This section describes how to configure HSR and related features:
- Configuring an HSR ring
- Configuring HSRP gateways
- Configuring REP segment
Configuring an HSR Ring
HSR configuration applies to the Cisco IE 4000 switches in the ring.
Before configuring HSR, check if HSR is enabled; newer versions have it enabled by default.
Switch# show version | inc Feature
Feature Mode : 0x25 Enabled: HSR (Disabled: MRP TSN)
If HSR is enabled, skip this step; otherwise, use the following command to enable:
Switch# license right-to-use activate hsr
For the change to take effect, the switch must be reloaded. Confirm the reload when prompted and wait for the switch to reload and boot. Verify that the HSR feature is activated.
Ensure that the member interfaces of a HSR ring are not participating in any redundancy protocols such as FlexLinks, EtherChannel, and REP before configuring a HSR ring.
Follow these steps to configure HSR:
1. Shut down the ports before configuring the HSR ring:
interface range GigabitEthernet1/1-2
2. Configure switch port and VLANs as desired:
switchport trunk allowed vlan 10,20,900 switchport trunk native vlan 900
3. Disable PTP. As explained in Choosing an HSR Implementation, PTP is not supported:
4. Create the HSR ring interface and assign the ports to the HSR ring. This command should be issued in the interface configuration. The two interfaces will be bundled in a HSR interface:
5. Turn on the HSR interface:
6. Make sure the enable DualUplinkEnhancement feature is not disabled. This feature is required to support the connectivity to a dual router (HSRP in this case) on the distribution layer:
Show run | include fpgamode-DualUplinkEnhancement
If the output shows no hsr-ring 1 fpgamode-DualUplinkEnhancement, issue the following command.
hsr-ring 1 fpgamode-DualUplinkEnhancement
Follow these optional steps to configure CDP and LLDP to provide information about HSR ring nodes:
7. Enable LLDP globally:
8. Enable LLDP on the ports to be assigned to the HSR ring:
interface range GigabitEthernet1/1-2
9. Enable CDP on the ports to be assigned to the HSR ring:
interface range GigabitEthernet1/1-2
Follow these optional steps to enable HSR alarms:
10. Enable the HSR alarm facility:
alarm facility hsr enable
11. Enable SNMP notification for HSR alarms:
alarm facility hsr notifies
12. Associate HSR alarms with the Major Relay:
alarm facility hsr relay major
Configure Administrative VLAN
To avoid the delay introduced by relaying messages that are related to link-failures or VLAN-blocking notifications during VLAN load balancing, REP floods packets at the hardware flood layer (HFL) to a regular multicast address. These messages are flooded to the whole network and not just to the REP segment. You can control the flooding of these messages by configuring an administrative VLAN for the whole domain.
Follow these guidelines when configuring the REP administrative VLAN:
- Only one administrative VLAN can exist on a router and on a segment. However, the software does not enforce this.
- If you do not configure an administrative VLAN, the default is VLAN 1.
- If you want to configure REP on an interface, ensure that the REP administrative VLAN is part of the Trunk EFP encapsulation list:
Enable REP on Interfaces
For the REP operation, you must enable REP on each segment interface and identify the segment ID. This task is required and must be done before other REP configuration. You must also configure a primary and secondary edge port on each segment. All other steps are optional.
To configure a port as an edge port, use the following command in interface configuration mode:
rep segment <ID> edge (primary)
The primary keyword is optional and allows for manual selection of the primary edge. If the primary keyword is used, the other edge port becomes the secondary edge port (no keyword required). To configure the secondary edge port, omit the primary keyword as shown:
To configure a port as a member of the REP segment, use the following command in interface configuration mode:
Preemption is done either manually with the rep preempt segment < ID > command, or automatically if you configure rep preempt delay < seconds > under the primary edge port.
When a segment heals after a link failure, one of the two ports adjacent to the failure comes up as the ALT port. Then, after preemption, the location of the ALT ports become the primary edge port unless additional configuration is done for load balancing and alternate port, which is not covered in this document. For more information, refer to Cisco Industrial Ethernet 4000, 4010 and 5000 Switch Software Configuration Guide:
Example of automatic preemption:
rep segment 30 edge primary
Example of manual preemption:
SWITCH#rep preempt segment 30
The command will cause a momentary traffic disruption.
Do you still want to continue? [confirm]
Proceeding with Manual Preemption
HSRP configuration applies to the two distribution switches (Cisco IE 5000s). The standby ip interface configuration command activates HSRP on the configured interface. If an IP address is specified, that address is used as the designated address for the Hot Standby group. If no IP address is specified, the address is learned through the standby function. You must configure at least one Layer 3 port on the LAN with the designated address. Configuring an IP address always overrides another designated address currently in use. It is recommended to configure the lowest IP in the network as standby IP to guarantee that the master router will become the IGMP snooping querier.
In the current implementation, HSRP is configured in a Switch Virtual Interface (SVI). To configure HSRP, assign a virtual IP and group number to the interface. The following is an example of HSRP configuration in master peer:
ip address 10.17.10.2 255.255.255.0
The following is an example of the standby peer:
ip address 10.17.10.3 255.255.255.0
Note that virtual IP is the same while physical IP varies per peer.
Configuring HSRP Priority
When configuring HSRP priority, follow these guidelines:
- Assigning a priority allows you to select the active and standby routers. If preemption is enabled, the router with the highest priority becomes the active router again after recovering from a failure. If priorities are equal, the current active router does not change.
- The highest number (1 to 255) represents the highest priority (most likely to become the active router).
- When routing is first enabled for the interface, it does not have a complete routing table. If it is configured to preempt, it becomes the active router, even though it is unable to provide adequate routing services. To solve this problem, configure a delay time to allow the router to update its routing table.
To configure priority in the desired active peer, add this line to the interface configuration (since default priority is 100, the configured number should be higher):
Configure the router to preempt, which means that when the local router has a higher priority than the active router, it assumes control as the active router. As an option a delay can be configured, which will cause the local router to postpone taking over the active role for the number of seconds shown:
standby 1 preempt delay minimum
HSRP uses two timers: hello interval and hold time. Hello interval defines the frequency that hello packets are sent to the other peer. Hold time indicates the amount of time to wait before marking the peer as down. The hold time should be three or more times greater than the hello interval. To configure those timers:
standby 1 timers msec 200 msec 750
Internet Group Management Protocol Design Considerations
IGMP snooping should be configured to route multicast traffic only to those hosts that request traffic from the specific multicast group. IGMP snooping is configured by default in Cisco IE switches, but IGMP snooping querier should be configured in the distribution switches (Cisco IE 5000s) using the following command:
IGMP selects the querier with the lowest IP in the network, hence the importance of configuring the HSRP IP to be the lowest in the network.
- Configure preemption in HSRP for deterministic routing.
- If REP preemption is required, it is recommended to do manual preemption to avoid an unplanned downtime. REP preemption could cause a multicast tree re-convergence that affects nodes attached to the REP segment.
- For REP segment, the edge port in the Cisco IE 4000 connected directly to HSRP subordinate should be primary so it gets blocked by default in preemption.
- Enable BPDU filtering in ports connecting to end devices and distribution on the Cisco IE 4000 participating in HSR ring to avoid ports getting into a blocked state after topology changes.
- Avoid using access ports on the distribution switch for VLANs being used in the ring to avoid a HSRP split brain scenario. If connecting devices directly to the distribution switches, use a different VLAN.
Network and Ring Size Considerations
- The maximum number of nodes in the node table is 512. Nodes are all the DANH and VDAN devices that can be connected to the ring at same time.
- A maximum ring size of 24 switches is recommended. Given that HSR gives protection for a single failure in the ring, increasing the size would also increase the probability of more concurrent failures.