Guest

Cisco Nexus 7000 Series Switches

Nexus 7000 Series Switches Using HSRP Configuration Example

Cisco - Nexus 7000 Series Switches Using HSRP Configuration Example

Document ID: 113002

Updated: May 17, 2012

   Print

Introduction

This document provides a sample configuration for Hot Standby Router Protocol (HSRP) on Cisco Nexus 7000 Series devices, and shows the HSRP configuration which provides first-hop redundancy protocol (FHRP) and load sharing between two Nexus 7000 Series Switches.

Prerequisites

Requirements

Make sure that you meet these requirements before you attempt this configuration:

  • Have a basic knowledge of configuration on Nexus 7000 Series Switches

  • Have a basic understanding of Hot Standby Router Protocol (HSRP)

Components Used

The information in this document is based on the Nexus 7000 Series NX-OS devices.

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Conventions

Refer to the Cisco Technical Tips Conventions for more information on document conventions.

Hot Standby Routing Protocol (HSRP)

HSRP Overview

HSRP provides first-hop routing redundancy for hosts present on networks with a group of routers. HSRP selects the active router that routes packets, and the standby router that takes over when the active router fails or preset conditions are met.

Before you configure HSRP on a router, configure the IP address (real address) on each interface and enable the HSRP feature on the routers. Then, configure the virtual IP address and MAC address for the HSRP enabled interface that is used as the default router for the users in the group. In the HSRP group, the active router will forward and receive the packets destined for the virtual MAC address. If the active router fails, the control for the virtual MAC and IP addresses will transfer to the standby router.

Interfaces that are configured with HSRP, transfer the Hello messages through multicast User Datagram Protocol (UDP). This Hello message is used to detect a failure and designate active and standby routers. The Hello message states the HSRP priority and information of the router to other HSRP routers.

Priority mechanism is used to determine the active router in the HSRP group. The default priority value is 100 If you want to designate a router as an active router, configure the interface with a higher priority value than all other interfaces in the group and the virtual IP address and MAC address will be assigned to that interface.

From the network setup outlined in this document, HSRP provides the load sharing between two Nexus routers. Traffic from the hosts present in the two groups are shared by two routers. If one router fails, then the other router will take responsible for the traffic from both groups.

Configure

In this section, you are presented with the information to configure HSRP on Nexus 7000 Series devices.

Note: Use the Command Lookup Tool (registered customers only) to obtain more information on the commands used in this section.

Network Setup

This document uses this network setup:

nexus-hsrp-01.gif

This is an example of HSRP, where there are two routers (Nexus 1 and Nexus 2) and two group users (VLAN 13 and VLAN 14). Through the configuration given below the Nexus 1 is the active router for users in VLAN 13 and standby router for users in VLAN 14; Nexus 2 is active router for users in VLAN 14 and standby router for users in VLAN 13. So the traffic will be shared by these two nexus routers, and also provide first-hop routing redundancy.

Configurations

This configuration explains how two HSRP groups are configured in Nexus 7000 Series Switches.

For the group HSRP 13, the Nexus 1 router is configured with a priority value of 90 and the Nexus 2 router is configured with a priority value of 80. In this instance, the Nexus 1 router has highest priority value, so the Nexus 1 router is the active router and the Nexus 2 router is the standby router for users in VLAN 13.

For the group HSRP 14, the Nexus 1 router is configured with a priority value of 80 and the Nexus 2 router is configured with a priority value of 90. In this instance, the Nexus 2 router has highest priority value, so the Nexus 2 router is the active router and the Nexus 1 router is the standby router for users in VLAN 14.

This document uses these configurations:

Nexus 1
Nexus1#configure terminal


!--- Enable the HSRP feature.

Nexus1(config)#feature hsrp



Configuration of interface VLAN 13


Nexus1(config)#interface vlan13 
Nexus1(config-if)#no ip redirects
Nexus1(config-if)#ip address 10.75.13.4/24


!--- Configuration of HSRP's group 13.

Nexus1(config-if)#hsrp 13
Nexus1(config-if-hsrp)#preempt

!--- Priority value used by HSRP to select the active and standby router.

Nexus1(config-if-hsrp)#priority 90


!--- IP address provided here is the virtual IP address for users in VLAN 13.

Nexus1(config-if-hsrp)#ip 10.75.13.1
Nexus1(config-if-hsrp)#exit
Nexus1(config-if)#no shutdown



Configuration of interface VLAN 14


Nexus1(config)#interface vlan14
Nexus1(config-if)#no ip redirects
Nexus1(config-if)#ip address 10.75.14.4/24


!--- Configuration of HSRP's group 14.

Nexus1(config-if)#hsrp 14
Nexus1(config-if-hsrp)#preempt


!--- Priority value used by HSRP to select the active and standby router.

Nexus1(config-if-hsrp)#priority 80


!--- IP address provided here is the virtual IP address for users in VLAN 14.

Nexus1(config-if-hsrp)#ip 10.75.14.1
Nexus1(config-if)#exit
Nexus1(config-if)#no shutdown

Nexus 2
Nexus2#configure terminal


!--- Enable the HSRP feature.

Nexus2(config)#feature hsrp



Configuration of interface VLAN 13


Nexus2(config)#interface vlan13
Nexus2(config-if)#no ip redirects
Nexus2(config-if)#ip address 10.75.13.5/24


!--- Configuration of HSRP's group 13.

Nexus2(config-if)#hsrp 13 

Nexus2(config-if-hsrp)#preempt


!--- Priority value used by HSRP to select the active and standby router.

Nexus2(config-if-hsrp)#priority 80


!--- IP address provided here is the virtual IP address for users in VLAN 13.

Nexus2(config-if-hsrp)#ip 10.75.13.1
Nexus2(config-if)#no shutdown
Nexus2(config-if)#exit



Configuration of interface VLAN 14


Nexus2(config)#interface vlan14
Nexus2(config-if)#no ip redirects
Nexus2(config-if)#ip address 10.75.14.5/24


!--- Configuration of HSRP's group 14.

Nexus2(config-if)#hsrp 14

Nexus2(config-if-hsrp)#preempt


!--- Priority value used by HSRP to select the active and standby router.

Nexus2(config-if-hsrp)#priority 90


!--- IP address provided here is the virtual IP address for users in VLAN 14.

Nexus2(config-if-hsrp)#ip 10.75.14.1
Nexus2(config-if)#no shutdown
Nexus2(config-if)#exit

HSRP and vPC

  • Most Nexus 7000s are put into a vPC (this essentially allows them to coordinate the LACP ID [which must be the same on all links on the etherchannel] for an etherchannel [port-channel] to a third device).

  • The Nexus 7000 will drop any packet that comes in on a vPC etherchannel, traverses the vPC peer link, and then tries to leave via a vPC etherchannel (including etherchannels that do not go back to the original device but are still in the same layer 2 domain). This is the designed layer 2 loop prevention mechanism for the Nexus 7000 as it does not block ports for vPC VLANs.

  • When in a vPC, the Nexus 7000s will most likely have the vPC peer gateway command configured. The vPC peer gateway command helps prevent packets from traversing the vPC peer link and being dropped since both Nexus 7000s should have a connection to any end device using the vPC VLAN.

  • The vPC peer gateway command allows either Nexus 7000 to intercept any packet (including HSRP packets) which is destined to the other peer’s MAC address to prevent the packet from traversing the vPC peer link.

Note: In essence, both Nexus 7000s in a vPC intercept packets for the HSRP virtual MAC address and process them without regard as to which one is active or standby. For more information, see vPC Peer Gateway and HSRP.

Verification Commands

Use this section to confirm that your configuration works properly.

The Output Interpreter Tool (registered customers only) (OIT) supports certain show commands. Use the OIT to view an analysis of show command output.

Here are some of the HSRP’s verification commands:

For the Nexus1 device:

  • Use the show hsrp command in order to display the HSRP status for all groups in the device.

    Nexus1# show hsrp
    Vlan13 - Group 13 (HSRP-V1) (IPv4)
      Local state is Active, priority 90 (Cfged 90), may preempt
        Forwarding threshold(for vPC), lower: 1 upper: 90
      Hellotime 3 sec, holdtime 10 sec
      Virtual IP address is 10.75.13.1 (Cfged)
      Active router is local
      Standby router is 10.75.13.5, priority 80 expires in 8.607000 sec(s)
      Authentication text "cisco"
      Virtual mac address is 0000.0c07.ac0d (Default MAC)
      0 state changes, last state change never
      IP redundancy name is hsrp-Vlan13-13 (default)
    
    Vlan14 - Group 14 (HSRP-V1) (IPv4)
      Local state is Standby, priority 80 (Cfged 80), may preempt
        Forwarding threshold(for vPC), lower: 1 upper: 80
      Hellotime 3 sec, holdtime 10 sec
      Virtual IP address is 10.75.14.1 (Cfged)
      Active router is 10.75.14.5, priority 90 expires in 4.161000 sec(s)
      Standby router is local
      Authentication text "cisco"
      Virtual mac address is 0000.0c07.ac0e (Default MAC)
      0 state changes, last state change never
      IP redundancy name is hsrp-Vlan14-14 (default)
  • Use the show hsrp [group group-number] command in order to display the HSRP status for a particular group in the device.

    Nexus1# show hsrp group 13
    Vlan13 - Group 13 (HSRP-V1) (IPv4)
      Local state is Active, priority 90 (Cfged 90), may preempt
        Forwarding threshold(for vPC), lower: 1 upper: 90
      Hellotime 3 sec, holdtime 10 sec
      Virtual IP address is 10.75.13.1 (Cfged)
      Active router is local
      Standby router is 10.75.13.5, priority 80 expires in 8.607000 sec(s)
      Authentication text "cisco"
      Virtual mac address is 0000.0c07.ac0d (Default MAC)
      0 state changes, last state change never
      IP redundancy name is hsrp-Vlan13-13 (default)
  • Use the show hsrp [interface interface-type slot/port] command in order to display the HSRP status for an interface in the device.

    Nexus1# show hsrp interface vlan 14
    Vlan14 - Group 14 (HSRP-V1) (IPv4)
      Local state is Standby, priority 80 (Cfged 80), may preempt
        Forwarding threshold(for vPC), lower: 1 upper: 80
      Hellotime 3 sec, holdtime 10 sec
      Virtual IP address is 10.75.14.1 (Cfged)
      Active router is 10.75.14.5, priority 90 expires in 4.161000 sec(s)
      Standby router is local
      Authentication text "cisco"
      Virtual mac address is 0000.0c07.ac0e (Default MAC)
      0 state changes, last state change never
      IP redundancy name is hsrp-Vlan14-14 (default)
  • Use the show hsrp delay [interface interface-type slot/port] command in order to display the HSRP delay value for all interfaces or one interface.

  • Use the show hsrp [group group-number] [interface interface-type slot/port] [active] [all] [init] [learn] [listen] [speak] [standby] command in order to display the HSRP status for a group or interface for virtual forwarders in the active, init, learn, listen, or standby state.

  • Use the show hsrp [group group-number] [interface interface-type slot/port] active] [all] [init] [learn] [listen] [speak] [standby] brief command in order to display a brief summary of the HSRP status for a group or interface for virtual forwarders in the active, init, learn, listen, or standby state.

For the Nexus2 device:

  • Use the show hsrp command in order to display the HSRP status for all groups in the device.

    Nexus2# show hsrp
    Vlan13 - Group 13 (HSRP-V1) (IPv4)
      Local state is Standby, priority 80 (Cfged 80), may preempt
        Forwarding threshold(for vPC), lower: 1 upper: 80
      Hellotime 3 sec, holdtime 10 sec
      Virtual IP address is 10.75.13.1 (Cfged)
      Active router is 10.75.13.4, priority 90 expires in 9.385000 sec(s)
      Standby router is local
      Authentication text "cisco"
      Virtual mac address is 0000.0c07.ac0d (Default MAC)
      0 state changes, last state change never
      IP redundancy name is hsrp-Vlan13-13 (default)
    
    Vlan14 - Group 14 (HSRP-V1) (IPv4)
      Local state is Active, priority 90 (Cfged 90), may preempt
        Forwarding threshold(for vPC), lower: 1 upper: 90
      Hellotime 3 sec, holdtime 10 sec
      Virtual IP address is 10.75.14.1 (Cfged)
      Active router is local
      Standby router is 10.75.14.4, priority 80 expires in 7.703000 sec(s)
      Authentication text "cisco"
      Virtual mac address is 0000.0c07.ac0e (Default MAC)
      0 state changes, last state change never
      IP redundancy name is hsrp-Vlan14-14 (default)

Related Information

Updated: May 17, 2012
Document ID: 113002