4.3.3.4 Lab – Configure HSRP Answers

4.3.3.4 Lab – Configuring HSRP (Instructor Version)

Instructor Note: Red font color or gray highlights indicate text that appears in the instructor copy only.

Topology

Addressing Table

Device Interface IP Address Subnet Mask Default Gateway
R1 G0/1 192.168.1.1 255.255.255.0 N/A
S0/0/0 (DCE) 10.1.1.1 255.255.255.252 N/A
R2 S0/0/0 10.1.1.2 255.255.255.252 N/A
S0/0/1 (DCE) 10.2.2.2 255.255.255.252 N/A
Lo1 209.165.200.225 255.255.255.224 N/A
R3 G0/1 192.168.1.3 255.255.255.0 N/A
S0/0/1 10.2.2.1 255.255.255.252 N/A
S1 VLAN 1 192.168.1.11 255.255.255.0 192.168.1.1
S3 VLAN 1 192.168.1.13 255.255.255.0 192.168.1.3
PC-A NIC 192.168.1.31 255.255.255.0 192.168.1.1
PC-C NIC 192.168.1.33 255.255.255.0 192.168.1.3

Objectives

Part 1: Build the Network and Verify Connectivity
Part 2: Configure First Hop Redundancy using HSRP

Background / Scenario

Spanning tree provides loop-free redundancy between switches within a LAN. However, it does not provide redundant default gateways for end-user devices within the network if one of the routers fails. First Hop Redundancy Protocols (FHRPs) provide redundant default gateways for end devices with no end-user configuration necessary. In this lab, you will configure Cisco’s Hot Standby Routing Protocol (HSRP), a First Hop Redundancy Protocol (FHRP).

Note: The routers used with CCNA hands-on labs are Cisco 1941 Integrated Services Routers (ISRs) with Cisco IOS Release 15.2(4)M3 (universalk9 image). The switches used are Cisco Catalyst 2960s with Cisco IOS Release 15.0(2) (lanbasek9 image). Other routers, switches, and Cisco IOS versions can be used. Depending on the model and Cisco IOS version, the commands available and output produced might vary from what is shown in the labs. Refer to the Router Interface Summary Table at the end of this lab for the correct interface identifiers.

Note: Make sure that the routers and switches have been erased and have no startup configurations. If you are unsure, contact your instructor.

Instructor Note: Refer to the Instructor Lab Manual for the procedures to initialize and reload devices.

Required Resources

  • 3 Routers (Cisco 1941 with Cisco IOS Release 15.2(4)M3 universal image or comparable)
  • 2 Switches (Cisco 2960 with Cisco IOS Release 15.0(2) lanbasek9 image or comparable)
  • 2 PCs (Windows 8, 7, or Vista with terminal emulation program, such as Tera Term)
  • Console cables to configure the Cisco IOS devices via the console ports
  • Ethernet and serial cables as shown in the topology

Part 1: Build the Network and Verify Connectivity

In Part 1, you will set up the network topology and configure basic settings, such as the interface IP addresses, static routing, device access, and passwords.

Step 1: Cable the network as shown in the topology.

Attach the devices as shown in the topology diagram, and cable as necessary.

Step 2: Configure PC hosts.

Step 3: Initialize and reload the routers and switches as necessary.

Step 4: Configure basic settings for each router.

a. Disable DNS lookup.

b. Configure the device name as shown in the topology.

c. Configure IP addresses for the routers as listed in the Addressing Table.

d. Set clock rate to 128000 for all DCE serial interfaces.

e. Assign class as the encrypted privileged EXEC mode password.

f. Assign cisco for the console and vty password and enable login.

g. Configure logging synchronous to prevent console messages from interrupting command entry.

h. Copy the running configuration to the startup configuration.

Step 5: Configure basic settings for each switch.

a. Disable DNS lookup.

b. Configure the device name as shown in the topology.

c. Assign class as the encrypted privileged EXEC mode password.

d. Configure IP addresses for the switches as listed in the Addressing Table.

e. Configure the default gateway on each switch.

f. Assign cisco for the console and vty password and enable login.

g. Configure logging synchronous to prevent console messages from interrupting command entry.

h. Copy the running configuration to the startup configuration.

Step 6: Verify connectivity between PC-A and PC-C.

Ping from PC-A to PC-C. Were the ping results successful? _______Yes

If the pings are not successful, troubleshoot the basic device configurations before continuing.

Note: It may be necessary to disable the PC firewall to successfully ping between PCs.

Step 7: Configure routing.

a. Configure RIP version 2 on all routers. Add all the networks, except 209.165.200.224/27 into the RIP process.

b. Configure a default route on R2 using Lo1 as the exit interface to 209.165.200.224/27 network.

c. On R2, use the following commands to redistribute the default route into the RIP process.

R2(config)# router rip
R2(config-router)# default-information originate

Step 8: Verify connectivity.

a. From PC-A, you should be able to ping every interface on R1, R2, R3, and PC-C. Were all pings successful? ___________Yes

If the pings are not successful, troubleshoot the basic device configurations before continuing.

b. From PC-C, you should be able to ping every interface on R1, R2, R3, and PC-A. Were all pings successful? ___________Yes

If the pings are not successful, troubleshoot the basic device configurations before continuing.

Part 2: Configure First Hop Redundancy Using HSRP

Even though the topology has been designed with some redundancy (two routers and two switches on the same LAN network), both PC-A and PC-C are configured with only one gateway address. PC-A is using R1 and PC-C is using R3. If either of these routers or the interfaces on the routers went down, the PC could lose its connection to the Internet.

In Part 2, you will test how the network behaves both before and after configuring HSRP. To do this, you will determine the path that packets take to the loopback address on R2.

Step 1: Determine the path for Internet traffic for PC-A and PC-C.

a. From a command prompt on PC-A, issue a tracert command to the 209.165.200.225 loopback address of R2.

C:\ tracert 209.165.200.225  

Tracing route to 209.165.200.225 over a maximum of 30 hops  
  
  1     1 ms     1 ms     1 ms  192.168.1.1  
  2    13 ms    13 ms    13 ms  209.165.200.225  
  
Trace complete.

What path did the packets take from PC-A to 209.165.200.225?
___________________________________PC-A to R1 to R2

b. From a command prompt on PC-C, issue a tracert command to the 209.165.200.225 loopback address of R2.

What path did the packets take from PC-C to 209.165.200.225?
____________________________________PC-C to R3 to R2

Step 2: Start a ping session on PC-A, and break the connection between S1 and R1.

a. From a command prompt on PC-A, issue a ping –t command to the 209.165.200.225 address on R2. Make sure you leave the command prompt window open.

Note: The pings continue until you press Ctrl+C, or until you close the command prompt window.

C:\ ping –t 209.165.200.225
Pinging 209.165.200.225 with 32 bytes of data:
Reply from 209.165.200.225: bytes=32 time=9ms TTL=254
Reply from 209.165.200.225: bytes=32 time=9ms TTL=254
Reply from 209.165.200.225: bytes=32 time=9ms TTL=254
<output omitted>

b. As the ping continues, disconnect the Ethernet cable from F0/5 on S1. You can also shut down the S1 F0/5 interface, which creates the same result.

What happened to the ping traffic?
_______________________________________________
After the cable was disconnected from F0/5 on S1 (or the interface was shut down), pings failed. Sample output is below.

Request timed out.
Request timed out.
Request timed out.
Request timed out.
<output omitted>

c. Would be the results if you repeat Steps 2a and 2b on PC-C and S3?
______________________________________________
The results were the same as on PC-A. After the Ethernet cable was disconnected from F0/5 on S3, the pings failed.

d. Reconnect the Ethernet cables to F0/5 or enable the F0/5 interface on both S1 and S3, respectively. Re-issue pings to 209.165.200.225 from both PC-A and PC-C to make sure connectivity is re-established.

Step 3: Configure HSRP on R1 and R3.

In this step, you will configure HSRP and change the default gateway address on PC-A, PC-C, S1, and S2 to the virtual IP address for HSRP. R1 becomes the active router via configuration of the HSRP priority command.

a. Configure HSRP on R1.

R1(config)# interface g0/1
R1(config-if)# standby version 2
R1(config-if)# standby 1 ip 192.168.1.254
R1(config-if)# standby 1 priority 150
R1(config-if)# standby 1 preempt

b. Configure HSRP on R3.

R3(config)# interface g0/1
R3(config-if)# standby version 2
R3(config-if)# standby 1 ip 192.168.1.254

c. Verify HSRP by issuing the show standby command on R1 and R3.

R1# show standby  

GigabitEthernet0/1 - Group 1 (version 2)  
  State is Active  
    4 state changes, last state change 00:00:30  
  Virtual IP address is 192.168.1.254  
  Active virtual MAC address is 0000.0c9f.f001  
    Local virtual MAC address is 0000.0c9f.f001 (v2 default)  
  Hello time 3 sec, hold time 10 sec  
    Next hello sent in 1.696 secs  
  Preemption enabled
  Active router is local  
  Standby router is 192.168.1.3, priority 100 (expires in 11.120 sec)  
  Priority 150 (configured 150)  
  Group name is "hsrp-Gi0/1-1" (default)  

  
R3# show standby  

GigabitEthernet0/1 - Group 1 (version 2)  
  State is Standby  
    4 state changes, last state change 00:02:29  
  Virtual IP address is 192.168.1.254  
  Active virtual MAC address is 0000.0c9f.f001  
    Local virtual MAC address is 0000.0c9f.f001 (v2 default)  
  Hello time 3 sec, hold time 10 sec  
    Next hello sent in 0.720 secs  
  Preemption disabled  
  Active router is 192.168.1.1, priority 150 (expires in 10.128 sec)  
    MAC address is d48c.b5ce.a0c1  
  Standby router is local  
  Priority 100 (default 100)  
  Group name is "hsrp-Gi0/1-1" (default)

Using the output shown above, answer the following questions:

Which router is the active router? ____________R1

What is the MAC address for the virtual IP address? __________________0000.0c9f.f001

What is the IP address and priority of the standby router?
_____________________________________________
IP address is 192.168.1.3 and the priority is 100 (the default which is less than that of R1, the active router, with a priority of 150).

d. Use the show standby brief command on R1 and R3 to view an HSRP status summary. Sample output is shown below.

R1# show standby brief  

                     P indicates configured to preempt.  
                      |  
Interface   Grp  Pri P State   Active          Standby         Virtual IP  
Gi0/1       1    150 P Active  local           192.168.1.3     192.168.1.254  

  
R3# show standby brief  

                     P indicates configured to preempt.  
                      |  
Interface   Grp  Pri P State   Active          Standby         Virtual IP  
Gi0/1       1    100   Standby 192.168.1.1     local           192.168.1.254

e. Change the default gateway address for PC-A, PC-C, S1, and S3. Which address should you use?
__________________________________________________
192.168.1.254

f. Verify the new settings. Issue a ping from both PC-A and PC-C to the loopback address of R2. Are the pings successful? ________Yes

Step 4: Start a ping session on PC-A and break the connection between the switch that is connected to the Active HSRP router (R1).

a. From a command prompt on PC-A, issue a ping –t command to the 209.165.200.225 address on R2. Ensure that you leave the command prompt window open.

b. As the ping continues, disconnect the Ethernet cable from F0/5 on S1 or shut down the F0/5 interface.
What happened to the ping traffic?
__________________________________________________
A few packets may be dropped while the Standby router takes over. Sample output is shown below:

Reply from 209.165.200.225: bytes=32 time=9ms TTL=254
Request timed out.
Request timed out.
Reply from 209.165.200.225: bytes=32 time=9ms TTL=254
<output Omitted>

Step 5: Verify HSRP settings on R1 and R3.

a. Issue the show standby brief command on R1 and R3.
Which router is the active router? _____________R3 is now the active router.

b. Reconnect the cable between the switch and the router or enable interface F0/5. Now which router is the active router? Explain.
__________________________________________________
R1 became the active router because preemption is enabled and has a higher priority.

Step 6: Change HSRP priorities.

a. Change the HSRP priority to 200 on R3. Which is the active router? _________________R1

b. Issue the command to change the active router to R3 without changing the priority. What command did you use?
__________________________________________________

R3(config)# interface g0/1
R3(config-if)# standby 1 preempt

c. Use a show command to verify that R3 is the active router.

Reflection

Why would there be a need for redundancy in a LAN?
__________________________________________________
In today’s networks, down time can be a critical issue affecting sales, productivity, and general connectivity (IP Telephony phones for example).

Router Interface Summary Table

Router Interface Summary
Router Model Ethernet Interface #1 Ethernet Interface #2 Serial Interface #1 Serial Interface #2
1800 Fast Ethernet 0/0 (F0/0) Fast Ethernet 0/1 (F0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
1900 Gigabit Ethernet 0/0 (G0/0) Gigabit Ethernet 0/1 (G0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
2801 Fast Ethernet 0/0 (F0/0) Fast Ethernet 0/1 (F0/1) Serial 0/1/0 (S0/1/0) Serial 0/1/1 (S0/1/1)
2811 Fast Ethernet 0/0 (F0/0) Fast Ethernet 0/1 (F0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
2900 Gigabit Ethernet 0/0 (G0/0) Gigabit Ethernet 0/1 (G0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
Note: To find out how the router is configured, look at the interfaces to identify the type of router and how many interfaces the router has. There is no way to effectively list all the combinations of configurations for each router class. This table includes identifiers for the possible combinations of Ethernet and Serial interfaces in the device. The table does not include any other type of interface, even though a specific router may contain one. An example of this might be an ISDN BRI interface. The string in parenthesis is the legal abbreviation that can be used in Cisco IOS commands to represent the interface.

Device Configs

Router R1 

R1# show run
Building configuration...

Current configuration : 1375 bytes
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
enable secret 4 06YFDUHH61wAE/kLkDq9BGho1QM5EnRtoyr8cHAUg.2
!
no aaa new-model
!
no ip domain lookup
ip cef
no ipv6 cef
multilink bundle-name authenticated
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 192.168.1.1 255.255.255.0
standby version 2
standby 1 ip 192.168.1.254
standby 1 priority 150
standby 1 preempt
duplex auto
speed auto
!
interface Serial0/0/0
ip address 10.1.1.1 255.255.255.252
clock rate 128000
!
interface Serial0/0/1
no ip address
shutdown
!
!
router rip
network 10.1.1.0
network 192.168.1.0
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
!
!
control-plane
!
line con 0
password cisco
logging synchronous
login
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
password cisco
login
transport input all
!
scheduler allocate 20000 1000
!
end

Router R2 

R2# show run
Building configuration...

Current configuration : 1412 bytes
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
enable secret 4 06YFDUHH61wAE/kLkDq9BGho1QM5EnRtoyr8cHAUg.2
!
no aaa new-model
!
no ip domain lookup
ip cef
no ipv6 cef
multilink bundle-name authenticated
!
interface Loopback1
ip address 209.165.200.225 255.255.255.224
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
ip address 10.1.1.2 255.255.255.252
!
interface Serial0/0/1
ip address 10.2.2.2 255.255.255.252
clock rate 128000
!
!
router rip
network 10.1.1.0
network 10.2.2.0
default-information originate
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 Loopback1
!
!
control-plane
!
!
line con 0
password cisco
logging synchronous
login
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
password cisco
login
transport input all
!
scheduler allocate 20000 1000
!
end

Router R3 

R3# show run
Building configuration...

Current configuration : 1319 bytes
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
!
enable secret 4 06YFDUHH61wAE/kLkDq9BGho1QM5EnRtoyr8cHAUg.2
!
no aaa new-model
!
no ip domain lookup
ip cef
no ipv6 cef
multilink bundle-name authenticated
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 192.168.1.3 255.255.255.0
standby version 2
standby 1 ip 192.168.1.254
standby 1 priority 200
standby 1 preempt
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
clock rate 2000000
!
interface Serial0/0/1
ip address 10.2.2.1 255.255.255.252
!
!
router rip
network 10.2.2.0
network 192.168.1.0
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
!
!
control-plane
!
line con 0
password cisco
logging synchronous
login
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
password cisco
login
transport input all
!
scheduler allocate 20000 1000
!
end

Switch S1 

S1# show run
Building configuration...

Current configuration : 3114 bytes
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname S1
!
boot-start-marker
boot-end-marker
!
enable secret 4 06YFDUHH61wAE/kLkDq9BGho1QM5EnRtoyr8cHAUg.2
!
no aaa new-model
system mtu routing 1500
!
!
no ip domain-lookup
!
crypto pki trustpoint TP-self-signed-2530377856
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2530377856
revocation-check none
rsakeypair TP-self-signed-2530377856
!
!
!1panning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
ip address 192.168.1.11 255.255.255.0
!
ip default-gateway 192.168.1.254
ip http server
ip http secure-server
!
line con 0
password cisco
logging synchronous
login
line vty 0 4
password cisco
login
line vty 5 15
password cisco
login
!
end

Switch S3 

S3# show run
Building configuration...

Current configuration : 2974 bytes
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname S3
!
boot-start-marker
boot-end-marker
!
enable secret 4 06YFDUHH61wAE/kLkDq9BGho1QM5EnRtoyr8cHAUg.2
!
no aaa new-model
system mtu routing 1500
!
!
no ip domain-lookup
!
!
crypto pki trustpoint TP-self-signed-2530358400
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2530358400
revocation-check none
rsakeypair TP-self-signed-2530358400
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
ip address 192.168.1.13 255.255.255.0
!
ip default-gateway 192.168.1.254
ip http server
ip http secure-server
!
!
line con 0
password cisco
logging synchronous
login
line vty 0 4
password cisco
login
line vty 5 15
password cisco
login
!
end

 


guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x