51 - interface VLAN 70. I set it up from the same place. I'm going
00:34:55 - to say for the standby group 1, I want to set up tracking
00:35:00 - where if my fast ethernet. Let's see which one is that? This
00:35:05 - link here is 0 0/23,
00:35:09 - where if FA0/23
00:35:13 - goes down,
00:35:16 - we don't have to type in goes down, it just we identify it. Track
00:35:19 - this interface. And If that one goes down, I'm going to decrement
00:35:23 - my priority by 60, thus making me a priority of 90 and the other
00:35:28 - switch to take over. So oh, let's see, how do I want to demonstrate
00:35:32 - this. This will this could be cool. Mmm. Let's do the ping again.
00:35:37 - Um, I'm going to stay telenetted over to let me exit out here.
00:35:43 - Oh that was great. Let me I'm going to telenet over to
00:35:49 - switch C. Here is what happens. I get so excited to show this
00:35:54 - stuff and I'm going to do a terminal monitor. All my windows
00:35:59 - start closing on me. All right, so I'm going to do terminal monitor
00:36:02 - on switch C. I'm going to bring up my terminal
00:36:08 - prompt and I'm just going to do a ping, 172.30.70.1.
00:36:12 - Are you following what I'm doing here? I know I'm just flying
00:36:15 - all over the place, as of right now I'm going to ping this and
00:36:18 - I'm going to down the tracked interface, 0/23. Right now.
00:36:26 - How is it? Do
00:36:28 - you see that? Did you see that? Right there. No pings at all
00:36:33 - failed. Right there. It immediately went standby to active. Now
00:36:38 - I'm sitting on switch C. I'm going to type in show standby, and
00:36:42 - it's active. Now you might be thinking well, why did that happen?
00:36:46 - I expected did you expect some timeouts there with that ping?
00:36:51 - I mean, nothing happened at all. It was immediate. Well, remember
00:36:54 - how this happened. The first time we caused the failure, I literally
00:36:58 - severed all ties to switch A. It's down. And that's where we
00:37:02 - saw the 10 second timer kick in before switch C became the active
00:37:06 - router. Well in this case, I just killed this link to switch
00:37:10 - A, and as soon as that link went down, I mean instantaneously,
00:37:15 - like the millisecond it happened, switch A said, I am no longer
00:37:19 - the active router because I subtracted 60. Switch C, which is
00:37:22 - configured for preemption said I'm a priority of 100 and you're
00:37:27 - 90, so immediately I'm booting you down. Now the time is taking
00:37:31 - me to explain this is far less time than it actually took to
00:37:34 - happen. I mean, we're talking milliseconds here, right? So switch
00:37:38 - C took over as the active router. Switch A, demoted itself until
00:37:42 - that interface goes back online and we did not miss a single
00:37:46 - ping at all because of that instantaneous transition. We didn't
00:37:50 - have to wait for those hello timers to time out. Speaking of
00:37:55 - timers, that's the last thing we need to talk about. How we can
00:37:58 - tune HSRP to be fast, even when a fail over occurs, meaning a
00:38:03 - complete fail over like we talked about before. Well, watch this.
00:38:07 - There's a couple timers that you can tune and you can make HSRP
00:38:10 - scream. I'm going to go into switch C, that's the switch I'm
00:38:14 - on right now. Get into interface VLAN 70 and actually before
00:38:18 - I talk about making HSRP extremely fast, let me talk about an
00:38:21 - important timer, deals with preemption. I'm going to type in
00:38:26 - standby 1 preempt, and that is what we talked about before, to
00:38:30 - turn on preemption, this will become King of the Hill once it
00:38:35 - reboots and it finds it's a higher priority. But there's some
00:38:38 - timers that you can adjust on preemption, you can see you have
00:38:41 - a delay before preempting. Now notice there's a few of them that
00:38:46 - says minimum reload or sync that says, wait
00:38:51 - wait at least this long before you preempt across the board.
00:38:55 - Wait after you reload or wait for the clients to sync up with
00:38:59 - you, you know, this long wait until clients are accessing you
00:39:02 - for this long before you preempt and become HSRP. The activate
00:39:07 - HSRP router. The two most often used one are these two and I
00:39:11 - would highly recommend using the reload. Because if your switch
00:39:15 - is rebooting, you usually don't want it as soon as it comes back
00:39:19 - online to be active right away or that goes for routers, too.
00:39:23 - And the reason why is because when the router boots, it's kind
00:39:27 - of, you know, learning routing tables. It's learning
00:39:32 - routing tables, it's doing CDP, it's finishing the process that
00:39:37 - occurred to boot. When it booted, so the processor time is more
00:39:40 - utilized. Think of it when you boot a windows PC, and you log
00:39:44 - in, right? You kind of just sit there for a couple minutes, at
00:39:47 - least I do on my slow computer, because it's loading all these
00:39:51 - other processes and I know if I do anything, it's just going
00:39:53 - to kind of hang there and be really slow acting. So it's the
00:39:57 - same way with a router. So you might say, delay after reload,
00:40:01 - you know, maybe 180 seconds. So it's going to wait. If this is
00:40:06 - the primary router, it will wait three minutes before it says,
00:40:11 - okay, I'm up and I've been stable long enough for me to become
00:40:14 - active, now I will preempt and become King of the Hill. Now I'll
00:40:19 - talk about how to make HSRP scream. I can type,
00:40:23 - not literally, I can type in standby 1 timers and then how I
00:40:29 - want to tune down my timers. Now we know that the default timers
00:40:33 - in HSRP is hello once every 3 seconds, dead after 10.
00:40:39 - I can tune that down, I'll say first off to equal VRRP, the latest
00:40:44 - and greatest ones. I just type in timers one to say hello once
00:40:48 - every second, and then three to say, you're dead if you don't
00:40:52 - respond after three seconds, and you're good to go and actually
00:40:55 - do four, so you get three missed hellos before that happens.
00:40:59 - Now that kind of makes it compete with VRRP, but why compete
00:41:04 - when you can do better? Did you notice this one right here? Oh,
00:41:09 - yeah. Timers in milliseconds and I can have it say, hello. Now
00:41:15 - I wouldn't recommend 15 there, that's a little crazy. But I can
00:41:19 - say, you know, maybe send a hello message once every 150 milliseconds
00:41:25 - and consider somebody dead in
00:41:29 - we have to type in the milliseconds both times, consider somebody
00:41:33 - dead after we'll say 700 milliseconds. At that point, your layer
00:41:40 - three devices, routers or switches, will converge in less than
00:41:44 - a second when a major failure has occurred. Now that's good news
00:41:49 - because less than a second convergence means most likely nobody
00:41:54 - notices because it transitions that process as fast as you can
00:42:00 - snap your finger. Now there are other criteria that have to go
00:42:03 - in with that nobody notices like statefulnat(ph) and so on. But
00:42:07 - that is a way that you can allow HSRP to start moving very fast.
00:42:13 - Now the only drawback to doing that is do realize that now your
00:42:18 - switch is generating what would that be? Like seven, eight packets
00:42:21 - a second of hellos for HSRP. So not only does your network bandwidth
00:42:26 - go up and I would say that's the least of the concerns since
00:42:29 - usually you've got gig uplinks between the switches, what I would
00:42:33 - say to watch out for is your processor cycles because now both
00:42:36 - switches are having to generate and receive potentially eight
00:42:42 - or nine hello messages every single second for HSRP and there's
00:42:46 - always an interrupt associated with that to the processor.
00:42:50 - On our newer switches, though, I wouldn't consider that much
00:42:53 - of a problem because their processors are usually pretty heavy,
00:42:57 - especially with those soup modules, soup 720 or whatever else
00:43:01 - we've got in our 6500 series switches nowadays. So let's wrap
00:43:05 - this up. It's been ooh, I'm out of breath after this one. Good
00:43:09 - stuff. HSRP in action. We did see of course redundancy is good,
00:43:14 - having two puppies is better than one. HSRP VRR, GLBP,
00:43:18 - what's the difference between them all? We had kind of the cram
00:43:21 - section slide of that, but really focused in this video on HSRP,
00:43:26 - everything about it. Part 2 of this is going to focus on the
00:43:29 - other two protocols,
00:43:31 - VRRP and GLBP. I hope this has been informative for you and I'd
00:43:35 - like to thank you for viewing.

Redundancy in the Campus: HSRP, VRRP, and GLBP Part 2

Campus Security: Basic Port Security and 802.1x

Campus Security: VLAN and Spoofing Attacks

Campus Security: STP Attacks and Other Security Considerations

Campus VoIP: Overview, Considerations, and AutoQoS

Wireless LAN: Foundation Concepts and Design Part 1

Wireless LAN: Foundation Concepts and Design Part 2

Wireless LAN: Frequencies and 802.11 Standards

Wireless LAN: Understanding the Hardware

The Switches Domain: Additional Life-Saving Technology

Monitoring: Your Pulse on the Network

Campus Security: VACLs

This forum is for community use – trainers will not participate in conversations. Share your thoughts on training content and engage with other members of the CBT Nuggets community. For customer service questions, please contact our support team. The views expressed in comments reflect those of the author and not of CBT Nuggets. We reserve the right to remove comments that do not adhere to our community standards.

comments powered by Disqus
Community Standards

We encourage you to share your wisdom, opinions, and questions with the CBT Nuggets community. To keep things civil, we have established the following policy.

We reserve the right not to post comments that:
contain obscene, indecent, or profane language; contain threats or defamatory statements; contain personal attacks; contain hate speech directed at race, color, sex, sexual orientation, national origin, ethnicity, age, religion, or disability; contributes to a hostile atmosphere; or promotes or endorses services or products. Non-commercial links, if relevant to the topic, are acceptable. Comments are not moderated, however, all comments will automatically be filtered for content that might violate our comment policies. If your comment is flagged by our filter, it will not be published.

We will be continually monitoring published comments and any content that violates our policies will be removed. Users who repeatedly violate our comments policy may be prohibited from commenting.

Course Features

Speed Control

Play videos at a faster or slower pace.

Bookmarks

Pick up where you left off watching a video.

Notes

Jot down information to refer back to at a later time.

Closed Captions

Follow what the trainers are saying with ease.

MP3 Downloads

Listen to videos anytime, anywhere

Annual Course Features

Transcender Practice Exams

These practice tests help you review your knowledge and prepare you for exams.
Available only with the annual subscription.
Jeremy Cioara

Jeremy Cioara

CBT Nuggets Trainer

Certifications:
Cisco CCNA, CCDA, CCNA Security, CCNA Voice, CCNP, CCSP, CCVP, CCDP, CCIE R&S; Amazon Web Services CSA; Microsoft MCP, MCSE, Novell CNA, CNE; CompTIA A+, Network+, iNet+

Area Of Expertise:
Cisco network administration and development. Author or coauthor of numerous books, including: CCNA Voice 640-461 Official Cert Guide; CCNA Voice Official Exam Certification Guide (640-460 IIUC); CCENT Exam Prep (Exam 640-822); CCNA Exam Cram (Exam 640-802) 3rd Edition; and CCNA Voice 640-461 Official Cert Guide.

Add training to a playlist
or create a new list
Add to current playlist
or add to an existing list
Add to new playlist
Add New Bookmark

Redundancy in the Campus: HSRP, VRRP, and GLBP Part 1
Bookmark Title:
Whoops

Login is required to access this feature.

Your browser cannot access Virtual Labs
Video Options

This advanced buffering is applied to all streams regardless if you installed the doublespeed control or not. Sometimes the advanced buffering causes the video to hang or behave erratically. If you are experienceing issues with video playback please disable the doublespeed buffer.

Remember to re-enable the buffer if you want to use the doublespeed control.

If you are experiencing problems with our content delivery, please click here to switch to our alternate content delivery network or go to our network FAQ.
For other common video playback issues, including firewall and corporate network issues, please visit our Tech Support forum.