CISCO IE3400 Heavy Duty and Series Switches User Guide
- June 15, 2024
- Cisco
Table of Contents
- CISCO IE3400 Heavy Duty and Series Switches
- Product Information
- Product Usage Instructions
- Frequently Asked Questions
- High-Availability Seamless Redundancy
- DETAILED STEPS
- HSRP Overview
- Configuring HSRP
- Media Redundancy Protocol
- Guidelines and Limitations
- Read User Manual Online (PDF format)
- Download This Manual (PDF format)
CISCO IE3400 Heavy Duty and Series Switches
Product Information
Redundancy Protocol Configuration Guide, Cisco Catalyst IE3x00 and IE3100 Rugged, IE3400 Heavy Duty, and ESS3300 Series Switches
First Published: 2020-08-10
Last Modified: 2023-11-02
Americas Headquarters:
Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
Specifications
The specifications and information regarding the products in this manual are subject to change without notice. All statements, information, and recommendations in this manual are believed to be accurate but are presented without warranty of any kind, express or implied. Users must take full responsibility for their application of any products.
The software license and limited warranty for the accompanying product are set forth in the information packet that shipped with the product and are incorporated herein by this reference. If you are unable to locate the software license or limited warranty, contact your Cisco representative for a copy.
Notwithstanding any other warranty herein, all document files and software of these suppliers are provided as is with all faults. Cisco and the above-named suppliers disclaim all warranties, expressed or implied, including, without limitation, those of merchantability, fitness for a particular purpose, and noninfringement or arising from a course of dealing, usage, or trade practice.
In no event shall Cisco or its suppliers be liable for any indirect, special, consequential, or incidental damages, including, without limitation, lost profits or loss or damage to data arising out of the use or inability to use this manual, even if Cisco or its suppliers have been advised of the possibility of such damages.
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
All printed copies and duplicate soft copies of this document are considered uncontrolled. See the current online version for the latest version.
Cisco has more than 200 offices worldwide. Addresses and phone numbers are listed on the Cisco website at www.cisco.com/go/offices.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco
and/or its affiliates in the U.S. and other countries. To view a list of Cisco
trademarks, go to this URL:
https://www.cisco.com/c/en/us/about/legal/trademarks.html.
Third-party trademarks mentioned are the property of their respective owners.
The use of the word partner does not imply a partnership relationship between
Cisco and any other company. (1721R)
Product Usage Instructions
Chapter 1: Full Cisco Trademarks with Software License
Refer to Chapter 1 of the Redundancy Protocol Configuration Guide for detailed information on full Cisco trademarks and software license.
Chapter 2: Media Redundancy Protocol (MRP)
Chapter 2 of the Redundancy Protocol Configuration Guide provides information about Media Redundancy Protocol (MRP), including MRP modes, protocol operation, and Media Redundancy Automanager (MRA).
Information About MRP
Chapter 2 covers detailed information about MRP, including its features, benefits, and supported platforms.
MRP Modes
This section explains the different MRP modes available and how to configure them based on your network requirements.
Protocol Operation
Understand the protocol operation of MRP, including how it detects and recovers from network failures.
Media Redundancy Automanager (MRA)
Learn about Media Redundancy Automanager (MRA) and its role in managing MRP instances.
Chapter 3: Additional Sections
Chapter 3 of the Redundancy Protocol Configuration Guide contains additional sections that provide further guidance on configuring and troubleshooting the Cisco Catalyst IE3x00 and IE3100 Rugged, IE3400 Heavy Duty, and ESS3300 Series Switches.
Frequently Asked Questions
Q: Can I use actual IP addresses or phone numbers mentioned in the document?
A: No, the IP addresses and phone numbers mentioned in the document are not
intended to be actual addresses and phone numbers.
They are provided for illustrative purposes only.
Q: Where can I find the latest version of the document?
A: The latest version of the document can be found on the current online version available on the Cisco website.
Q: Are there any warranties for the products mentioned in the manual?
A: The specifications and information regarding the products in this manual are presented without warranty of any kind. Users must take full responsibility for their application of any products.
Q: What is Media Redundancy Protocol (MRP) and how does it work?
A: Media Redundancy Protocol (MRP) is a network protocol that provides redundancy and fault tolerance for Ethernet networks. It allows network devices to detect and recover from network failures, ensuring uninterrupted communication.
Redundancy Protocol Configuration Guide, Cisco Catalyst IE3x00 and IE3100
Rugged, IE3400 Heavy Duty, and ESS3300 Series Switches
First Published: 2020-08-10 Last Modified: 2023-11-02
Americas Headquarters
Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA
http://www.cisco.com Tel: 408 526-4000
800 553-NETS (6387) Fax: 408 527-0883
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE
SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND
RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED
WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL
RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET
FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE
INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE
SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A
COPY.
The Cisco implementation of TCP header compression is an adaptation of a
program developed by the University of California, Berkeley (UCB) as part of
UCB’s public domain version of the UNIX operating system. All rights reserved.
Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF
THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-
NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING,
WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE
PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL,
CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST
PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE
THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
Any Internet Protocol (IP) addresses and phone numbers used in this document
are not intended to be actual addresses and phone numbers. Any examples,
command display output, network topology diagrams, and other figures included
in the document are shown for illustrative purposes only. Any use of actual IP
addresses or phone numbers in illustrative content is unintentional and
coincidental.
All printed copies and duplicate soft copies of this document are considered
uncontrolled. See the current online version for the latest version.
Cisco has more than 200 offices worldwide. Addresses and phone numbers are
listed on the Cisco website at www.cisco.com/go/offices.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco
and/or its affiliates in the U.S. and other countries. To view a list of Cisco
trademarks, go to this URL:
https://www.cisco.com/c/en/us/about/legal/trademarks.html. Third-party
trademarks mentioned are the property of their respective owners. The use of
the word partner does not imply a partnership relationship between Cisco and
any other company. (1721R)
© 20202023 Cisco Systems, Inc. All rights reserved.
CONTENTS
CHAPTER 1
Full Cisco Trademarks with Software License ?
ix
High-Availability Seamless Redundancy (HSR) 1 Information About HSR 1 Loop
Avoidance 2 HSR RedBox Modes of Operation 3 HSR-SAN Mode 3 HSR-SAN Interfaces
3 CDP and LLDP for HSR 4 PTP over HSR 4 Supported PTP Profiles and Modes 4 HSR
RedBox as Doubly Attached BC (DABC) with P2P 5 HSR RedBox as Doubly Attached
TC (DATC) with P2P 8 HSR Alarms 11 HSR Uplink Redundancy Enhancement 12
Guidelines and Limitations 15 Default Settings 17 Configuring an HSR Ring 18
Enabling HSR Alarms 19 Clearing All Node Table and VDAN Table Dynamic Entries
20 Verifying Configuration 21 Configuration Example 21 Related Documents 24
Feature History 25
Redundancy Protocol Configuration Guide, Cisco Catalyst IE3x00 and IE3100 Rugged, IE3400 Heavy Duty, and ESS3300 Series Switches iii
Contents
CHAPTER 2 CHAPTER 3
Configuring HSRP 27 Configuring HSRP 27 Information About Configuring HSRP 27
HSRP Overview 27 HSRP Versions 29 Multiple HSRP 29 HSRP and Switch Stacks 30
Configuring HSRP for IPv6 30 HSRP IPv6 Virtual MAC Address Range 30 HSRP IPv6
UDP Port Number 30 How to Configure HSRP 31 Default HSRP Configuration 31 HSRP
Configuration Guidelines 31 Enabling HSRP 31 Enabling and Verifying an HSRP
Group for IPv6 Operation 33 Configuring HSRP Priority 35 Configuring MHSRP 37
Configuring HSRP Authentication and Timers 44 Enabling HSRP Support for ICMP
Redirect Messages 45 Verifying HSRP 45 Verifying HSRP Configurations 45
Configuration Examples for Configuring HSRP 46 Enabling HSRP: Example 46
Example: Configuration and Verification for an HSRP Group 46 Configuring HSRP
Priority: Example 48 Configuring MHSRP: Example 48 Configuring HSRP
Authentication and Timer: Example 49
Media Redundancy Protocol (MRP) 51 Information About MRP 51 MRP Modes 52
Protocol Operation 52 Media Redundancy Automanager (MRA) 54
Redundancy Protocol Configuration Guide, Cisco Catalyst IE3x00 and IE3100 Rugged, IE3400 Heavy Duty, and ESS3300 Series Switches iv
CHAPTER 4
License Levels 55 Multiple MRP Rings 56 MRP-STP Interoperability 56
Prerequisites 56 Guidelines and Limitations 57 Default Settings 59 Activating
the MRP License 59
Device Directly Connected to CSSM 60 Device Connected to CSSM through CSLU 61
Device Not Connected to CSSM or CSLU 63 Device in CSLU Mode and Not Connected
to CSSM 67 Configuring PROFINET MRP Mode Using TIA 15 or STEP7 68 Installing
the PROFINET GSD File 68 Bringing Up PROFINET MRP 68 Managing PROFINET Using
Simatic Step 7 or TIA 15 Portal 69 Configuring MRP CLI Mode 74 Configuring MRP
Manager 75 Configuring MRP Client 79 Re-enabling PROFINET MRP 81 Verifying
Configuration 82 Configuration Example 83 Feature History 86
Configuring PRP 87 Information About PRP 87 Role of the Switch 88 PRP Channels
89 Mixed Traffic and Supervision Frames 89 VLAN Tag in Supervision Frame 90
PTP over PRP 91 Supported PTP Profiles and Clock Modes 93 PRP RedBox Types 94
LAN-A and LAN-B Failure Detection and Handling 99 TrustSec Configuration on
PRP Interface 99
Contents
Redundancy Protocol Configuration Guide, Cisco Catalyst IE3x00 and IE3100 Rugged, IE3400 Heavy Duty, and ESS3300 Series Switches v
Contents
CHAPTER 5
Prerequisites 101 Guidelines and Limitations 101 Default Settings 104 Creating
a PRP Channel and Group 104
Examples 106 Configuring PRP Channel with Supervision Frame VLAN Tagging 107
Adding Static Entries to the Node and VDAN Tables 109
Example 110 Clearing All Node Table and VDAN Table Dynamic Entries 110
Disabling the PRP Channel and Group 111 Verifying Configuration 111
Configuration Examples 113 Related Documents 125 Feature History 125
Configuring Resilient Ethernet Protocol 127 Finding Feature Information 127
Resilient Ethernet Protocol Overview 127 Link Integrity 129 Fast Convergence
130 VLAN Load Balancing 130 Spanning Tree Interaction 132 Resilient Ethernet
Protocol (REP) Negotiated 132 REP Ports 133 REP Fast Overview 133 REP Zero
Touch Provisioning 134 REP and Day Zero 134 REP ZTP Overview 137 REP Segment-
ID Autodiscovery 138 REP Segment-ID Autodiscovery Deployment 138 REP Segment-
ID Autodiscovery Limitations 139 How to Configure Resilient Ethernet Protocol
140 Default REP Configuration 140 REP Configuration Guidelines 140
Redundancy Protocol Configuration Guide, Cisco Catalyst IE3x00 and IE3100 Rugged, IE3400 Heavy Duty, and ESS3300 Series Switches vi
Contents
CHAPTER 6
Configuring REP Administrative VLAN 142 Configuring a REP Interface 143
Setting Manual Preemption for VLAN Load Balancing 147 Configuring SNMP Traps
for REP 147 Configuring REP Fast 148 Configuring REP ZTP 149 Configuring REP
Segment-ID Autodiscovery 150
Enable REP Segment-ID Autodiscovery 150 Configure the Interfaces 150 View
Feature Status 151 Monitoring Resilient Ethernet Protocol Configurations 152
Displaying REP Fast Beacon Information 153 Displaying REP ZTP Status 154
Additional References for Resilient Ethernet Protocol 157 Feature History 157
VRRPv3 Protocol Support 159 VRRPv3 Protocol Support 159 Finding Feature
Information 159 Restrictions for VRRPv3 Protocol Support 160 Information About
VRRPv3 Protocol Support 160 VRRPv3 Benefits 160 VRRP Device Priority and
Preemption 161 VRRP Advertisements 162 How to Configure VRRPv3 Protocol
Support 162 Creating and Customizing a VRRP Group 162 Configuring the Delay
Period Before FHRP Client Initialization 164 Configuration Examples for VRRPv3
Protocol Support 165 Example: Enabling VRRPv3 on a Device 165 Example:
Creating and Customizing a VRRP Group 165 Example: Configuring the Delay
Period Before FHRP Client Initialization 166 Example: VRRP Status,
Configuration, and Statistics Details 166 Additional References 167 Glossary
167
Redundancy Protocol Configuration Guide, Cisco Catalyst IE3x00 and IE3100 Rugged, IE3400 Heavy Duty, and ESS3300 Series Switches vii
Contents
CHAPTER 7
Device Level Ring 169 Device Level Ring 169 Components of DLR 170 DLR Topology 170 Redundant Gateways 172 Cisco IE Switch Support for DLR 174 DLR Feature Interactions 176 Guidelines and Limitations 177 Configuring DLR 178 Configure a Ring Supervisor 178 Configure a Beacon-Based Ring Node 180 Configure a Redundant Gateway 180 Configure VLAN Trunking 183 Enabling CIP 184 Enable CIP on the Layer 3 Interface 184 Enable CIP on the SVI Interface 185 Feature History 186
Redundancy Protocol Configuration Guide, Cisco Catalyst IE3x00 and IE3100 Rugged, IE3400 Heavy Duty, and ESS3300 Series Switches viii
Note: The documentation set for this product strives to use bias-free
language. For purposes of this documentation set, bias-free is defined as
language that does not imply discrimination based on age, disability, gender,
racial identity, ethnic identity, sexual orientation, socioeconomic status,
and intersectionality. Exceptions may be present in the documentation due to
language that is hardcoded in the user interfaces of the product software,
language used based on RFP documentation, or language that is used by a
referenced third-party product.
Redundancy Protocol Configuration Guide, Cisco Catalyst IE3x00 and IE3100
Rugged, IE3400 Heavy Duty, and ESS3300 Series Switches ix
Redundancy Protocol Configuration Guide, Cisco Catalyst IE3x00 and IE3100 Rugged, IE3400 Heavy Duty, and ESS3300 Series Switches x
1 C H A P T E R
High-Availability Seamless Redundancy
· Information About HSR, on page 1 · Guidelines and Limitations, on page 15 ·
Default Settings, on page 17 · Configuring an HSR Ring, on page 18 · Enabling
HSR Alarms, on page 19 · Clearing All Node Table and VDAN Table Dynamic
Entries , on page 20 · Verifying Configuration, on page 21 · Configuration
Example, on page 21 · Related Documents, on page 24 · Feature History, on page
25
Information About HSR
High-availability Seamless Redundancy (HSR) is defined in International
Standard IEC 62439-3-2016 clause 5. HSR is similar to Parallel Redundancy
Protocol (PRP) but is designed to work in a ring topology. Instead of two
parallel independent networks of any topology (LAN-A and LAN-B), HSR defines a
ring with traffic in opposite directions. Port-A sends traffic counter
clockwise in the ring, and Port-B sends traffic clockwise in the ring. The HSR
packet format is also different from PRP. To allow the switch to determine and
discard duplicate packets, additional protocol specific information is sent
with the data frame. For PRP, this is sent as part of a trailer called the
redundancy control trailer (RCT), whereas for HSR this is sent as part of the
header called the HSR header. Both the RCT and HSR header contain a sequence
number, which is the primary data used to determine if the received frame is
the first instance or a duplicate instance.
Note HSR is supported on IE3400 Rugged and IE3400 Heavy Duty Series Switches
(see Guidelines and Limitations, on page 15 for supported SKUs). The term
switch in this document refers to the IE3400 Rugged and IE3400 Heavy Duty
Series Switches unless otherwise noted.
In this release, the switch supports only HSR-SAN mode and only one HSR
instance. In addition, you can create only one HSR or one PRP instance. If you
have created a PRP instance, no HSR instance can be created. The non-switching
nodes with two interfaces attached to the HSR ring are referred to as Doubly
Attached Nodes implementing HSR (DANHs). Similar to PRP, Singly Attached Nodes
(SANs) are attached to the HSR
Redundancy Protocol Configuration Guide, Cisco Catalyst IE3x00 and IE3100
Rugged, IE3400 Heavy Duty, and ESS3300 Series Switches 1
Loop Avoidance
High-Availability Seamless Redundancy (HSR)
ring through a device called a RedBox (Redundancy Box). The RedBox acts as a
DANH for all traffic for which it is the source or the destination. The switch
implements RedBox functionality using Gigabit Ethernet port connections to the
HSR ring.
The following figure shows an example of an HSR ring as described in IEC
62439-3. In this example, the RedBox is an IE 3400.
Figure 1: Example of HSR Ring Carrying Unicast Traffic
Devices that do not support HSR out of the box (for example, laptops and
printers) cannot be attached to the HSR ring directly because all HSR capable
devices must be able to process the HSR header on packets received from the
ring and add the HSR header to all packets sent into the ring. These nodes are
attached to the HSR ring through a RedBox. As shown in the figure above, the
RedBox has two ports on the DANH side. Non-HSR SAN devices are attached to the
upstream switch ports. The RedBox generates the supervision frames on behalf
of these devices so that they are seen as DANH devices on the ring. Because
the RedBox emulates these as DANH, they are called Virtual Doubly Attached
Nodes (VDAN).
Loop Avoidance
Each node in the HSR ring forwards frames received from one port to the other
port of the HSR pair. To avoid loops and use network bandwidth effectively,
the RedBox does not transmit frames that are already transmitted in same
direction. When a node injects a packet into the ring, the packet is handled
as follows to avoid loops:
· Unicast packet with destination inside the ring: When the unicast packet
reaches the destination node, the packet is consumed by the respective node
and is not forwarded.
Redundancy Protocol Configuration Guide, Cisco Catalyst IE3x00 and IE3100
Rugged, IE3400 Heavy Duty, and ESS3300 Series Switches 2
High-Availability Seamless Redundancy (HSR)
HSR RedBox Modes of Operation
· Unicast packet with destination not inside the ring: Because this packet
does not have a destination node in the ring, it is forwarded by every node in
the ring until it reaches the originating node. Because every node has a
record of the packet it sent, along with the direction in which it was sent,
the originating node detects that packet has completed the loop and drops the
packet.
· Multicast packet: A multicast packet is forwarded by each node because there
can be more than one consumer of this packet. For this reason a multicast
packet always reaches the originating node. However, every node will check
whether it has already forwarded the received packet through its outgoing
interface. Once the packet reaches the originating node, the originating node
determines that it already forwarded this packet and drops the packet instead
of forwarding it again.
HSR RedBox Modes of Operation
The most basic mode of operation is HSR-SAN mode (single RedBox mode). In this
mode, the RedBox is used to connect SAN devices to the HSR ring. The Redbox’s
responsibility in this mode is to represent SAN devices as VDANs on the ring.
Note In this release, the switch supports HSR-SAN mode only.
HSR-SAN Mode
In HSR-SAN mode, the RedBox inserts the HSR tag on behalf of the host and
forwards the ring traffic, except for frames sent by the node itself,
duplicate frames, and frames for which the node is the unique destination. In
this mode, packets are handled as follows:
· A source DANH sends a frame passed from its upper layers (“C” frame),
prefixes it with an HSR tag to identify frame duplicates, and sends the frame
over each port (“A” frame and “B” frame).
· A destination DANH receives two identical frames from each port within a
certain interval. The destination DANH removes the HSR tag of the first frame
before passing it to its upper layers and discards any duplicate.
· Each node in the HSR ring forwards frames received from one port to the
other port of the HSR pair. A node will not forward frames received on one
port to the other under the following conditions: · The received frame returns
to the originating node in the ring.
· The frame is a unicast frame with a destination MAC address of a node
upstream of the receiving node.
· The node had already sent the same frame in the same direction. This rule
prevents a frame from spinning in the ring in an infinite loop.
HSR-SAN Interfaces
HSR-SAN mode is supported on interfaces GigabitEthernet 1/1-4. HSR ring 1 is
configured as a pair of ports: G1/1 and G1/2 or G1/3 and G1/4.
Redundancy Protocol Configuration Guide, Cisco Catalyst IE3x00 and IE3100 Rugged, IE3400 Heavy Duty, and ESS3300 Series Switches 3
CDP and LLDP for HSR
High-Availability Seamless Redundancy (HSR)
CDP and LLDP for HSR
HSR supports the Cisco Discovery Protocol (CDP) and Link Layer Discovery
Protocol (LLDP). CDP and LLDP are Layer 2 neighbor discovery protocols. Both
CDP and LLDP can provide information about nodes directly connected to the
device. They also provide additional information such as the local and remote
interface and device names.
When CDP or LLDP is enabled, you can use the CDP or LLDP information to find
the adjacent nodes on an HSR ring and their status. You can then use the
neighbor information from each node to determine the complete HSR network
topology and debug and locate ring faults.
CDP and LLDP are configured on physical interfaces only.
For more information, see Configuring an HSR Ring, on page 18 and Verifying
Configuration, on page 21.
PTP over HSR
Precision Time Protocol (PTP) is supported on the IE3400 Rugged and IE3400
Heavy Duty Series Switches for the PTP Power Profile only.
Because the PTP 1588 standard does not currently account for clocks
synchronized over redundant, simultaneously active paths, HSR must handle PTP
packets differently that other packet types. To provide high availability for
PTP through redundancy, the HSR duplicate/discard logic is not used for PTP
packets.
To understand how PTP clock syncronization works in an HSR network, suppose
that a VDAN/SAN is the PTP grandmaster clock (GMC). Dually attached devices
receive PTP synchronization information over both their HSR ports. However,
only one of the ports (referred to as time recipient) is used to synchronize
the local clock. The other HSR port (referred to as PASSIVE) continues to
receive synchronization information, but is not used to synchronize the local
clock. Suppose that RedBox 2 has its port-A as time recipient and port-B as
PASSIVE. When port-A goes down, the port-B port takes over as the time
recipient and is used to continue synchronizing the local clock on RedBox 2.
Note Cisco is moving from the traditional Master/Slave nomenclature. In this
document, the terms Grandmaster clock (GMC) or time source and time recipient
are used instead.
The PTP grandmaster in an HSR network can be a RedBox, a VDAN/SAN, or a DANH.
To use PTP over HSR, configure HSR and PTP separately. PTP over HSR works
without any additional configuration. Note that in most cases, you do not need
to perform any PTP configuration on the interfaces because PTP is enabled by
default on all physical ethernet interfaces.
Supported PTP Profiles and Modes
PTP over HSR is supported only for the for the PTP Power Profile. For
unsupported PTP profiles, PTP traffic flows over HSR port-A only.
The following table shows the HSR support for PTP profiles, clock modes and
RedBox types.
Redundancy Protocol Configuration Guide, Cisco Catalyst IE3x00 and IE3100 Rugged, IE3400 Heavy Duty, and ESS3300 Series Switches 4
High-Availability Seamless Redundancy (HSR)
HSR RedBox as Doubly Attached BC (DABC) with P2P
PTP Profile Power Profile
Default Profile
Clock Mode BC
P2P TC
GMC-BC Forward BC E2E TC
Supported? Yes
Yes
No No No No
HSR Redbox Type as per IEC 62439-3
HSR RedBox as doubly attached BC (DABC) with P2P
HSR RedBox as doubly attached TC (DATC) with P2P
Not applicable
Not applicable
Not applicable
Not applicable
HSR RedBox as Doubly Attached BC (DABC) with P2P
This section describes the operation of PTP over HSR using an example where
RedBox M and RedBox S are configured to run in Power Profile as Boundary
Clocks that use the Peer-to-Peer delay measurement mechanism.
Assume for this example that SAN-1 is the GMC. All the clocks are configured
to run Peer-to-Peer Delay measurement and the peer delay is regularly
calculated and maintained on every link shown in the figure. The BMCA on
RedBox M determines the port to SAN-1 to be connected to the time source. The
PTP protocol running on RedBox M will forward Sync and Follow_up messages on
ports A and B. On RedBox S, the regular BMCA operation determines port A to be
time recipient and port B to be PASSIVE. However, with the knowledge that
ports A and B are part of the same HSR ring, port B is forced into
PASSIVE_SLAVE state and port A becomes active for PTP. Port A works as a
regular time recipient port. It uses the Sync and Follow_Up messages along
with their correction field to calculate the delay and offset from time source
and synchronize the local clock. (Unlike
Redundancy Protocol Configuration Guide, Cisco Catalyst IE3x00 and IE3100
Rugged, IE3400 Heavy Duty, and ESS3300 Series Switches 5
HSR RedBox as Doubly Attached BC (DABC) with P2P
High-Availability Seamless Redundancy (HSR)
an E2E BC, it does not need to generate Delay_Req messages since all the link
delays and residence times along the PTP path are accumulated in the
correction field of the Follow_Up messages.)
Port B, which is in PASSIVE_SLAVE state operates as follows: Just like port A,
it maintains the delay and offset from time source, but does not perform any
operation on the local clock. Having all the synchronization information
available enables it to seamlessly take over as the new time recipient in case
port A loses communication with the GMC. Note that on IE switch platforms we
currently do not support PTP profile conversion. For example, if RedBox S in
the figure above were an IE switch, it would not support the
Delay_Req/Delay_Resp message exchange. It would only support the Peer-to-Peer
delay measurement mechanism using PDelay messages.
Configuration Example
SAN-1#conf t Enter configuration commands, one per line. SAN-1(config)#ptp profile power SAN-1(config)#ptp mode boundary pdelay-req SAN-1(config)#ptp priority1 1 SAN-1(config)#end
End with CNTL/Z.
SAN-2#conf t Enter configuration commands, one per line. SAN-2(config)#ptp profile power SAN-2(config)#ptp mode boundary pdelay-req SAN-2(config)#end
End with CNTL/Z.
REDBOX-M#conf t Enter configuration commands, one per line. End with CNTL/Z. REDBOX-M(config)#ptp profile power REDBOX-M(config)#ptp mode boundary pdelay- req REDBOX-M(config)#end
REDBOX-S#conf t Enter configuration commands, one per line. End with CNTL/Z. REDBOX-S(config)#ptp profile power REDBOX-S(config)#ptp mode boundary pdelay- req REDBOX-S(config)#end
DANH-TOP#conf t Enter configuration commands, one per line. DANH- TOP(config)#ptp profile power DANH-TOP(config)#ptp mode p2ptransparent DANH- TOP(config)#end
End with CNTL/Z.
DANH-BOTTOM#conf t Enter configuration commands, one per line. DANH- BOTTOM(config)#ptp profile power DANH-BOTTOM(config)#ptp mode p2ptransparent DANH-BOTTOM(config)#end
End with CNTL/Z.
SAN-1#sh ptp parent PTP PARENT PROPERTIES Parent Clock: Parent Clock Identity: 0x0:35:1A:FF:FE:94:4F:0 Parent Port Number: 0 Observed Parent Offset (log variance): N/A Observed Parent Clock Phase Change Rate: N/A
Grandmaster Clock: Grandmaster Clock Identity: 0x0:35:1A:FF:FE:94:4F:0 Grandmaster Clock Quality: Class: 248
Redundancy Protocol Configuration Guide, Cisco Catalyst IE3x00 and IE3100 Rugged, IE3400 Heavy Duty, and ESS3300 Series Switches 6
High-Availability Seamless Redundancy (HSR)
HSR RedBox as Doubly Attached BC (DABC) with P2P
Accuracy: Unknown Offset (log variance): N/A Priority1: 1 Priority2: 128
SAN-2#sh ptp parent PTP PARENT PROPERTIES Parent Clock: Parent Clock Identity:
0x0:29:C2:FF:FE:3C:6A:C0 Parent Port Number: 9 Observed Parent Offset (log
variance): N/A Observed Parent Clock Phase Change Rate: N/A
Grandmaster Clock: Grandmaster Clock Identity: 0x0:35:1A:FF:FE:94:4F:0
Grandmaster Clock Quality: Class: 248 Accuracy: Unknown Offset (log variance):
N/A Priority1: 1 Priority2: 128
REDBOX-M#sh ptp parent PTP PARENT PROPERTIES Parent Clock: Parent Clock
Identity: 0x0:35:1A:FF:FE:94:4F:0 Parent Port Number: 3 Observed Parent Offset
(log variance): N/A Observed Parent Clock Phase Change Rate: N/A
Grandmaster Clock: Grandmaster Clock Identity: 0x0:35:1A:FF:FE:94:4F:0
Grandmaster Clock Quality: Class: 248 Accuracy: Unknown Offset (log variance):
N/A Priority1: 1 Priority2: 128
REDBOX-S#sh ptp parent PTP PARENT PROPERTIES Parent Clock: Parent Clock
Identity: 0x0:29:C2:FF:FE:3C:5D:80 Parent Port Number: 3 Observed Parent
Offset (log variance): N/A Observed Parent Clock Phase Change Rate: N/A
Grandmaster Clock: Grandmaster Clock Identity: 0x0:35:1A:FF:FE:94:4F:0
Grandmaster Clock Quality: Class: 248 Accuracy: Unknown Offset (log variance):
N/A Priority1: 1 Priority2: 128
DANH-TOP#sh ptp parent PTP PARENT PROPERTIES Parent Clock: Parent Clock
Identity: 0x0:29:C2:FF:FE:3C:5D:80 Parent Port Number: 3 Observed Parent
Offset (log variance): N/A Observed Parent Clock Phase Change Rate: N/A
Redundancy Protocol Configuration Guide, Cisco Catalyst IE3x00 and IE3100 Rugged, IE3400 Heavy Duty, and ESS3300 Series Switches 7
HSR RedBox as Doubly Attached TC (DATC) with P2P
High-Availability Seamless Redundancy (HSR)
Grandmaster Clock: Grandmaster Clock Identity: 0x0:35:1A:FF:FE:94:4F:0
Grandmaster Clock Quality: Class: 248 Accuracy: Unknown Offset (log variance):
N/A Priority1: 1 Priority2: 128
DANH-BOTTOM#sh ptp parent PTP PARENT PROPERTIES Parent Clock: Parent Clock
Identity: 0x0:29:C2:FF:FE:3C:5D:80 Parent Port Number: 4 Observed Parent
Offset (log variance): N/A Observed Parent Clock Phase Change Rate: N/A
Grandmaster Clock: Grandmaster Clock Identity: 0x0:35:1A:FF:FE:94:4F:0
Grandmaster Clock Quality: Class: 248 Accuracy: Unknown Offset (log variance):
N/A Priority1: 1 Priority2: 128
HSR RedBox as Doubly Attached TC (DATC) with P2P
This section describes the operation of PTP over HSR using an example where
RedBox M and RedBox S are configured to run in Power Profile as Transparent
Clocks.
Assume for this example that SAN-1 is the GMC. All the clocks are configured
to run Peer-to-Peer Delay measurement and the peer delay is regularly
calculated and maintained on every link shown in the figure. RedBox M and
RedBox S run BMCA even though it is not mandatory for a P2P TC to run BMCA. On
RedBox M, the BMCA on redbox M determines the port to SAN-1 to be connected to
the time source. RedBox M forwards all Sync and Follow_Up messages received on
port C out of ports A and B.
Redundancy Protocol Configuration Guide, Cisco Catalyst IE3x00 and IE3100
Rugged, IE3400 Heavy Duty, and ESS3300 Series Switches 8
High-Availability Seamless Redundancy (HSR)
HSR RedBox as Doubly Attached TC (DATC) with P2P
On RedBox S, port A is determined to be time recipient and port B to be
PASSIVE_SLAVE as described earlier.
Port A operates as follows: It uses the Sync and Follow_Up messages along with
their correction field to calculate the delay and offset from time source and
synchronize the local clock. (Unlike a E2E BC, it does not need to generate
Delay_Req messages since all the link delays and residence times along the PTP
path are accumulated in the correction field of the Follow_Up messages.) It
also forwards the Sync and Follow_Up messages out of port C.
Port B operates as follows: Just like port A, it maintains the delay and
offset from time source, but does not perform any operation on the local
clock. Having all the synchronization information available enables it to
seamlessly take over as the new time recipient in case port A loses
communication with the GMC. Post-processing, it drops the Sync/Follow_Up
messages since the copy of Sync/Follow_Up that arrives on port A is forwarded
out of port C.
Configuration Example
SAN-1#conf t Enter configuration commands, one per line. End with CNTL/Z.
SAN-1(config)#ptp profile power SAN-1(config)#ptp mode boundary pdelay-req
SAN-1(config)#ptp priority1 1 SAN-1(config)#end SAN-2#conf t Enter
configuration commands, one per line. End with CNTL/Z. SAN-2(config)#ptp
profile power SAN-2(config)#ptp mode boundary pdelay-req SAN-2(config)#end
REDBOX-M#conf t Enter configuration commands, one per line. End with CNTL/Z.
REDBOX-M(config)#ptp profile power REDBOX-M(config)# ptp mode p2ptransparent
REDBOX-M(config)#end REDBOX-S#conf t Enter configuration commands, one per
line. End with CNTL/Z. REDBOX-S(config)#ptp profile power REDBOX-S(config)#
ptp mode p2ptransparent REDBOX-S(config)#end DANH-TOP#conf t Enter
configuration commands, one per line. End with CNTL/Z. DANH-TOP(config)#ptp
profile power DANH-TOP(config)#ptp mode p2ptransparent DANH-TOP(config)#end
DANH-BOTTOM#conf t Enter configuration commands, one per line. End with
CNTL/Z. DANH-BOTTOM(config)#ptp profile power DANH-BOTTOM(config)#ptp mode
p2ptransparent DANH-BOTTOM(config)#end SAN-1#sh ptp parent
PTP PARENT PROPERTIES Parent Clock: Parent Clock Identity:
0x0:35:1A:FF:FE:94:4F:0 Parent Port Number: 0 Observed Parent Offset (log
variance): N/A Observed Parent Clock Phase Change Rate: N/A
Grandmaster Clock: Grandmaster Clock Identity: 0x0:35:1A:FF:FE:94:4F:0
Grandmaster Clock Quality: Class: 248 Accuracy: Unknown Offset (log variance):
N/A
Redundancy Protocol Configuration Guide, Cisco Catalyst IE3x00 and IE3100 Rugged, IE3400 Heavy Duty, and ESS3300 Series Switches 9
HSR RedBox as Doubly Attached TC (DATC) with P2P
High-Availability Seamless Redundancy (HSR)
Priority1: 1 Priority2: 128 SAN-2#sh ptp parent PTP PARENT PROPERTIES
Parent Clock: Parent Clock Identity: 0x0:35:1A:FF:FE:94:4F:0 Parent Port
Number: 3 Observed Parent Offset (log variance): N/A Observed Parent Clock
Phase Change Rate: N/A
Grandmaster Clock: Grandmaster Clock Identity: 0x0:35:1A:FF:FE:94:4F:0
Grandmaster Clock Quality: Class: 248 Accuracy: Unknown Offset (log variance):
N/A Priority1: 1 Priority2: 128 REDBOX-M#sh ptp parent PTP PARENT PROPERTIES
Parent Clock: Parent Clock Identity: 0x0:35:1A:FF:FE:94:4F:0 Parent Port
Number: 3 Observed Parent Offset (log variance): N/A Observed Parent Clock
Phase Change Rate: N/A
Grandmaster Clock: Grandmaster Clock Identity: 0x0:35:1A:FF:FE:94:4F:0
Grandmaster Clock Quality: Class: 248 Accuracy: Unknown Offset (log variance):
N/A Priority1: 1 Priority2: 128 REDBOX-S#sh ptp parent PTP PARENT PROPERTIES
Parent Clock: Parent Clock Identity: 0x0:35:1A:FF:FE:94:4F:0 Parent Port
Number: 3 Observed Parent Offset (log variance): N/A Observed Parent Clock
Phase Change Rate: N/A
Grandmaster Clock: Grandmaster Clock Identity: 0x0:35:1A:FF:FE:94:4F:0
Grandmaster Clock Quality: Class: 248 Accuracy: Unknown Offset (log variance):
N/A Priority1: 1 Priority2: 128 DANH-TOP#sh ptp parent PTP PARENT PROPERTIES
Parent Clock: Parent Clock Identity: 0x0:35:1A:FF:FE:94:4F:0 Parent Port
Number: 3 Observed Parent Offset (log variance): N/A Observed Parent Clock
Phase Change Rate: N/A
Grandmaster Clock: Grandmaster Clock Identity: 0x0:35:1A:FF:FE:94:4F:0
Grandmaster Clock Quality: Class: 248 Accuracy: Unknown Offset (log variance):
N/A
Redundancy Protocol Configuration Guide, Cisco Catalyst IE3x00 and IE3100 Rugged, IE3400 Heavy Duty, and ESS3300 Series Switches 10
High-Availability Seamless Redundancy (HSR)
HSR Alarms
Priority1: 1 Priority2: 128 DANH-BOTTOM#sh ptp parent PTP PARENT PROPERTIES
Parent Clock: Parent Clock Identity: 0x0:35:1A:FF:FE:94:4F:0 Parent Port
Number: 3 Observed Parent Offset (log variance): N/A Observed Parent Clock
Phase Change Rate: N/A
Grandmaster Clock: Grandmaster Clock Identity: 0x0:35:1A:FF:FE:94:4F:0
Grandmaster Clock Quality: Class: 248 Accuracy: Unknown Offset (log variance):
N/A Priority1: 1 Priority2: 128
HSR Alarms
An HSR ring can generate the following two alarms:
· Partial Ring Fault: This fault is generated by an HSR RedBox when one of its
physical ring ports/links is down. Because the packets can be sent using the
redundant path, this is considered as a partial fault. However, this fault
still requires user intervention to restore the ring. This is a minor fault
and cannot be associated with an external hardware alarm relay.
· Full Ring Fault: This fault is generated by an HSR RedBox when both of its
physical ring ports/links are down. This is a catastrophic failure and needs
immediate attention. This is a major fault and can be associated with an
external hardware alarm relay.
When an event that raises an alarm is generated, it can be associated with one
or more of the following actions to notify the user:
· Syslog: A syslog is generated when the Alarm is raised/cleared.
· SNMP Notification: SNMP notification is sent when the alarm is
raised/cleared.
· Relay output: External relay contacts can be asserted/de-asserted in
response to the alarm. Relays are activated by major faults only.
See Enabling HSR Alarms, on page 19 for steps to configure HSR alarms. The following table lists the HSR events and their representations.
Event Number
Event Description System Log (Level) Alert/Alarm Log
1
Ring goes from UP 2
2
to DOWN state.
2
Ring goes from 6
6
DOWN to UP state.
Alarm LED and Output relay Major Alarm/Assert
De-assert
Redundancy Protocol Configuration Guide, Cisco Catalyst IE3x00 and IE3100 Rugged, IE3400 Heavy Duty, and ESS3300 Series Switches 11
HSR Uplink Redundancy Enhancement
High-Availability Seamless Redundancy (HSR)
Event Number 3
4
Event Description System Log (Level) Alert/Alarm Log
One ring port goes 3
3
DOWN, the other
ring port and the
ring itself is UP.
Both ring ports are 6
6
UP again.
Alarm LED and Output relay
You can view currently active alarms using the show facility alarm status command. The following example shows alarm status for minor and major HSR alarms:
Switch#show facility-alarm status
Source
Severity Description
Switch
MINOR 34 HSR ring is partially down
Relay Time MAJ Oct 24 2017 10:16:10
——-
Switch# show facility-alarm status
Source
Severity Description
Switch
MAJOR 33 HSR ring is down
Relay MAJ
Time Oct 24 2017 10:17:07
The following examples show the syslog entries that are generated for each HSR
alarm event assertion and clear event (if configured):
· Syslog generated on occurrence of Partial fault:
Oct 24 11:07:13.952 IST: %HSR_ALARM-3-HSR_PARTIALFAULT: The HSR ring in now in
PARTIAL FAULT state
· Syslog generated when the Partial fault is cleared:
Oct 24 11:07:38.032 IST: %HSR_ALARM-3-HSR_PARTIALFAULT: The HSR ring in now in
PARTIAL FAULT state – event cleared
· Syslog generated on occurrence of Full fault:
Oct 24 11:07:38.036 IST: %HSR_ALARM-2-HSR_RINGFAULT: The HSR ring in now in
FAULT state
· Syslog generated when the Full fault is cleared:
Oct 24 11:08:19.082 IST: %HSR_ALARM-2-HSR_RINGFAULT: The HSR ring in now in
FAULT state – event cleared
HSR Uplink Redundancy Enhancement
The HSR Uplink Redundancy Enhancement feature allows for flexible designs that
enable two separate interfaces to connect upstream from the HSR ring through
two separate HSR RedBoxes. This ensures there is no single point of failure
exiting the HSR ring. Examples of protocols that can leverage this feature to
improve high availability include HSRP, VRRP and REP. Prior to this
enhancement, if these protocols were utilized on redundant uplinks,
undesirable results could occur, such as next-hop split-brain conditions or
slow REP failover times.
The following diagram shows an example network with HSR and HSRP that allows
uplink next-hop gateway redundancy out of the HSR ring.
Redundancy Protocol Configuration Guide, Cisco Catalyst IE3x00 and IE3100 Rugged, IE3400 Heavy Duty, and ESS3300 Series Switches 12
High-Availability Seamless Redundancy (HSR)
HSR Uplink Redundancy Enhancement
To implement HSR Uplink Redundancy, ensure that the fpgamode-
DualUplinkEnhancement feature is not disabled. This feature is required to
support the connectivity to a dual router (HSRP in this case) on the
distribution layer:
Switch#show hsr ring 1 detail | include fpgamode fpgamode-
DualUplinkEnhancement: Enabled
If the output shows fpgamode-DualUplinkEnhancement,:Disabled issue the
following command:
Redundancy Protocol Configuration Guide, Cisco Catalyst IE3x00 and IE3100
Rugged, IE3400 Heavy Duty, and ESS3300 Series Switches 13
HSR Uplink Redundancy Enhancement
High-Availability Seamless Redundancy (HSR)
Switch# conf t Enter configuration commands, one per line. End with CNTL/Z. Switch(config)# hsr-ring 1 fpgamode-DualUplinkEnhancement Switch(config)# end
HSRP Configuration
The following example HSRP configuration applies to the two distribution
switches Active & Standby in the above figure. In the following configuration,
HSRP is configured in a Switch Virtual Interface (SVI).
Active# conf t Enter configuration commands, one per line. End with CNTL/Z.
Active(config)# interface vlan 10 Active(config-if)# ip address 30.30.30.2
255.255.255.0 Active(config-if)# standby 1 ip 30.30.30.1 Active(config-if)#
standby 1 priority 120 Active(config-if)# end
Standby# conf t Enter configuration commands, one per line. End with CNTL/Z. Standby(config)# interface Vlan10 Standby(config-if)# ip address 30.30.30.4 255.255.255.0 Standby(config-if)# standby 1 ip 30.30.30.1 Standby(config-if)# end
Active# show standby
Vlan10 – Group 1
State is Active
8 state changes, last state change 00:03:55
Track object 1 (unknown)
Virtual IP address is 30.30.30.1
Active virtual MAC address is 0000.0c07.ac01 (MAC In Use)
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 200 msec, hold time 750 msec
Next hello sent in 0.176 secs
Preemption enabled, delay min 5 secs, reload 5 secs, sync 5 secs
Active router is local
Standby router is 30.30.30.4, priority 100 (expires in 0.656 sec)
Priority 120 (configured 120)
Group name is “hsrp-Vl10-1” (default)
FLAGS: 0/1
Active# show standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active
Standby
Virtual IP
Vl10
1 120 P Active local
30.30.30.4
30.30.30.1
Standby# show standby Vlan10 – Group 1
State is Standby 13 state changes, last state change 00:04:17 Track object 1
(unknown)
Virtual IP address is 30.30.30.1 Active virtual MAC address is 0000.0c07.ac01
(MAC Not In Use)
Local virtual MAC address is 0000.0c07.ac01 (v1 default) Hello time 200 msec,
hold time 750 msec
Next hello sent in 0.064 secs Preemption enabled, delay min 5 secs, reload 5
secs, sync 5 secs Active router is 30.30.30.2, priority 120 (expires in 0.816
sec) Standby router is local Priority 100 (default 100) Group name is “hsrp-
Vl10-1” (default)
Redundancy Protocol Configuration Guide, Cisco Catalyst IE3x00 and IE3100 Rugged, IE3400 Heavy Duty, and ESS3300 Series Switches 14
High-Availability Seamless Redundancy (HSR)
Guidelines and Limitations
FLAGS: 0/1
Standby# show standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active
Standby
Vl10
1 100 P Standby 30.30.30.2
local
Virtual IP 30.30.30.1
Guidelines and Limitations
· HSR-SAN is supported only on the following IE 3400 and IE 3400H Series
switches: · Advanced System IE-3400-8P2S · Advanced System IE-3400-8T2S · All
IE 3400H Series SKUs
· HSR-SAN (Single RedBox mode) is the only HSR mode supported in this release.
· Only 1 HSR instance is supported. Note that the switch supports only 1 HSR
or 1 PRP instance, so if a
PRP instance has been created, no HSR instance can be created. · HSR ring 1
can only be configured as a pair of ports: G1/1 and G1/2 or G1/3 and G1/4.
Using these port
pairs, you can configure 1 HSR ring. · The HSR feature requires the Network
Essential license. · The HSR feature is not enabled by default and you must
explicitly configure the HSR rings. · HSR is disabled automatically if the
required firmware image is not available on the system. · The recommended
maximum number of nodes in the node table is 512. Nodes are all the DANH and
VDAN devices that can be connected to the ring at same time. This number is
not an absolute limit, but higher numbers of entries may increase the number
of duplicate packets received by the end devices. · The maximum number of
nodes in the HSR ring is 50. · HSR ring ports can only be configured in L2
mode. · HSR is supported on following port types:
· 100 mbps, Full Duplex. Half duplex is not supported. · 1000 mbps, Full
Duplex. Half duplex is not supported. · Both ports of one ring must be of same
speed and type (that is, both can be SFPs or both can be
copper)
· The following protocols and features are are mutually exclusive with HSR on
the same port: · PRP · EtherChannels · Link Aggregation Control Protocol
(LACP) · Port Aggregation Protocol (PAgP) · Resilient Ethernet Protocol (REP)
Redundancy Protocol Configuration Guide, Cisco Catalyst IE3x00 and IE3100 Rugged, IE3400 Heavy Duty, and ESS3300 Series Switches 15
Guidelines and Limitations
High-Availability Seamless Redundancy (HSR)
· The HSR feature does not work together with L2NAT.
· MACsec, HSR, and PRP are not allowed together.
· HSR supports an MTU size of up to 1998 bytes of Ethernet payload.
· STP is not supported on the HSR ring. By default, all modes of Spanning Tree
Protocol (STP) will be disabled on the ring ports.
· PTP over HSR-SAN is supported on IE3400 Advanced FPGA SKUs and IE 3400H. PTP
over HSR-SAN is not supported on IE3200 or IE3300.
· Switched Port Analyzer (SPAN) and Remote SPAN (RSPAN) are not supported on
HSR. That is, SPAN and RSPAN should not be used to monitor the traffic on an
HSR ring. In addition, traffic that has been monitored using RSPAN should not
be transferred over an HSR ring.
· It is important for all interfaces in an HSR ring to have the same speed and
duplex settings. It is recommended to apply those settings before configuring
ring membership.
· Once a port is part of ring, the port cannot be shut down.
For example, if G1/3 and G1/4 are part of an HSR ring and you try to shut down
G1/3 or G1/4, the operation will not be permitted:
Switch(config)# interface range g1/3 Switch(config-if-range)#shutdown
%Interface GigabitEthernet1/3 is configured in a HSR ring shutdown not
permitted! Switch(config-if-range)#
You can perform a shutdown of the HSR ring. For example:
Switch# conf t Switch(config)#int hs1 Switch(config-if-range)#shut
· VLAN configuration such as trunk and access mode must be the same on both
the ports participating in the ring. For example, if G1/4 and G1/3 in an HSR
ring are in trunk mode and you attempt to change the mode of one port to
access, the ports in the ring will not be bundled:
Switch(config)# interface range g1/3 Switch(config-if-range)# switchport mode
access Jul 27 22:00:27.809 IST: %EC-5-CANNOT_BUNDLE2: Gi1/3 is not compatible
with Gi1/4 and will be suspended (trunk mode of Gi1/3 is access, Gi1/4 is
dynamic)
· After an interface is added in the HSR ring, only the primary interface
counters are updated. You should not need to configure and check the status of
individual physical interfaces after they are added to the HSR ring.
· As soon as you configure an HSR ring on two ports of a switch, MAC flaps
will be observed on other switches where the HSR configuration is yet to be
applied. We recommend that you shut down the newly created HSR ring on the
switch before configuring the ring on all switches, and then reenable them one
by one as shown below. For example, if there are four switches in the ring,
disable the HSR ring interfaces on each switch:
Switch1(config)# interface range g1/1-2 Switch1(config-if-range)# shutdown
Switch1(config-if-range)# hsr-ring hs1 Creating a HSR-ring interface hs1
Switch1(config-if-range)# int hs1 Switch1(config-if-range)# shutdown Switch1
(config-if-range)# end
Redundancy Protocol Configuration Guide, Cisco Catalyst IE3x00 and IE3100 Rugged, IE3400 Heavy Duty, and ESS3300 Series Switches 16
High-Availability Seamless Redundancy (HSR)
Default Settings
After all four switches are configured with the ring, reenable the HSR ports
on each switch:
Switch1# conf t Enter configuration commands, one per line. End with CNTL/Z.
Switch1(config)# int hs1 Switch1(config-if-range)# no shutdown Switch1(config-
if-range)# end Switch1#
This prevents interim MAC flapping during HSR ring configuration in member
switches.
Default Settings
Table 1: HSR Ring Parameters
Parameter
Description
Range
Default Value
entryForgetTime
Time for clearing an inactive entry from duplicate discard table.
0-65535
400 ms
fpgamode-DualUplinkEnhancement Set FPGA register for source mac filtering.
enable or disable
enable
nodeForgetTime
Time to clear an inactive 0-65535 entry from the node table.
6000 ms
nodeRebootInterval
Time after which the RedBox must start sending supervision frames after bootup.
0-65535
500 ms
pauseFrameTime
Time interval between 0-65535 HSR pause frames.
25 ms
proxyNodeTableForgetTime Time to clear an inactive 0-65535 entry from the proxy node table or vdan table.
6000 ms
supervisionFrameLifeCheckInterval Life check interval value 0-65535 for supervision frames.
2000 ms
supervisionFrameOption
mac-da
The last bytes of the
1-255 MAC DA last eight No default
destination MAC address bits option value
of supervision frames
(01:15:4E:00:01:00). The
last 00 is replaced by the
value of this parameter.
Redundancy Protocol Configuration Guide, Cisco Catalyst IE3x00 and IE3100 Rugged, IE3400 Heavy Duty, and ESS3300 Series Switches 17
Configuring an HSR Ring
High-Availability Seamless Redundancy (HSR)
Parameter
Description
Range
vlan-cfi
Enable Canonical Format enable or disable Indicator (CFI) for the VLAN tagged frame.
vlan-cos
Class of Service (COS) 0-7 value to be set in the VLAN tag of the Supervision frame.
vlan-id
The VLAN tag of the supervision frame.
0-4095
vlan-tagged
Set VLAN tagging option. enable or disable
supervisionFrameRedboxMacaddress The RedBox MAC
48-bit RedBox MAC
address in the supervision address
frames.
supervisionFrameTime Time interval between 0-65535 supervision frames.
Default Value disable
0
0 disable The interface HSR ring MAC address 3 ms
Configuring an HSR Ring
Follow these steps to configure an HSR ring:
Before you begin · See Guidelines and Limitations, on page 15. · Ensure that
the member interfaces of a HSR ring are not participating in any redundancy
protocols such as FlexLinks, EtherChannel, REP, and so on before configuring a
HSR ring.
Step 1 Step 2 Step 3 Step 4 Step 5
Enter global configuration mode:
Switch# configure terminal
(Optional) Globally enable CDP to provide information about HSR ring nodes:
Switch(config)# cdp run
(Optional) Globally enable LLDP to provide information about HSR ring nodes:
Switch(config)# lldp run
Enter interface configuration mode and disable PTP on the ports to be assigned
to the HSR ring:
Switch(config)# interface range gigabitEthernet 1/1-2 Switch(config-if-range)#
no ptp enable
(Optional) Enable CDP on the ports to be assigned to the HSR ring:
Switch(config-if-range)#cdp enable
Redundancy Protocol Configuration Guide, Cisco Catalyst IE3x00 and IE3100 Rugged, IE3400 Heavy Duty, and ESS3300 Series Switches 18
High-Availability Seamless Redundancy (HSR)
Enabling HSR Alarms
Step 6 Step 7 Step 8 Step 9
Step 10
(Optional) Enable LLDP on the ports to be assigned to the HSR ring:
Switch(config-if-range)#lldp transmit Switch(config-if-range)#lldp receive
Shut down the ports before configuring the HSR ring:
Switch(config-if-range)# shutdown
Create the HSR ring interface and assign the ports to the HSR ring:
Switch(config)# interface range gigabitEthernet 1/1-2 Switch(config-if-range)#
hsr-ring 1
(Optional) If required, configure HSR ring optional parameters. See Default
Settings, on page 17 for the parameter descriptions, ranges and default
values.
Switch(config-if-range)# hsr 1 supervisionFrameLifeCheckInterval 10000
Turn on the HSR interface:
Switch(config-if-range)# no shutdown Switch(config-if)# end
Example
Switch# conf t Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface range gigabitEthernet 1/1-2 Switch(config-if-range)#
no ptp enable Switch(config-if-range)# shutdown Switch(config-if-range)# hsr-
ring 1 Switch(config-if-range)# hsr-ring 1 supervisionFrameLifeCheckInterval
10000 Switch(config-if-range)# no shutdown Switch(config-if-range)# end
Enabling HSR Alarms
To enable alarms for HSR, follow these steps:
Before you begin
Alarms and actions can be enabled/disabled at the facility level only. You
cannot enable only partial faults or full faults; either all alarms for given
facility are enabled or all are disabled.
See HSR Alarms, on page 11 for details about HSR alarms.
SUMMARY STEPS
1. Enter global configuration mode: 2. Enable the HSR alarm facility: 3. (Optional) Enable SNMP notification for HSR alarms: 4. (Optional) Associate HSR alarms with the Major Relay:
Redundancy Protocol Configuration Guide, Cisco Catalyst IE3x00 and IE3100 Rugged, IE3400 Heavy Duty, and ESS3300 Series Switches 19
Clearing All Node Table and VDAN Table Dynamic Entries
High-Availability Seamless Redundancy (HSR)
DETAILED STEPS
5. (Optional) Send HSR alarms to a syslog server: 6. (Optional) Enable logging of informational HSR alarm messages: 7. Exit global configuration mode: 8. Verify the configuration:
Step 1 Step 2
Step 3 Step 4 Step 5 Step 6 Step 7 Step 8
Enter global configuration mode:
Switch# configure terminal
Enable the HSR alarm facility:
Switch(config)# alarm facility hsr enable
To disable HSR alarms, enter no alarm facility hsr enable. (Optional) Enable
SNMP notification for HSR alarms:
Switch(config)# alarm facility hsr notifies
(Optional) Associate HSR alarms with the Major Relay:
Switch(config)# alarm facility hsr relay major
(Optional) Send HSR alarms to a syslog server:
Switch(config)# alarm facility hsr syslog
(Optional) Enable logging of informational HSR alarm messages:
Switch(config)# logging alarm informational
Exit global configuration mode:
Switch(config)# end
Verify the configuration:
Switch# show facility-alarm status
Clearing All Node Table and VDAN Table Dynamic Entries
To clear all dynamic entries in the node table, enter clear hsr node-table To
clear all dynamic entries in the VDAN table, enter clear hsr vdan-table
Redundancy Protocol Configuration Guide, Cisco Catalyst IE3x00 and IE3100 Rugged, IE3400 Heavy Duty, and ESS3300 Series Switches 20
High-Availability Seamless Redundancy (HSR)
Verifying Configuration
Verifying Configuration
Command show hsr ring 1 [detail ] show hsr statistics {egressPacketStatistics
| ingressPacketStatistics | nodeTableStatistics | pauseFrameStatistics}
show hsr node-table show hsr vdan-table
show cdp neighbors show lldp neighbors show alarm settings | begin hsr show
alarm facility status
Purpose
Displays configuration details for the specified HSR ring.
Displays statistics for HSR components.
Note
To clear HSR statistics information,
enter the command clear hsr statistics.
Displays HSR node table.
Displays HSR Virtual Doubly Attached Node (VDAN) table.
Note
The VDAN table and Proxy node table
are the same.
Displays CDP neighbor information for an HSR ring.
Displays LLDP neighbor information for an HSR ring.
Display HSR alarm configuration.
Display HSR alarms, including partial or full ring faults.
Configuration Example
HSR-SAN This example shows the configuration of an HSR ring (Ring 1) using
G1/3 and G1/4 ports between four devices.
Redundancy Protocol Configuration Guide, Cisco Catalyst IE3x00 and IE3100 Rugged, IE3400 Heavy Duty, and ESS3300 Series Switches 21
Configuration Example
High-Availability Seamless Redundancy (HSR)
IE3400-1# conf t
Enter configuration commands, one per line.
IE3400-1(config)# interface range g1/3-4
IE3400-1(config-if-range)# shutdown
IE3400-1(config-if-range)# hsr-ring 1
IE3400-1(config-if-range)# no shutdown
IE3400-1(config-if-range)# end
IE3400-1#
IE3400-2# conf t
Enter configuration commands, one per line.
IE3400-2(config)# interface range g1/3-4
IE3400-2(config-if-range)# shutdown
IE3400-2(config-if-range)# hsr-ring 1
IE3400-2(config-if-range)# no shutdown
IE3400-2(config-if-range)# end
IE3400-2#
IE3400-3# conf t
Enter configuration commands, one per line.
IE3400-3(config)# interface range g1/3-4
IE3400-3(config-if-range)# shutdown
IE3400-3(config-if-range)# hsr-ring 1
IE3400-3(config-if-range)# no shutdown
IE3400-3(config-if-range)# end
IE3400-3#
IE3400-4# conf t
Enter configuration commands, one per line.
IE3400-4(config)# interface range g1/3-4
IE3400-4(config-if-range)# shutdown
IE3400-4(config-if-range)# hsr-ring 1
IE3400-4(config-if-range)# no shutdown
IE3400-4(config-if-range)# end
IE3400-4#
IE3400-1# sh hsr ring 1 detail
HSR-ring: HS1
————
Layer type = L2
Operation Mode = mode-H
Ports: 2
Maxports = 2
Port state = hsr-ring is Inuse
Protocol = Enabled Redbox Mode = hsr-san
End with CNTL/Z. End with CNTL/Z. End with CNTL/Z. End with CNTL/Z.
Redundancy Protocol Configuration Guide, Cisco Catalyst IE3x00 and IE3100 Rugged, IE3400 Heavy Duty, and ESS3300 Series Switches 22
High-Availability Seamless Redundancy (HSR)
Ports in the ring: 1) Port: Gi1/3 Logical slot/port = 1/3 Protocol = Enabled 2) Port: Gi1/4 Logical slot/port = 1/4 Protocol = Enabled
Port state = Inuse Port state = Inuse
Ring Parameters: Redbox MacAddr: f454.3365.8a84 Node Forget Time: 60000 ms Node Reboot Interval: 500 ms Entry Forget Time: 400 ms Proxy Node Forget Time: 60000 ms Supervision Frame COS option: 0 Supervision Frame CFI option: 0 Supervision Frame VLAN Tag option: Disabled Supervision Frame MacDa: 0x00 Supervision Frame VLAN id: 0 Supervision Frame Time: 3 ms Life Check Interval: 2000 ms Pause Time: 25 ms
IE3400-2# show hsr ring 1 detail
HSR-ring: HS1
————
Layer type = L2
Operation Mode = mode-H
Ports: 2
Maxports = 2
Port state = hsr-ring is Inuse
Protocol = Enabled Redbox Mode = hsr-san
Ports in the ring:
- Port: Gi1/3
Logical slot/port = 1/3
Port state = Inuse
Protocol = Enabled
- Port: Gi1/4
Logical slot/port = 1/4
Port state = Inuse
Protocol = Enabled
Ring Parameters: Redbox MacAddr: 34c0.f958.ee83 Node Forget Time: 60000 ms Node Reboot Interval: 500 ms Entry Forget Time: 400 ms Proxy Node Forget Time: 60000 ms Supervision Frame COS option: 0 Supervision Frame CFI option: 0 Supervision Frame VLAN Tag option: Disabled Supervision Frame MacDa: 0x00 Supervision Frame VLAN id: 0 Supervision Frame Time: 3 ms Life Check Interval: 2000 ms Pause Time: 25 ms
IE3400-4# sh hsr ring 1 de
HSR-ring: HS1
————
Layer type = L2
Operation Mode = mode-H
Ports: 2
Maxports = 2
Port state = hsr-ring is Inuse
Protocol = Enabled Redbox Mode = hsr-san
Ports in the ring:
- Port: Gi1/3
Configuration Example
Redundancy Protocol Configuration Guide, Cisco Catalyst IE3x00 and IE3100 Rugged, IE3400 Heavy Duty, and ESS3300 Series Switches 23
Related Documents
High-Availability Seamless Redundancy (HSR)
Logical slot/port = 1/3 Protocol = Enabled
2) Port: Gi1/4 Logical slot/port = 1/4 Protocol = Enabled
Port state = Inuse Port state = Inuse
Ring Parameters: Redbox MacAddr: f454.3312.5104 Node Forget Time: 60000 ms Node Reboot Interval: 500 ms Entry Forget Time: 400 ms Proxy Node Forget Time: 60000 ms Supervision Frame COS option: 0 Supervision Frame CFI option: 0 Supervision Frame VLAN Tag option: Disabled Supervision Frame MacDa: 0x00 Supervision Frame VLAN id: 0 Supervision Frame Time: 3 ms Life Check Interval: 2000 ms Pause Time: 25 ms
IE3400-3# sh hsr ring 1 detail
HSR-ring: HS1
————
Layer type = L2
Operation Mode = mode-H
Ports: 2
Maxports = 2
Port state = hsr-ring is Inuse
Protocol = Enabled Redbox Mode = hsr-san
Ports in the ring:
- Port: Gi1/3
Logical slot/port = 1/3
Port state = Inuse
Protocol = Enabled
- Port: Gi1/4
Logical slot/port = 1/4
Port state = Inuse
Protocol = Enabled
Ring Parameters: Redbox MacAddr: f454.335c.4684 Node Forget Time: 60000 ms Node Reboot Interval: 500 ms Entry Forget Time: 400 ms Proxy Node Forget Time: 60000 ms Supervision Frame COS option: 0 Supervision Frame CFI option: 0 Supervision Frame VLAN Tag option: Disabled Supervision Frame MacDa: 0x00 Supervision Frame VLAN id: 0 Supervision Frame Time: 3 ms Life Check Interval: 2000 ms Pause Time: 25 ms
Related Documents
· Cisco Catalyst IE3400 Heavy Duty Series · Cisco Catalyst IE3400 Rugged
Series · IEC 62439-3, Industrial communication networks – High availability
automation networks – Part 3:
Parallel Redundancy Protocol (PRP) and High-availability Seamless Redundancy
(HSR)
Redundancy Protocol Configuration Guide, Cisco Catalyst IE3x00 and IE3100 Rugged, IE3400 Heavy Duty, and ESS3300 Series Switches 24
High-Availability Seamless Redundancy (HSR)
Feature History
Feature History
Feature Name PTP over HSR-SAN
Release Cisco IOS XE 17.4.1
High-Availability Seamless Redundancy (HSR) – HSR-SAN (Single Redbox mode)
Cisco IOS XE 17.3.1
Feature Information
Initial support on IE 3400 and IE 3400H.
Initial support on IE 3400 and IE 3400H.
Redundancy Protocol Configuration Guide, Cisco Catalyst IE3x00 and IE3100 Rugged, IE3400 Heavy Duty, and ESS3300 Series Switches 25
Feature History
High-Availability Seamless Redundancy (HSR)
Redundancy Protocol Configuration Guide, Cisco Catalyst IE3x00 and IE3100 Rugged, IE3400 Heavy Duty, and ESS3300 Series Switches 26
2 C H A P T E R
Configuring HSRP
This chapter describes how to use Hot Standby Router Protocol (HSRP) to
provide routing redundancy for routing IP traffic without being dependent on
the availability of any single router.
· Configuring HSRP, on page 27
Configuring HSRP
This chapter describes how to use Hot Standby Router Protocol (HSRP) to
provide routing redundancy for routing IP traffic without being dependent on
the availability of any single router.
Information About Configuring HSRP
HSRP Overview
HSRP is Cisco’s standard method of providing high network availability by
providing first-hop redundancy for IP hosts on an IEEE 802 LAN configured with
a default gateway IP address. HSRP routes IP traffic without relying on the
availability of any single router. It enables a set of router interfaces to
work together to present the appearance of a single virtual router or default
gateway to the hosts on a LAN. When HSRP is configured on a network or
segment, it provides a virtual Media Access Control (MAC) address and an IP
address that is shared among a group of configured routers. HSRP allows two or
more HSRP-configured routers to use the MAC address and IP network address of
a virtual router. The virtual router does not exist; it represents the common
target for routers that are configured to provide backup to each other. One of
the routers is selected to be the active router and another to be the standby
router, which assumes control of the group MAC address and IP address should
the designated active router fail.
Note Routers in an HSRP group can be any router interface that supports HSRP,
including routed ports and switch virtual interfaces (SVIs).
HSRP provides high network availability by providing redundancy for IP traffic
from hosts on networks. In a group of router interfaces, the active router is
the router of choice for routing packets; the standby router is the router
that takes over the routing duties when an active router fails or when preset
conditions are met. HSRP is useful for hosts that do not support a router
discovery protocol and cannot switch to a new router when their selected
router reloads or loses power. When HSRP is configured on a network segment,
it provides
Redundancy Protocol Configuration Guide, Cisco Catalyst IE3x00 and IE3100
Rugged, IE3400 Heavy Duty, and ESS3300 Series Switches 27
HSRP Overview
Configuring HSRP
a virtual MAC address and an IP address that is shared among router interfaces
in a group of router interfaces running HSRP. The router selected by the
protocol to be the active router receives and routes packets destined for the
group’s MAC address. For n routers running HSRP, there are n +1 IP and MAC
addresses assigned.
HSRP detects when the designated active router fails, and a selected standby
router assumes control of the Hot Standby group’s MAC and IP addresses. A new
standby router is also selected at that time. Devices running HSRP send and
receive multicast UDP-based hello packets to detect router failure and to
designate active and standby routers. When HSRP is configured on an interface,
Internet Control Message Protocol (ICMP) redirect messages are automatically
enabled for the interface.
You can configure multiple Hot Standby groups among switches and switch stacks
that are operating in Layer 3 to make more use of the redundant routers.
To do so, specify a group number for each Hot Standby command group you
configure for an interface. For example, you might configure an interface on
switch 1 as an active router and one on switch 2 as a standby router and also
configure another interface on switch 2 as an active router with another
interface on switch 1 as its standby router.
The following figure shows a segment of a network configured for HSRP. Each
router is configured with the MAC address and IP network address of the
virtual router. Instead of configuring hosts on the network with the IP
address of Router A, you configure them with the IP address of the virtual
router as their default router. When Host C sends packets to Host B, it sends
them to the MAC address of the virtual router. If for any reason, Router A
stops transferring packets, Router B responds to the virtual IP address and
virtual MAC address and becomes the active router, assuming the active router
duties. Host C continues to use the IP address of the virtual router to
address packets destined for Host B, which Router B now receives and sends to
Host B. Until Router A resumes operation, HSRP allows Router B to provide
uninterrupted service to users on Host C’s segment that need to communicate
with users on Host B’s segment and also continues to perform its normal
function of handling packets between the Host A segment and Host B.
Figure 2: Typical HSRP Configuration
Redundancy Protocol Configuration Guide, Cisco Catalyst IE3x00 and IE3100 Rugged, IE3400 Heavy Duty, and ESS3300 Series Switches 28
Configuring HSRP
HSRP Versions
HSRP Versions
The switch supports these HSRP versions: · HSRPv1- Version 1 of the HSRP, the
default version of HSRP. It has these features: · The HSRP group number can be
from 0 to 255.
· HSRPv1 uses the multicast address 224.0.0.2 to send hello packets, which can
conflict with Cisco Group Management Protocol (CGMP) leave processing. You
cannot enable HSRPv1 and CGMP at the same time; they are mutually exclusive.
· HSRPv2- Version 2 of the HSRP has these features: · HSRPv2 uses the
multicast address 224.0.0.102 to send hello packets. HSRPv2 and CGMP leave
processing are no longer mutually exclusive, and both can be enabled at the
same time.
· HSRPv2 has a different packet format than HRSPv1.
A switch running HSRPv1 cannot identify the physical router that sent a hello
packet because the source MAC address of the router is the virtual MAC
address.
HSRPv2 has a different packet format than HSRPv1. A HSRPv2 packet uses the
type-length-value (TLV) format and has a 6-byte identifier field with the MAC
address of the physical router that sent the packet.
If an interface running HSRPv1 gets an HSRPv2 packet, the type field is
ignored.
Multiple HSRP
The switch supports Multiple HSRP (MHSRP), an extension of HSRP that allows
load sharing between two or more HSRP groups. You can configure MHSRP to
achieve load-balancing and to use two or more standby groups (and paths) from
a host network to a server network.
In the figure below, half the clients are configured for Router A, and half
the clients are configured for Router B. Together, the configuration for
Routers A and B establishes two HSRP groups. For group 1, Router A is the
default active router because it has the assigned highest priority, and Router
B is the standby router. For group 2, Router B is the default active router
because it has the assigned highest priority, and Router A is the standby
router. During normal operation, the two routers share the IP traffic load.
When either router becomes unavailable, the other router becomes active and
assumes the packet-transfer functions of the router that is unavailable.
Note For MHSRP, you need to enter the standby preempt interface configuration command on the HSRP interfaces so that if a router fails and then comes back up, preemption restores load sharing.
Redundancy Protocol Configuration Guide, Cisco Catalyst IE3x00 and IE3100 Rugged, IE3400 Heavy Duty, and ESS3300 Series Switches 29
HSRP and Switch Stacks Figure 3: MHSRP Load Sharing
Configuring HSRP
HSRP and Switch Stacks
HSRP hello messages are generated by the stack master. If an HSRP-active stack
master fails, a flap in the HSRP active state might occur. This is because
HSRP hello messages are not generated while a new stack master is elected and
initialized, and the standby router might become active after the stack master
fails.
Configuring HSRP for IPv6
Switches running the support the Hot Standby Router Protocol (HSRP) for IPv6.
HSRP provides routing redundancy for routing IPv6 traffic not dependent on the
availability of any single router. IPv6 hosts learn of available routers
through IPv6 neighbor discovery router advertisement messages. These messages
are multicast periodically or are solicited by hosts. An HSRP IPv6 group has a
virtual MAC address that is derived from the HSRP group number and a virtual
IPv6 link-local address that is, by default, derived from the HSRP virtual MAC
address. Periodic messages are sent for the HSRP virtual IPv6 link-local
address when the HSRP group is active. These messages stop after a final one
is sent when the group leaves the active state.
Note When configuring HSRP for IPv6, you must enable HSRP version 2 (HSRPv2)
on the interface.
HSRP IPv6 Virtual MAC Address Range
HSRP IPv6 uses a different virtual MAC address block than does HSRP for IP:
0005.73A0.0000 through 0005.73A0.0FFF (4096 addresses)
HSRP IPv6 UDP Port Number
Port number 2029 has been assigned to HSRP IPv6.
Redundancy Protocol Configuration Guide, Cisco Catalyst IE3x00 and IE3100
Rugged, IE3400 Heavy Duty, and ESS3300 Series Switches 30
Configuring HSRP
How to Configure HSRP
How to Configure HSRP
Default HSRP Configuration
Table 2: Default HSRP Configuration
Feature HSRP version HSRP groups Standby group number Standby MAC address Standby priority Standby delay Standby track interface priority Standby hello time Standby holdtime
Default Setting Version 1 None configured 0 System assigned as:
0000.0c07.acXX, where XX is the HSRP group number 100 0 (no delay) 10
3 seconds 10 seconds
HSRP Configuration Guidelines
· HSRPv2 and HSRPv1 are mutually exclusive. HSRPv2 is not interoperable with
HSRPv1 on an interface and the reverse.
· In the procedures, the specified interface must be one of these Layer 3
interfaces: · Routed port: A physical port configured as a Layer 3 port by
entering the no switchport command in interface configuration mode.
· SVI: A VLAN interface created by using the interface vlan vlan_id in global
configuration mode, and by default a Layer 3 interface.
· Etherchannel port channel in Layer 3 mode: A port-channel logical interface
created by using the interface port-channel port-channel-number in global
configuration mode, and binding the Ethernet interface into the channel group.
· You can configure a maximum of 32 HSRP groups.
· All Layer 3 interfaces must have IP addresses assigned to them.
· HSRP millisecond timers are not supported.
Enabling HSRP
The standby ip interface configuration command activates HSRP on the
configured interface. If an IP address is specified, that address is used as
the designated address for the Hot Standby group. If no IP address is
specified, the address is learned through the standby function. You must
configure at least one Layer 3 port
Redundancy Protocol Configuration Guide, Cisco Catalyst IE3x00 and IE3100 Rugged, IE3400 Heavy Duty, and ESS3300 Series Switches 31
Enabling HSRP
Configuring HSRP
on the LAN with the designated address. Configuring an IP address always
overrides another designated address currently in use.
When the standby ip command is enabled on an interface and proxy ARP is
enabled, if the interface’s Hot Standby state is active, proxy ARP requests
are answered using the Hot Standby group MAC address. If the interface is in a
different state, proxy ARP responses are suppressed.
SUMMARY STEPS
1. configure terminal 2. interface interface-id 3. standby version { 1 | 2 } 4. standby [group-number] ip [ip-address [secondary]] 5. end 6. show standby [interface-id [group]] 7. copy running-config startup-config
DETAILED STEPS
Step 1
Command or Action configure terminal Example:
Switch(config)# configure terminal
Step 2
interface interface-id Example:
Switch(config)# interface gigabitethernet1/0/1
Step 3
standby version { 1 | 2 } Example:
Switch(config-if)# standby version 1
Purpose Enters global configuration mode.
Enters interface configuration mode, and enter the Layer 3 interface on which
you want to enable HSRP.
(Optional) Configures the HSRP version on the interface. · 1- Selects HSRPv1.
· 2- Selects HSRPv2.
Step 4
If you do not enter this command or do not specify a keyword, the interface runs the default HSRP version, HSRP v1.
standby [group-number] ip [ip-address [secondary]] Creates (or enable) the HSRP group using its number and
Example:
virtual IP address.
Switch(config-if)# standby 1 ip
· (Optional) group-number- The group number on the interface for which HSRP is being enabled. The range
is 0 to 255; the default is 0. If there is only one HSRP
group, you do not need to enter a group number.
· (Optional on all but one interface) ip-address- The virtual IP address of the hot standby router interface. You must enter the virtual IP address for at least one of the interfaces; it can be learned on the other interfaces.
Redundancy Protocol Configuration Guide, Cisco Catalyst IE3x00 and IE3100 Rugged, IE3400 Heavy Duty, and ESS3300 Series Switches 32
Configuring HSRP
Enabling and Verifying an HSRP Group for IPv6 Operation
Command or Action
Step 5 Step 6 Step 7
end Example:
Switch(config-if)# end
show standby [interface-id [group]] Example:
Switch # show standby
copy running-config startup-config Example:
Switch# copy running-config startup-config
Purpose · (Optional) secondary- The IP address is a secondary hot standby
router interface. If neither router is designated as a secondary or standby
router and no priorities are set, the primary IP addresses are compared and
the higher IP address is the active router, with the next highest as the
standby router.
Returns to privileged EXEC mode
Verifies the configuration of the standby groups.
(Optional) Saves your entries in the configuration file.
Enabling and Verifying an HSRP Group for IPv6 Operation
In this task, when you enter the standby ipv6 command, a link-local address is
generated from the link-local prefix, and a modified EUI-64 format interface
identifier is generated in which the EUI-64 interface identifier is created
from the relevant HSRP virtual MAC address.
A link-local address is an IPv6 unicast address that can be automatically
configured on any interface using the link-local prefix FE80::/10 (1111 1110
10) and the interface identifier in the modified EUI-64 format. Link-local
addresses are used in the stateless autoconfiguration process. Nodes on a
local link can use link-local addresses to communicate; the nodes do not need
site-local or globally unique addresses to communicate.
In IPv6, a device on the link advertises in RA messages any site-local and
global prefixes, and its willingness to function as a default device for the
link. RA messages are sent periodically and in response to router solicitation
messages, which are sent by hosts at system startup.
A node on the link can automatically configure site-local and global IPv6
addresses by appending its interface identifier (64 bits) to the prefixes (64
bits) included in the RA messages. The resulting 128-bit IPv6 addresses
configured by the node are then subjected to duplicate address detection to
ensure their uniqueness on the link. If the prefixes advertised in the RA
messages are globally unique, then the IPv6 addresses configured by the node
are also guaranteed to be globally unique. Router solicitation messages, which
have a value of 133 in the Type field of the ICMP packet header, are sent by
hosts at system startup so that the host can immediately autoconfigure without
needing to wait for the next scheduled RA message.
To enabling and verifying an HSRP group for IPv6, perform this procedure:
Redundancy Protocol Configuration Guide, Cisco Catalyst IE3x00 and IE3100 Rugged, IE3400 Heavy Duty, and ESS3300 Series Switches 33
Enabling and Verifying an HSRP Group for IPv6 Operation
Configuring HSRP
Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Step 9
Procedure Command or Action enable Example:
Device> enable
configure terminal Example:
Device# configure terminal
ipv6 unicast-routing Example:
Device(config)# ipv6 unicast-routing
interface type number Example:
Purpose Enables privileged EXEC mode.
· Enter your password if prompted.
Enters global configuration mode.
Enables the forwarding of IPv6 unicast datagrams. · The ipv6 unicast-routing
command must be enabled for HSRP for IPv6 to work.
Specifies an interface type and number, and places the device in interface
configuration mode.
Device(config)# interface GigabitEthernet 0/0/0
standby [group-number] ipv6 {link-local-address | autoconfig}
Example:
Activates the HSRP in IPv6.
Device(config-if)# standby 1 ipv6 autoconfig
standby [group-number] preempt [delay minimum seconds | reload seconds | sync
seconds] Example:
Configures HSRP preemption and preemption delay.
Device(config-if)# standby 1 preempt
standby [group-number] priority priority Example:
Configures HSRP priority.
Device(config-if)# standby 1 priority 110
exit Example:
Returns the device to privileged EXEC mode.
Device(config-if)# exit
show standby [type number [group]] [all | brief] Example:
Displays HSRP information.
Device# show standby
Redundancy Protocol Configuration Guide, Cisco Catalyst IE3x00 and IE3100 Rugged, IE3400 Heavy Duty, and ESS3300 Series Switches 34
Configuring HSRP
Configuring HSRP Priority
Step 10
Command or Action
show ipv6 interface [brief] [interface-type interface-number] [prefix]
Example:
Purpose
Displays the usability status of interfaces configured for IPv6.
Device# show ipv6 interface GigabitEthernet 0/0/0
Configuring HSRP Priority
The standby priority, standby preempt, and standby track interface
configuration commands are all used to set characteristics for finding active
and standby routers and behavior regarding when a new active router takes
over.
When configuring HSRP priority, follow these guidelines:
· Assigning a priority allows you to select the active and standby routers. If
preemption is enabled, the router with the highest priority becomes the active
router. If priorities are equal, the current active router does not change.
· The highest number (1 to 255) represents the highest priority (most likely
to become the active router).
· When setting the priority, preempt, or both, you must specify at least one
keyword (priority, preempt, or both)
· The priority of the device can change dynamically if an interface is
configured with the standby track command and another interface on the router
goes down.
· The standby track interface configuration command ties the router hot
standby priority to the availability of its interfaces and is useful for
tracking interfaces that are not configured for HSRP. When a tracked interface
fails, the hot standby priority on the device on which tracking has been
configured decreases by 10. If an interface is not tracked, its state changes
do not affect the hot standby priority of the configured device. For each
interface configured for hot standby, you can configure a separate list of
interfaces to be tracked.
· The standby track interface-priority interface configuration command
specifies how much to decrement the hot standby priority when a tracked
interface goes down. When the interface comes back up, the priority is
incremented by the same amount.
· When multiple tracked interfaces are down and interface-priority values have
been configured, the configured priority decrements are cumulative. If tracked
interfaces that were not configured with priority values fail, the default
decrement is 10, and it is noncumulative.
· When routing is first enabled for the interface, it does not have a complete
routing table. If it is configured to preempt, it becomes the active router,
even though it is unable to provide adequate routing services. To solve this
problem, configure a delay time to allow the router to update its routing
table.
Beginning in privileged EXEC mode, use one or more of these steps to configure
HSRP priority characteristics on an interface:
SUMMARY STEPS
1. configure terminal 2. interface interface-id
Redundancy Protocol Configuration Guide, Cisco Catalyst IE3x00 and IE3100 Rugged, IE3400 Heavy Duty, and ESS3300 Series Switches 35
Configuring HSRP Priority
Configuring HSRP
3. standby [group-number] prioritypriority 4. standby [group-number] preempt [delay [minimumseconds] [reloadseconds] [syncseconds]] 5. standby [group- number] track type number [interface-priority] 6. end 7. show running-config 8. copy running-config startup-config
DETAILED STEPS
Step 1 Step 2 Step 3
Command or Action configure terminal Example:
Switch # configure terminal
interface interface-id Example:
Switch(config)# interface gigabitethernet1/0/1
standby [group-number] prioritypriority Example:
Switch(config-if)# standby 120 priority 50
Purpose Enters global configuration mode.
Enters interface configuration mode, and enter the HSRP interface on which you
want to set priority.
Sets a priority value used in choosing the active router. The range is 1 to
255; the default priority is 100. The highest number represents the highest
priority.
· (Optional) group-number–The group number to which the command applies.
Step 4
Use the no form of the command to restore the default values.
standby [group-number] preempt [delay
Configures the router to preempt, which means that when
[minimumseconds] [reloadseconds] [syncseconds]] the local router has a higher priority than the active router,
Example:
it becomes the active router.
Switch(config-if)# standby 1 preempt delay 300
· (Optional) group-number-The group number to which the command applies.
· (Optional) delay minimum–Set to cause the local router to postpone taking over the active role for the number of seconds shown. The range is 0 to 3600 seconds (1 hour); the default is 0 (no delay before taking over).
· (Optional) delay reload–Set to cause the local router to postpone taking over the active role after a reload for the number of seconds shown. The range is 0 to 3600 seconds (1 hour); the default is 0 (no delay before taking over after a reload).
· (Optional) delay sync–Set to cause the local router to postpone taking over the active role so that IP redundancy clients can reply (either with an ok or wait reply) for the number of seconds shown. The range is
Redundancy Protocol Configuration Guide, Cisco Catalyst IE3x00 and IE3100 Rugged, IE3400 Heavy Duty, and ESS3300 Series Switches 36
Configuring HSRP
Configuring MHSRP
Command or Action
Step 5
standby [group-number] track type number [interface-priority] Example:
Switch(config-if)# standby track interface gigabitethernet1/1/1
Step 6
end Example:
Switch(config-if)# end
Purpose 0 to 3600 seconds (1 hour); the default is 0 (no delay before taking
over).
Use the no form of the command to restore the default values.
Configures an interface to track other interfaces so that if one of the other
interfaces goes down, the device’s Hot Standby priority is lowered.
· (Optional) group-number- The group number to which the command applies.
· type- Enter the interface type (combined with interface number) that is
tracked.
· number- Enter the interface number (combined with interface type) that is
tracked.
· (Optional) interface-priority- Enter the amount by which the hot standby
priority for the router is decremented or incremented when the interface goes
down or comes back up. The default value is 10.
Returns to privileged EXEC mode.
Step 7 Step 8
show running-config copy running-config startup-config
Verifies the configuration of the standby groups. (Optional) Saves your entries in the configuration file.
Configuring MHSRP
To enable MHSRP and load-balancing, you configure two routers as active
routers for their groups, with virtual routers as standby routers as shown in
the MHSRP Load Sharing figure in the Multiple HSRP section. You need to enter
the standby preempt interface configuration command on each HSRP interface so
that if a router fails and comes back up, the preemption occurs and restores
load-balancing.
Router A is configured as the active router for group 1, and Router B is
configured as the active router for group 2. The HSRP interface for Router A
has an IP address of 10.0.0.1 with a group 1 standby priority of 110 (the
default is 100). The HSRP interface for Router B has an IP address of 10.0.0.2
with a group 2 standby priority of 110.
Group 1 uses a virtual IP address of 10.0.0.3 and group 2 uses a virtual IP
address of 10.0.0.4.
Configuring Router A
SUMMARY STEPS
1. configure terminal
Redundancy Protocol Configuration Guide, Cisco Catalyst IE3x00 and IE3100 Rugged, IE3400 Heavy Duty, and ESS3300 Series Switches 37
Configuring Router A
Configuring HSRP
2. interface type number 3. no switchport 4. ip address ip-address mask 5. standby [group-number] ip [ip-address [secondary]] 6. standby [group-number] priority priority 7. standby [group-number] preempt [delay [minimum seconds] [reload seconds] [sync seconds]] 8. standby [group-number] ip [ip-address [secondary]] 9. standby [group-number] preempt [delay [minimum seconds] [reload seconds] [sync seconds]] 10. end 11. show running-config 12. copy running-config startup-config
DETAILED STEPS
Step 1
Command or Action configure terminal Example:
Switch # configure terminal
Purpose Enters global configuration mode.
Step 2
interface type number Example:
Configures an interface type and enters interface configuration mode.
Switch (config)# interface gigabitethernet1/0/1
Step 3
no switchport Example:
Switch (config)# no switchport
Switches an interface that is in Layer 2 mode into Layer 3 mode for Layer 3 configuration.
Step 4
ip address ip-address mask
Example:
Switch (config-if)# ip address 10.0.0.1 255.255.255.0
Specifies an IP address for an interface.
Step 5
standby [group-number] ip [ip-address [secondary]] Creates the HSRP group using its number and virtual IP
Example:
address.
Switch (config-if)# standby 1 ip 10.0.0.3
· (Optional) group-number- The group number on the interface for which HSRP is being enabled. The range
is 0 to 255; the default is 0. If there is only one HSRP
group, you do not need to enter a group number.
· (Optional on all but one interface) ip-address- The virtual IP address of the hot standby router interface. You must enter the virtual IP address for at least one of the interfaces; it can be learned on the other interfaces.
· (Optional) secondary- The IP address is a secondary hot standby router interface. If neither router is designated as a secondary or standby router and no
Redundancy Protocol Configuration Guide, Cisco Catalyst IE3x00 and IE3100 Rugged, IE3400 Heavy Duty, and ESS3300 Series Switches 38
Configuring HSRP
Configuring Router A
Step 6 Step 7
Step 8
Command or Action
Purpose
priorities are set, the primary IP addresses are compared and the higher IP
address is the active router, with the next highest as the standby router.
standby [group-number] priority priority Example:
Switch(config-if)# standby 1 priority 110
Sets a priority value used in choosing the active router. The range is 1 to
255; the default priority is 100. The highest number represents the highest
priority.
· (Optional) group-number–The group number to which the command applies.
Use the no form of the command to restore the default values.
standby [group-number] preempt [delay [minimum Configures the router to preempt, which means that when
seconds] [reload seconds] [sync seconds]]
the local router has a higher priority than the active router,
Example:
it becomes the active router.
Switch(config-if)# standby 1 preempt delay 300
· (Optional) group-number-The group number to which the command applies.
· (Optional) delay minimum–Set to cause the local router to postpone taking over the active role for the number of seconds shown. The range is 0 to 3600 seconds (1 hour); the default is 0 (no delay before taking over).
· (Optional) delay reload–Set to cause the local router to postpone taking over the active role after a reload for the number of seconds shown. The range is 0 to 3600 seconds (1 hour); the default is 0 (no delay before taking over after a reload)
.
· (Optional) delay sync–Set to cause the local router to postpone taking over
the active role so that IP redundancy clients can reply (either with an ok or
wait reply) for the number of seconds shown. The range is 0 to 3600 seconds (1
hour); the default is 0 (no delay before taking over).
Use the no form of the command to restore the default values.
standby [group-number] ip [ip-address [secondary]] Creates the HSRP group using its number and virtual IP
Example:
address.
Switch (config-if)# standby 2 ip 10.0.0.4
· (Optional) group-number- The group number on the interface for which HSRP is being enabled. The range
is 0 to 255; the default is 0. If there is only one HSRP
group, you do not need to enter a group number.
Redundancy Protocol Configuration Guide, Cisco Catalyst IE3x00 and IE3100 Rugged, IE3400 Heavy Duty, and ESS3300 Series Switches 39
Configuring Router B
Configuring HSRP
Step 9
Step 10 Step 11 Step 12
Command or Action
Purpose
· (Optional on all but one interface) ip-address- The virtual IP address of
the hot standby router interface. You must enter the virtual IP address for at
least one of the interfaces; it can be learned on the other interfaces.
· (Optional) secondary- The IP address is a secondary hot standby router
interface. If neither router is designated as a secondary or standby router
and no priorities are set, the primary IP addresses are compared and the
higher IP address is the active router, with the next highest as the standby
router.
standby [group-number] preempt [delay [minimum Configures the router to preempt, which means that when
seconds] [reload seconds] [sync seconds]]
the local router has a higher priority than the active router,
Example:
it becomes the active router.
Switch(config-if)# standby 2 preempt delay 300
· (Optional) group-number-The group number to which the command applies.
· (Optional) delay minimum–Set to cause the local
router to postpone taking over the active role for the
number of seconds shown. The range is 0 to 3600
seconds (1 hour); the default is 0 (no delay before
taking over).
· (Optional) delay reload–Set to cause the local router
to postpone taking over the active role after a reload
for the number of seconds shown. The range is 0 to
3600 seconds (1 hour); the default is 0 (no delay
before taking over after a reload).
· (Optional) delay sync–Set to cause the local router
to postpone taking over the active role so that IP redundancy clients can reply (either with an ok or wait reply) for the number of seconds shown. The range is 0 to 3600 seconds (1 hour); the default is 0 (no delay before taking over).
Use the no form of the command to restore the default values.
end Example:
Switch(config-if)# end
Returns to privileged EXEC mode.
show running-config copy running-config startup-config
Verifies the configuration of the standby groups. (Optional) Saves your entries in the configuration file.
Configuring Router B
SUMMARY STEPS
1. configure terminal
Redundancy Protocol Configuration Guide, Cisco Catalyst IE3x00 and IE3100 Rugged, IE3400 Heavy Duty, and ESS3300 Series Switches 40
Configuring HSRP
Configuring Router B
2. interface type number 3. no switchport 4. ip address ip-address mask 5. standby [group-number] ip [ip-address [secondary]] 6. standby [group-number] priority priority 7. standby [group-number] preempt [delay [minimum seconds] [reload seconds] [sync seconds]] 8. standby [group-number] ip [ip-address [secondary]] 9. standby [group-number] preempt [delay [minimum seconds] [reload seconds] [sync seconds]] 10. end 11. show running-config 12. copy running-config startup-config
DETAILED STEPS
Step 1
Command or Action configure terminal Example:
Switch # configure terminal
Purpose Enters global configuration mode.
Step 2
interface type number Example:
Configures an interface type and enters interface configuration mode.
Switch (config)# interface gigabitethernet1/0/1
Step 3
no switchport Example:
Switch (config)# no switchport
Switches an interface that is in Layer 2 mode into Layer 3 mode for Layer 3 configuration.
Step 4
ip address ip-address mask
Example:
Switch (config-if)# ip address 10.0.0.2 255.255.255.0
Specifies an IP address for an interface.
Step 5
standby [group-number] ip [ip-address [secondary]] Creates the HSRP group using its number and virtual IP
Example:
address.
Switch (config-if)# standby 1 ip 10.0.0.3
· (Optional) group-number- The group number on the interface for which HSRP is being enabled. The range
is 0 to 255; the default is 0. If there is only one HSRP
group, you do not need to enter a group number.
· (Optional on all but one interface) ip-address- The virtual IP address of the hot standby router interface. You must enter the virtual IP address for at least one of the interfaces; it can be learned on the other interfaces.
· (Optional) secondary- The IP address is a secondary hot standby router interface. If neither router is designated as a secondary or standby router and no
Redundancy Protocol Configuration Guide, Cisco Catalyst IE3x00 and IE3100 Rugged, IE3400 Heavy Duty, and ESS3300 Series Switches 41
Configuring Router B
Configuring HSRP
Step 6 Step 7
Step 8
Command or Action
Purpose
priorities are set, the primary IP addresses are compared and the higher IP
address is the active router, with the next highest as the standby router.
standby [group-number] priority priority Example:
Switch(config-if)# standby 2 priority 110
Sets a priority value used in choosing the active router. The range is 1 to
255; the default priority is 100. The highest number represents the highest
priority.
· (Optional) group-number–The group number to which the command applies.
Use the no form of the command to restore the default values.
standby [group-number] preempt [delay [minimum Configures the router to preempt, which means that when
seconds] [reload seconds] [sync seconds]]
the local router has a higher priority than the active router,
Example:
it becomes the active router.
Switch(config-if)# standby 1 preempt delay 300
· (Optional) group-number-The group number to which the command applies.
· (Optional) delay minimum–Set to cause the local router to postpone taking over the active role for the number of seconds shown. The range is 0 to 3600 seconds (1 hour); the default is 0 (no delay before taking over).
· (Optional) delay reload–Set to cause the local router to postpone taking over the active role after a reload for the number of seconds shown. The range is 0 to 3600 seconds (1 hour); the default is 0 (no delay before taking over after a reload).
· (Optional) delay sync–Set to cause the local router to postpone taking over the active role so that IP redundancy clients can reply (either with an ok or wait reply) for the number of seconds shown. The range is 0 to 3600 seconds (1 hour); the default is 0 (no delay before taking over).
Use the no form of the command to restore the default values.
standby [group-number] ip [ip-address [secondary]] Creates the HSRP group using its number and virtual IP
Example:
address.
Switch (config-if)# standby 2 ip 10.0.0.4
· (Optional) group-number- The group number on the interface for which HSRP is being enabled. The range
is 0 to 255; the default is 0. If there is only one HSRP
group, you do not need to enter a group number.
· (Optional on all but one interface) ip-address- The virtual IP address of the hot standby router interface.
Redundancy Protocol Configuration Guide, Cisco Catalyst IE3x00 and IE3100 Rugged, IE3400 Heavy Duty, and ESS3300 Series Switches 42
Configuring HSRP
Configuring Router B
Step 9
Step 10 Step 11 Step 12
Command or Action
Purpose
You must enter the virtual IP address for at least one of the interfaces; it
can be learned on the other interfaces.
· (Optional) secondary- The IP address is a secondary hot standby router
interface. If neither router is designated as a secondary or standby router
and no priorities are set, the primary IP addresses are compared and the
higher IP address is the active router, with the next highest as the standby
router.
standby [group-number] preempt [delay [minimum Configures the router to preempt, which means that when
seconds] [reload seconds] [sync seconds]]
the local router has a higher priority than the active router,
Example:
it becomes the active router.
Switch(config-if)# standby 2 preempt delay 300
· (Optional) group-number-The group number to which the command applies.
· (Optional) delay minimum–Set to cause the local router to postpone taking over the active role for the number of seconds shown. The range is 0 to 3600 seconds (1 hour); the default is 0 (no delay before taking over)
.
· (Optional) delay reload–Set to cause the local router to postpone taking
over the active role after a reload for the number of seconds shown. The range
is 0 to 3600 seconds (1 hour); the default is 0 (no delay before taking over
after a reload).
· (Optional) delay sync–Set to cause the local router to postpone taking over the active role so that IP redundancy clients can reply (either with an ok or wait reply) for the number of seconds shown. The range is 0 to 3600 seconds (1 hour); the default is 0 (no delay before taking over).
end Example:
Switch(config-if)# end
show running-config copy running-config startup-config
Use the no form of the command to restore the default values. Returns to
privileged EXEC mode.
Verifies the configuration of the standby groups. (Optional) Saves your
entries in the configuration file.
Redundancy Protocol Configuration Guide, Cisco Catalyst IE3x00 and IE3100 Rugged, IE3400 Heavy Duty, and ESS3300 Series Switches 43
Configuring HSRP Authentication and Timers
Configuring HSRP
Configuring HSRP Authentication and Timers
You can optionally configure an HSRP authentication string or change the
hello-time interval and holdtime.
When configuring these attributes, follow these guidelines:
· The authentication string is sent unencrypted in all HSRP messages. You must
configure the same authentication string on all routers and access servers on
a cable to ensure interoperation. Authentication mismatch prevents a device
from learning the designated Hot Standby IP address and timer values from
other routers configured with HSRP.
· Routers or access servers on which standby timer values are not configured
can learn timer values from the active or standby router. The timers
configured on an active router always override any other timer settings.
· All routers in a Hot Standby group should use the same timer values.
Normally, the holdtime is greater than or equal to 3 times the hellotime.
Beginning in privileged EXEC mode, use one or more of these steps to configure
HSRP authentication and timers on an interface:
SUMMARY STEPS
1. configure terminal 2. interface interface-id 3. standby [group-number] authentication string 4. end 5. show running-config 6. copy running-config startup-config
DETAILED STEPS
Step 1
Command or Action configure terminal Example:
Switch # configure terminal
Purpose Enters global configuration mode.
Step 2
interface interface-id Example:
Switch(config) # interface gigabitethernet1/0/1
Enters interface configuration mode, and enter the HSRP interface on which you want to set priority.
Step 3
standby [group-number] authentication string
(Optional) authentication string–Enter a string to be
Example:
carried in all HSRP messages. The authentication string can be up to eight characters in length; the default string is cisco.
Switch(config-if) # standby 1 authentication word
(Optional) group-number–The group number to which the
command applies.
Step 4
end Example:
Returns to privileged EXEC mode.
Redundancy Protocol Configuration Guide, Cisco Catalyst IE3x00 and IE3100 Rugged, IE3400 Heavy Duty, and ESS3300 Series Switches 44
Configuring HSRP
Enabling HSRP Support for ICMP Redirect Messages
Command or Action
Switch(config-if) # end
Purpose
Step 5 Step 6
show running-config copy running-config startup-config
Verifies the configuration of the standby groups. (Optional) Saves your entries in the configuration file.
Enabling HSRP Support for ICMP Redirect Messages
SUMMARY STEPS
1. ICMP redirect messages are automatically enabled on interfaces configured with HSRP. ICMP is a network layer Internet protocol that provides message packets to report errors and other information relevant to IP processing. ICMP provides diagnostic functions, such as sending and directing error packets to the host. This feature filters outgoing ICMP redirect messages through HSRP, in which the next hop IP address might be changed to an HSRP virtual IP address.
DETAILED STEPS
Step 1
Command or Action
Purpose
ICMP redirect messages are automatically enabled on interfaces configured with HSRP. ICMP is a network layer Internet protocol that provides message packets to report errors and other information relevant to IP processing. ICMP provides diagnostic functions, such as sending and directing error packets to the host. This feature filters outgoing ICMP redirect messages through HSRP, in which the next hop IP address might be changed to an HSRP virtual IP address.
Verifying HSRP
Verifying HSRP Configurations
From privileged EXEC mode, use this command to display HSRP settings: show
standby [interface-id [group]] [brief] [detail] You can display HSRP
information for the whole switch, for a specific interface, for an HSRP group,
or for an HSRP group on an interface. You can also specify whether to display
a concise overview of HSRP information or detailed HSRP information. The
default display is detail. If there are a large number of HSRP groups, using
the show standby command without qualifiers can result in an unwieldy display.
Example
Switch #show standby VLAN1 – Group 1 Local state is Standby, priority 105, may
preempt Hellotime 3 holdtime 10
Redundancy Protocol Configuration Guide, Cisco Catalyst IE3x00 and IE3100 Rugged, IE3400 Heavy Duty, and ESS3300 Series Switches 45
Configuration Examples for Configuring HSRP
Configuring HSRP
Next hello sent in 00:00:02.182 Hot standby IP address is 172.20.128.3
configured Active router is 172.20.128.1 expires in 00:00:09 Standby router is
local Standby virtual mac address is 0000.0c07.ac01 Name is bbb
VLAN1 – Group 100 Local state is Standby, priority 105, may preempt Hellotime
3 holdtime 10 Next hello sent in 00:00:02.262 Hot standby IP address is
172.20.138.51 configured Active router is 172.20.128.1 expires in 00:00:09
Active router is local Standby router is unknown expired Standby virtual mac
address is 0000.0c07.ac64 Name is test
Configuration Examples for Configuring HSRP
Enabling HSRP: Example
This example shows how to activate HSRP for group 1 on an interface. The IP
address used by the hot standby group is learned by using HSRP.
Note This procedure is the minimum number of steps required to enable HSRP.
Other configurations are optional.
Switch # configure terminal Switch(config) # interface gigabitethernet1/0/1
Switch(config-if)# no switchport Switch(config-if)# standby 1 ip Switch
(config-if)# end Switch # show standby
Example: Configuration and Verification for an HSRP Group
The following example shows configuration and verification for an HSRP group
for IPv6 that consists of Device1 and Device2. The show standby command is
issued for each device to verify the device’s configuration:
Device 1 configuration
interface FastEthernet0/0.100 description DATA VLAN for PCs encapsulation
dot1Q 100 ipv6 address 2001:DB8:CAFE:2100::BAD1:1010/64 standby version 2
standby 101 priority 120 standby 101 preempt delay minimum 30 standby 101
authentication ese standby 101 track Serial0/1/0.17 90 standby 201 ipv6
autoconfig standby 201 priority 120 standby 201 preempt delay minimum 30
Redundancy Protocol Configuration Guide, Cisco Catalyst IE3x00 and IE3100 Rugged, IE3400 Heavy Duty, and ESS3300 Series Switches 46
Configuring HSRP
Example: Configuration and Verification for an HSRP Group
standby 201 authentication ese standby 201 track Serial0/1/0.17 90 Device1#
show standby FastEthernet0/0.100 – Group 101 (version 2) State is Active 2
state changes, last state change 5w5d Active virtual MAC address is
0000.0c9f.f065 Local virtual MAC address is 0000.0c9f.f065 (v2 default) Hello
time 3 sec, hold time 10 sec Next hello sent in 2.296 secs Authentication text
“ese” Preemption enabled, delay min 30 secs Active router is local Priority
120 (configured 120) Track interface Serial0/1/0.17 state Up decrement 90 IP
redundancy name is “hsrp-Fa0/0.100-101” (default) FastEthernet0/0.100 – Group
201 (version 2) State is Active 2 state changes, last state change 5w5d
Virtual IP address is FE80::5:73FF:FEA0:C9 Active virtual MAC address is
0005.73a0.00c9 Local virtual MAC address is 0005.73a0.00c9 (v2 IPv6 default)
Hello time 3 sec, hold time 10 sec Next hello sent in 2.428 secs
Authentication text “ese” Preemption enabled, delay min 30 secs Active router
is local Standby router is FE80::20F:8FFF:FE37:3B70, priority 100 (expires in
7.856 sec) Priority 120 (configured 120) Track interface Serial0/1/0.17 state
Up decrement 90 IP redundancy name is “hsrp-Fa0/0.100-201” (default)
Device 2 configuration
interface FastEthernet0/0.100 description DATA VLAN for Computers
encapsulation dot1Q 100 ipv6 address 2001:DB8:CAFE:2100::BAD1:1020/64 standby
version 2 standby 101 preempt standby 101 authentication ese standby 201 ipv6
autoconfig standby 201 preempt standby 201 authentication ese Device2# show
standby FastEthernet0/0.100 – Group 101 (version 2) State is Standby 7 state
changes, last state change 5w5d Active virtual MAC address is 0000.0c9f.f065
Local virtual MAC address is 0000.0c9f.f065 (v2 default) Hello time 3 sec,
hold time 10 sec Next hello sent in 0.936 secs Authentication text “ese”
Preemption enabled MAC address is 0012.7fc6.8f0c Standby router is local
Priority 100 (default 100) IP redundancy name is “hsrp-Fa0/0.100-101”
(default) FastEthernet0/0.100 – Group 201 (version 2) State is Standby 7 state
changes, last state change 5w5d Virtual IP address is FE80::5:73FF:FEA0:C9
Active virtual MAC address is 0005.73a0.00c9 Local virtual MAC address is
0005.73a0.00c9 (v2 IPv6 default) Hello time 3 sec, hold time 10 sec
Redundancy Protocol Configuration Guide, Cisco Catalyst IE3x00 and IE3100 Rugged, IE3400 Heavy Duty, and ESS3300 Series Switches 47
Configuring HSRP Priority: Example
Configuring HSRP
Next hello sent in 0.936 secs Authentication text “ese” Preemption enabled
Active router is FE80::212:7FFF:FEC6:8F0C, priority 120 (expires in 7.548 sec)
MAC address is 0012.7fc6.8f0c Standby router is local Priority 100 (default
100) IP redundancy name is “hsrp-Fa0/0.100-201” (default)
Configuring HSRP Priority: Example
This example activates a port, sets an IP address and a priority of 120
(higher than the default value), and waits for 300 seconds (5 minutes) before
attempting to become the active router:
Switch # configure terminal Switch(config) # interface gigabitethernet1/0/1
Switch(config-if)# no switchport Switch(config-if)# standby ip 172.20.128.3
Switch(config-if)# standby priority 120 preempt delay 300 Switch(config-if)#
end Switch # show standby
Configuring MHSRP: Example
This example shows how to enable the MHSRP configuration shown in the figure
MHSRP Load Sharing
Router A Configuration
Switch # configure terminal Switch(config) # interface gigabitethernet1/0/1
Switch(config-if)# no switchport Switch(config-if)# ip address 10.0.0.1
255.255.255.0 Switch(config-if)# standby ip 10.0.0.3 Switch(config-if)#
standby 1 priority 110 Switch(config-if)# standby 1 preempt Switch(config-if)#
standby 2 ip 10.0.0.4 Switch(config-if)# standby 2 preempt Switch(config-if)#
end
Router B Configuration
Switch # configure terminal Switch(config) # interface gigabitethernet1/0/1
Switch(config-if)# no switchport Switch(config-if)# ip address 10.0.0.2
255.255.255.0 Switch(config-if)# standby ip 10.0.0.3 Switch(config-if)#
standby 1 preempt Switch(config-if)# standby 2 ip 10.0.0.4 Switch(config-if)#
standby 2 priority 110 Switch(config-if)# standby 2 preempt Switch(config-if)#
end
Redundancy Protocol Configuration Guide, Cisco Catalyst IE3x00 and IE3100 Rugged, IE3400 Heavy Duty, and ESS3300 Series Switches 48
Configuring HSRP
Configuring HSRP Authentication and Timer: Example
Configuring HSRP Authentication and Timer: Example
This example shows how to configure word as the authentication string required
to allow Hot Standby routers in group 1 to interoperate:
Switch # configure terminal Switch(config) # interface gigabitethernet1/0/1
Switch(config-if)# no switchport Switch(config-if)# standby 1 authentication
word Switch(config-if)# end
This example shows how to set the timers on standby group 1 with the time
between hello packets at 5 seconds and the time after which a router is
considered down to be 15 seconds:
Switch # configure terminal Switch(config) # interface gigabitethernet1/0/1
Switch(config-if)# no switchport Switch(config-if)# standby 1 ip Switch
(config-if)# standby 1 timers 5 15 Switch(config-if)# end
Redundancy Protocol Configuration Guide, Cisco Catalyst IE3x00 and IE3100 Rugged, IE3400 Heavy Duty, and ESS3300 Series Switches 49
Configuring HSRP Authentication and Timer: Example
Configuring HSRP
Redundancy Protocol Configuration Guide, Cisco Catalyst IE3x00 and IE3100 Rugged, IE3400 Heavy Duty, and ESS3300 Series Switches 50
3 C H A P T E R
Media Redundancy Protocol
· Information About MRP, on page 51 · MRP Modes, on page 52 · Protocol
Operation, on page 52 · Media Redundancy Automanager (MRA), on page 54 ·
License Levels, on page 55 · Multiple MRP Rings, on page 56 · MRP-STP
Interoperability, on page 56 · Prerequisites, on page 56 · Guidelines and
Limitations, on page 57 · Default Settings, on page 59 · Activating the MRP
License, on page 59 · Configuring PROFINET MRP Mode Using TIA 15 or STEP7, on
page 68 · Configuring MRP CLI Mode, on page 74 · Re-enabling PROFINET MRP, on
page 81 · Verifying Configuration, on page 82 · Configuration Example, on page
83 · Feature History, on page 86
Information About MRP
Media Redundancy Protocol (MRP), defined in International Electrotechnical
Commission (IEC) standard 62439-2, provides fast convergence in a ring network
topology for Industrial Automation networks. MRP Media Redundancy Manager
(MRM) defines its maximum recovery times for a ring in the following range: 10
ms, 30 ms, 200 ms and 500 ms.
Note The default maximum recovery time on the Cisco IE switch is 200 ms for a
ring composed of up to 50 nodes. You can configure the switch to use the 30 ms
or the 500 ms recovery time profile as described in Configuring MRP Manager.
The 10 ms recovery time profile is not supported.
MRP is supported on the following switches: · Cisco Catalyst IE3x00 Rugged
Series Switches (IE3200, IE3300, and IE3400)
Redundancy Protocol Configuration Guide, Cisco Catalyst IE3x00 and IE3100
Rugged, IE3400 Heavy Duty, and ESS3300 Series Switches 51
MRP Modes
Media Redundancy Protocol (MRP)
· Cisco Catalyst IE3400 Heavy Duty Series Switches · Cisco Catalyst IE3100
Rugged Series Switches (IE3100 and IE3105)
Note MRP is not supported on Cisco Catalyst ESS3300 Switches.
MRP operates at the MAC layer and is commonly used in conjunction with the
PROFINET standard for industrial networking in manufacturing.
MRP Modes
There are two modes of MRP supported on the switch; however, only one mode can
be enabled to operate on the switch at any given time:
· PROFINET MRP mode–Deployed in a PROFINET environment, the switch is added
and managed by Siemens Totally Integrated Automation (TIA) Framework. This is
the default MRP mode if the MRP manager or client license is activated through
the web interface or command line.
Note When managing the switch with TIA, do not use the CLI or WebUI to
configure MRP.
· MRP Command-line interface (CLI) mode–This mode is managed by the Cisco IOS
CLI and WebUI, a web-based user interface (UI).
Note When managing the switch in MRP CLI mode, you cannot download the MRP
configuration from Siemens STEP7/TIA.
Protocol Operation
In an MRP ring, the MRM serves as the ring manager, while the Media Redundancy
Clients (MRCs) act as member nodes of the ring. Each node (MRM or MRC) has a
pair of ports to participate in the ring. The MRM initiates and controls the
ring topology to react to network faults by sending control frames on one ring
port over the ring and receiving them from the ring over its other ring port,
and conversely in the other direction. An MRC reacts to received
reconfiguration frames from the MRM and can detect and signal link changes on
its ring ports. On Cisco Catalyst IE3x00 and IE3100 Rugged Series and IE3400
Heavy-Duty Switches, certain nodes or all nodes in the ring can also be
configured to start as a Media Redundancy Automanager (MRA). MRAs select one
MRM among each other by using a voting protocol and a configured priority
value. The remaining MRAs transition to the MRC role. All MRM and MRC ring
ports support the following states:
· Disabled: Ring ports drop all received frames.
Redundancy Protocol Configuration Guide, Cisco Catalyst IE3x00 and IE3100 Rugged, IE3400 Heavy Duty, and ESS3300 Series Switches 52
Media Redundancy Protocol (MRP)
Protocol Operation
· Blocked: Ring ports drop all received frames except MRP control frames and
some standard frames, for example, LLDP.
· Forwarding: Ring ports forward all received frames.
· Not Connected: The link is physically down or disconnected. (This state
differs from the Disabled state, in which the MRP Port is manually disabled
through software.)
During normal operation, the network operates in the Ring-Closed state (see
figure below). To prevent a loop, one of the MRM ring ports is blocked, while
the other port is forwarding. Most of the time, both ring ports of all MRCs
are in the forwarding state. With this loop avoidance, the physical ring
topology becomes a logical stub topology.
In the figure, note the following details about the two rings, left and right:
· Left Ring: The connection (small blue square, top) on the MRM is in a
blocked state (as shown by the two parallel lines) because no ports are
disconnected.
· Right Ring: Two MRC connections (left and center small white squares) are in
the disabled state because the link between them is broken, as marked by a red
“x”.
Figure 4: MRP Ring States
If a network failure occurs: · The network shifts into the Ring-Open state. ·
In the case of failure of a link connecting two MRCs, both ring ports of the
MRM change to the forwarding state, the MRCs adjacent to the failure have a
disabled and a forwarding ring port, and the other MRCs have both ring ports
forwarding.
Redundancy Protocol Configuration Guide, Cisco Catalyst IE3x00 and IE3100
Rugged, IE3400 Heavy Duty, and ESS3300 Series Switches 53
Media Redundancy Automanager (MRA)
Media Redundancy Protocol (MRP)
In the Ring-Open state, the network logical topology becomes a stub. Layer 2
Ethernet frames will be lost during the time required for the transition
between these two ring states. The MRP protocol defines the procedures to
automatically manage the switchover to minimize the switchover time. A
recovery time profile, composed of various parameters, drives the MRP topology
convergence performance. The 200 ms profile supports a maximum recovery time
of 200 ms. MRP uses three types of control frames:
· To monitor the ring status, MRM regularly sends test frames on both ring
ports.
· When MRM detects failure or recovery, it sends TopoChange frames on both
ring ports.
· When MRC detects failure or recovery on a local port, it sends LinkChange
subtype frames, Linkdown and Linkup, to the MRM.
Media Redundancy Automanager (MRA)
Note MRA can be activated through the CLI or through PROFINET.
If configured to start as a Media Redundancy Automanager (MRA), the node or
nodes select an MRM using a voting protocol and configured priority value. The
remaining MRAs transition to the MRC role. All nodes must be configured as MRA
or MRC. A manually configured MRM and MRA in the same ring is not supported.
The MRA role is not an operational MRP role like MRM or MRC. It is only an
administrative, temporary role at device startup, and a node must transition
to the MRM role or the MRC role after startup and the MRM is selected though
the manager voting process. MRA functions as follows: 1. At power on, all MRAs
begin the manager voting process. Each MRA begins to send MRP_Test frames
on both ring ports. The MRP_Test frame contains the MRA’s priority value. The
remote manager’s priority value contained in the received MRP_Test frames are
compared with the MRA’s own priority. If its own priority is higher than the
received priority, the MRA sends a negative test manager acknowledgement
(MRP_TestMgrNAck) frame, along with the remote manager’s MAC address.
2. If the receiving MRA receives an MRP_TestMgrNAck with its own MAC address,
the receiving MRA initiates the transition into the client (MRC) role.
3. The MRP_TestPropagate frame informs other MRA devices in the client role
about the role change and the new higher priority manager. The clients
receiving this frame update their higher priority manager information
accordingly. This ensures that clients remain in the client role if the
monitored higher priority manager role changes.
Redundancy Protocol Configuration Guide, Cisco Catalyst IE3x00 and IE3100 Rugged, IE3400 Heavy Duty, and ESS3300 Series Switches 54
Media Redundancy Protocol (MRP)
License Levels
License Levels
Note Information about the MRP feature license described below applies only to
Cisco IOS XE releases earlier than 17.7.1. Use of MRP in Cisco IOS XE 17.7.1
and later does not require a feature license, only the Network Essentials Base
license. Information below about Base Licenses and Add-On Licenses applies to
all Cisco IOS XE releases.
In Cisco IOS XE releases prior to 17.7.1, use of the MRP feature requires a
feature license. The feature license is enforced and must be authorized by
Cisco before the feature can be enabled. To use the MRP feature, you buy an
MRP feature license and Cisco installs an authorization code on your device at
the time the device is purchased, or you can install the authorization code on
your device using the license smart authorization request add
Base Licenses
· Network Essentials
· Network Advantage–Includes features available with the Network Essentials
license and more.
Add-On Licenses
Add-On Licenses require a Network Essentials or Network Advantage as a pre-
requisite. The features available with add-on license levels provide Cisco
innovations on the switch, as well as on the Cisco Digital Network
Architecture Center (Cisco DNA Center).
· DNA Essentials
· DNA Advantage– Includes features available with the DNA Essentials license
and more.
To find information about platform support and to know which license levels a
feature is available with, use Cisco Feature Navigator. To access Cisco
Feature Navigator, go to https://www.cisco.com/go/cfn. An account on cisco.com
is not required.
Feature Licenses
Feature Licenses are bound to a specific feature or set of features. Feature
licenses can be enabled regardless of Base License (Network Advantage or
Network Essential). Feature licenses are Smart Licenses as well and require a
Smart Account to be activated.
Redundancy Protocol Configuration Guide, Cisco Catalyst IE3x00 and IE3100 Rugged, IE3400 Heavy Duty, and ESS3300 Series Switches 55
Multiple MRP Rings
Media Redundancy Protocol (MRP)
Note The MRP feature license requirement is removed in Cisco IOS XE 17.7.1 and
later. The MRP feature is available as a part of Network Essentials Licensing.
In releases prior to Cisco IOS XE 17.7.1, use of MRP requires a feature
license and the following information applies only to those earlier releases.
There are 2 MRP licenses available for IE3x00:
· LIC-MRP-MGR-XE= MRP Ring Manager license. · LIC-MRP-CLIENT-XE= MRP Ring
Client license.
See Activating the MRP License, on page 59 for procedures to activate the MRP
license. For more information about Smart Licensing, see Smart Licensing Using
Policy for Cisco Enterprise Routing Platforms.
Multiple MRP Rings
In an Industrial Ethernet network, an MRP ring in a cell/area is a sub-ring of
the access layer. You can connect multiple MRP rings, which you can then
aggregate into the distribution layer.
Note The MRP feature license requirement is removed in Cisco IOS XE 17.7.1 and
later.
You can configure up to three rings, and you can configure the switch as
either automanager or client.
MRP-STP Interoperability
MRP works with Spanning Tree Protocol (STP) to prevent unwanted broadcast
loops in the event that a user accidentally connects a device that does not
participate in the MRP ring. In a network operating with MRP and STP, spanning
tree BPDUs are not sent on MRP-enabled ports. If ports are unconfigured from
an MRP ring, then the ports are added to the spanning tree. MRP-STP
interoperability is supported for both PROFINET MRP mode and MRP CLI mode, and
functions without additional CLI configuration.
Prerequisites
· Before configuring a ring, in Cisco IOS XE releases 17.6.x and earlier,
ensure that you have enabled MRP Manager/Client licenses. These can be
obtained from Smart licensing account, and by following the SL or SLR process
to activate the feature licenses.
· Use of MRP in Cisco IOS XE 17.7.1 and later is available with the Networking
Essentials license. · Because MRP is deployed in a physical Ring topology,
before configuring or unconfiguring the MRP
feature, it is advised to leave one physical connection between two nodes in
each ring open by either issuing a shut command on the connecting interfaces
or physically removing the cable to avoid any
Redundancy Protocol Configuration Guide, Cisco Catalyst IE3x00 and IE3100
Rugged, IE3400 Heavy Duty, and ESS3300 Series Switches 56
Media Redundancy Protocol (MRP)
Guidelines and Limitations
network storms. After you have properly configured all MRCs and MRMs, issue a
no shut command on the port or re-connect the cable between the nodes. · In
Cisco IOS XE releases 17.6.x and earlier, activate the MRP License before you
configure the MRP protocol. · Determine the MRP configuration on the switch:
MRA, or MRC. · When the network is managed by SIMATIC TIA or STEP7, ensure
that the basic PROFINET connection is on. · The MRP default VLAN is 1. To use
a non-default VLAN, you must configure the PROFINET VLAN ID before assigning
it to the MRP configuration.
Guidelines and Limitations
· MRP is supported on Cisco Catalyst IE3x00 and IE3100 Rugged Series and
IE3400 Heavy Duty Series Switches. MRP is not supported on ESS3300 Switches.
· In Cisco IOS XE 17.7.1 and later, the MRP feature is available as a part of
Network Essentials Licensing. In releases prior to Cisco IOS XE 17.7.1, use of
MRP requires a feature license that must be activated using the Cisco switch
CLI.
· By default, Profinet MRP mode is enabled on Cisco Catalyst IE3x00 switches.
You can configure MRP, including the MRP role, using the Cisco switch CLI only
after you disable the PROFINET MRP function using the Cisco switch CLI.
Note Profinet MRP mode is not supported by default on Cisco Catalyst IE3x00
switches. You must use the Cisco switch CLI for configuration.
When PROFINET MRP is enabled, use STEP7 and TIA to configure MRP, including
the MRP role. · To avoid Smart License registration failure, ensure that the
NTP configuration and the device clock are
in sync. · With the MRP manager license (Cisco IOS XE 17.6.x and earlier), you
can configure up to three rings
on a device (each MRP instance can be manager or client), with a manager
instance for each ring. · Support for multiple MRP rings is available only
through the CLI or WebUI. · The switch supports up to 50 MRCs per ring. · MRP
cannot run on the same interface (port) as Resilient Ethernet Protocol (REP),
Spanning Tree Protocol
(STP), Flex Links, macsec, or Dot1x. · STP does not run on MRP segments. MRP
interfaces drop all STP BPDUs. · For access ports, you must specifically
configure switchport mode access and switchport access vlan
x commands in the MRP interface.
· MRP interfaces come up in a forwarding state and remain in a forwarding
state until notified that it is safe to block. The MRP ring state changes to
Ring-Closed.
Redundancy Protocol Configuration Guide, Cisco Catalyst IE3x00 and IE3100 Rugged, IE3400 Heavy Duty, and ESS3300 Series Switches 57
Guidelines and Limitations
Media Redundancy Protocol (MRP)
· MRP ports cannot be configured as any of these port types: SPAN destination
port, Private VLAN port, or Tunnel port. Additionally, when operating in
PROFINET mode, you cannot configure MRP ports as Trunk ports.
· MRP is not supported on EtherChannels or on an individual port that belongs
to an EtherChannel.
· Each MRP ring can have one MRP VLAN. The VLAN must be different for each
ring in a device to avoid traffic flooding.
PROFINET MRP Mode Only
· PROFINET MRP mode is supported on IE3x00 Series Switches; it is not
supported on IE3100 Rugged Series Switches.
· Ensure that you configure the correct ring ID on client and manager. Ring ID
configuration is not automatically validated by the switch.
· You can configure only one MRP ring in PROFINET MRP mode.
Note The number of MRP rings displayed in the show profinet status command
output indicates the maximum number of rings allowed for configuration through
the CLI and not through PROFINET.
· In PROFINET MRP, which is managed by STEP7 and TIA, only Layer 2 access
ports are supported because PROFINET does not have the concept of VLAN
tagging.
· The 10 ms profile is not supported.
· When using PROFINET MRP mode, we recommend setting the LLDP timer to 5 ms or
10 ms to ensure PROFINET can see neighbor devices and to avoid a Siemens PLC
timeout.
· When a new pluggable module GSD file is installed in TIA/ STEP7, you must
recreate the project in TIA/Step7. The existing project, which was created
using the old GSD file, will display an error when you attempt to select the
new GSD file for the same device. This occurs because the combo ports in the
pluggable module SKUs were previously defined as fixed ports.
· You cannot change the role of any node from MRA to MRC after all nodes come
up in MRA mode, either by breaking the ring (by shutting the port or
physically removing the cable) or manually configuring the role change. If you
want an MRP ring configuration with MRA and MRCs, you need to initially
configure only one node as MRA and the rest as MRCs.
MRP CLI Mode Only
· After using the CLI to configure the MRP ring, you must attach the MRP ring
to a pair of ports that support MRP.
· Both MRP ports must have the same interface mode (access or trunk).
· To change an existing MRP ring’s configuration (mode), or to change the
interface mode of the ring ports between access and trunk, you must first
delete the ring and then recreate it with the new configuration.
· When both MRP ports are in access mode, the access VLANs should match. If
the configured MRP VLAN does not match the ports’ access VLAN, the MRP VLAN is
automatically changed to the MRP ports’ access VLAN.
Redundancy Protocol Configuration Guide, Cisco Catalyst IE3x00 and IE3100 Rugged, IE3400 Heavy Duty, and ESS3300 Series Switches 58
Media Redundancy Protocol (MRP)
Default Settings
· In an MRP ring with two access ports, if the ports do not belong to the same
access VLAN when you create the MRP ring or you change the access VLAN for
only one of the ports after the MRP ring is created, the MRP ring operation is
suspended and a message similar to the following is displayed:
ERROR% The ring 1 ports don’t belong to the same access VLAN. The MRP ring
will not function until the issue has been fixed
Resolve the issue by configuring the access VLAN to be the same for the two
ring ports. · The 200 ms standard profile, 500 ms profile, and 30 ms profile
are supported. The 10 ms profile is not
supported. · MRA can be activated through CLI and PROFINET.
Default Settings
· In Cisco IOS XE 17.6.x and earlier, MRM and MRC licenses are not installed
by default. Starting with 17.7.1 a feature license is no longer required for
MRP.
· (Cisco IOS XE 17.6.x and earlier) PROFINET MRP mode is enabled by default
when MRM or MRC licenses are enabled.
· MRP is disabled by default. · The default VLAN is 1. · Create the non-
default VLAN before you assign it to MRP ring 1.
Activating the MRP License
Note Activating the MRP license applies to Cisco IOS XE 17.6.x and earlier.
The MRP feature license requirement is removed in Cisco IOS XE 17.7.1 and
later.
The procedure to activate the MRP license depends on whether you are using
Smart Licensing in online mode or offline mode. Each mode has two scenarios:
· Online mode: · The device is connected directly to the Cisco Smart Software
Manager (CSSM). · The device is connected to the CSSM through the CSLU.
· Offine mode: · The device is not connected to the CSSM or the CSLU. · The
device is in CSLU mode and not connected to the CSSM.
Perform one of the following procedures to activate the MRP license, based on
your Smart Licensing mode.
Redundancy Protocol Configuration Guide, Cisco Catalyst IE3x00 and IE3100 Rugged, IE3400 Heavy Duty, and ESS3300 Series Switches 59
Device Directly Connected to CSSM
Media Redundancy Protocol (MRP)
Note The following procedures show examples of activating both the MRP Manager and Client licenses. When activating the MRP license on your switch, enter the commands for your license type: mrp-manager or mrp-client.
Device Directly Connected to CSSM
To activate the MRP license when the device is directly connected to the CSSM,
follow these steps.
Step 1 Step 2
Step 3 Step 4 Step 5
Step 6
Enter configuration mode:
configure terminal
Configure the transport mode:
license smart transport smart
license smart url smart
Example:
conf t (config)#license smart transport smart (config)# license smart url
smart https://smartreceiver.cisco.com/licservice/license (config)#end wr
Check the transport mode configuration:
show license all
Example:
Switch#show license all Transport:
Type: Smart URL: license smart url smart
https://smartreceiver.cisco.com/licservice/license
Establish trust with the CSSM:
license smart trust idtoken
A syslog message indicates if trust is established.
Verify that trust got established:
show license tech sup | i INSTALL
Example:
Switch#show licence tech sup | i INSTALL Reservation status: NOT INSTALLED
Local Device: P:IE-3300-8T2X,S:FCW24160H8C, state[2], Trust Data INSTALLED
Overall Trust: INSTALLED (2) Switch#
Request and install the Smart License Authorization Code (SLAC) to allow usage
of MRP licenses:
license smart authorization request add mrp_manager local
Redundancy Protocol Configuration Guide, Cisco Catalyst IE3x00 and IE3100 Rugged, IE3400 Heavy Duty, and ESS3300 Series Switches 60
Media Redundancy Protocol (MRP)
Device Connected to CSSM through CSLU
Step 7
or
license smart authorization request add mrp_client local
Example:
Switch#license smart authorization request add mrp_manager local
Switch#license smart authorization request add mrp_client local Switch#show
licence summary
License Usage:
License
Entitlement tag
Count Status
—————————————————————————–
network-advantage
(IE3400H_Network_Advantage)
1 IN USE
dna-essentials
(IE3400H_DNA_Essentials)
1 IN USE
MRP ring manager lic… (IE3x00_LIC_MRP_Manager)
0 NOT IN USE
MRP ring client lice… (IE3x00_LIC_MRP_Client)
0 NOT IN USE
Switch #
Read User Manual Online (PDF format)
Read User Manual Online (PDF format) >>