How to configure HSRP between 3560 with existing configurations?

This is my current setup. I have two 3560 switches, two production switches and an Inter-CO network. The two production switches and Inter-CO network are connected only to 3560-1, then 3560-1 is connected to 3560-2. Vlan 2 is configured in 3560-1, Vlan 3 and VLAN 8 are configured in 3560-2. I need the two 3560 switches to act as active/standby, where 3560-1 is active and 3560-2 is standby. Below are the configuration for the two switches. All help will be greatly appreciated!

3560-1#show run
Building configuration...

Current configuration : 5877 bytes
!
! No configuration change since last restart
!
version 12.2
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname 3560-1
!
enable secret 5 $1$tpYR$51qcpR.KFeOcKVrw2FplJ.
enable password 7 060506324F41584B5643
!
username eispl privilege 15 secret 5 $1$lPDf$VMV4lWZ9sH12Rxc.uRDfl0
username cisco secret 5 $1$ID82$IyMsFyAfH/4Pk.KM3VuY/0
no aaa new-model
clock timezone WST 8
system mtu routing 1500
vtp mode transparent
!
track 1 interface GigabitEthernet0/23 line-protocol
 delay down 10 up 10
!
track 2 interface GigabitEthernet0/24 line-protocol
 delay down 10 up 10
ip subnet-zero
ip routing
!
!
mls qos
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
vlan 2
 name NW1
!
vlan 3
 name NW2
!
vlan 6
 name Inter-CO
!
vlan 8
 name NW3
!
vlan 16
 name Inter-CO2
!
vlan 388
 name Uplink1
!
vlan 389
 name Uplink2
!
interface GigabitEthernet0/1
 switchport access vlan 2
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/2
 switchport access vlan 2
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/3
 switchport access vlan 3
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/4
 switchport access vlan 2
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/5
 switchport access vlan 2
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/6
 switchport access vlan 2
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/7
 switchport access vlan 2
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/8
 switchport access vlan 2
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/9
 switchport access vlan 2
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/10
 switchport access vlan 2
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/11
 switchport access vlan 2
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/12
 switchport access vlan 3
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/13
 switchport access vlan 2
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/14
 switchport trunk encapsulation dot1q
 switchport mode trunk
 duplex full
 mls qos trust cos
!
interface GigabitEthernet0/15
 switchport access vlan 8
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/16
 switchport access vlan 8
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/17
 switchport access vlan 2
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/18
 switchport access vlan 2
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/19
 switchport access vlan 3
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/20
 switchport access vlan 3
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/21
 switchport access vlan 3
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/22
 switchport access vlan 3
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/23
 switchport access vlan 388
 switchport mode access
 switchport nonegotiate
 mls qos trust cos
!
interface GigabitEthernet0/24
 switchport access vlan 389
 switchport mode access
 switchport nonegotiate
 mls qos trust cos
!
interface GigabitEthernet0/25
 switchport access vlan 6
 switchport mode access
!
interface GigabitEthernet0/26
!
interface GigabitEthernet0/27
!
interface GigabitEthernet0/28
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan2
 description NW1 LAN
 ip address 10.10.11.11 255.255.255.0 secondary
 ip address 172.31.18.1 255.255.255.224
!
interface Vlan3
 description NW2 LAN
 ip address 172.31.18.33 255.255.255.240
!
interface Vlan6
 description Inter-CO LAN
 ip address 192.168.0.1 255.255.255.252
!
interface Vlan8
 description NW3 LAN
 ip address 172.31.18.57 255.255.255.248
!
interface Vlan16
 description Inter-CO2 LAN
 ip address 192.168.1.1 255.255.255.252
!
interface Vlan388
 description Uplink1 LAN
 ip address 172.31.18.49 255.255.255.252
!
interface Vlan389
 description Uplink2 LAN
 ip address 172.31.18.53 255.255.255.252
!
ip classless
ip route 0.0.0.0 0.0.0.0 172.31.18.50 5 track 1
ip route 0.0.0.0 0.0.0.0 172.31.18.54 track 2
ip route 10.10.12.0 255.255.255.0 192.168.0.2
ip route 172.31.112.0 255.255.255.0 192.168.0.2
ip route 172.31.118.0 255.255.255.192 192.168.0.2
ip route 172.31.118.0 255.255.255.192 192.168.1.2
no ip http server
!
no cdp advertise-v2
!
control-plane
!
!
line con 0
 login local
 transport output telnet
 stopbits 1
line vty 0 4
 exec-timeout 120 0
 login local
 length 0
 transport input telnet
 transport output all
line vty 5 15
 login
!
!
monitor session 1 source interface Gi0/23 - 24
monitor session 1 destination interface Gi0/22
ntp clock-period 36029177
ntp server 10.200.2.20
ntp server 10.250.2.20
end

3560-1#

==========================


TSN-SW2>en
Password:
TSN-SW2#show run
3560-2#show running-config
Building configuration...

Current configuration : 3675 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 3560-2
!
boot-start-marker
boot-end-marker
!
enable password cisco1234
!
username cisco secret 5 $1$ubr0$P0sNgU0ymNHq5hsaIYW1J1
no aaa new-model
system mtu routing 1500
ip subnet-zero
!
!
!
mls qos
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
interface GigabitEthernet0/1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 duplex full
 mls qos trust dscp
!
interface GigabitEthernet0/2
 switchport access vlan 2
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/3
 switchport access vlan 2
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/4
 switchport access vlan 2
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/5
 switchport access vlan 2
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/6
 switchport access vlan 2
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/7
 switchport access vlan 2
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/8
 switchport access vlan 2
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/9
 switchport access vlan 2
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/10
 description TBDevice2
 switchport access vlan 2
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/11
!
interface GigabitEthernet0/12
!
interface GigabitEthernet0/13
 switchport access vlan 2
 switchport mode access
 mls qos trust dscp
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/14
 switchport access vlan 8
 switchport mode access
 mls qos trust dscp
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/15
 switchport access vlan 3
 switchport mode access
 mls qos trust dscp
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/16
 switchport access vlan 2
 switchport mode access
 mls qos trust dscp
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/17
 switchport access vlan 2
 switchport mode access
 mls qos trust dscp
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/18
!
interface GigabitEthernet0/19
!
interface GigabitEthernet0/20
!
interface GigabitEthernet0/21
!
interface GigabitEthernet0/22
!
interface GigabitEthernet0/23
 switchport access vlan 3
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/24
 switchport access vlan 2
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/25
!
interface GigabitEthernet0/26
!
interface GigabitEthernet0/27
!
interface GigabitEthernet0/28
!
interface Vlan1
 no ip address
!
interface Vlan2
 ip address 172.31.18.15 255.255.255.224
!
interface Vlan3
 no ip address
!
interface Vlan8
 description NW3 LAN
 no ip address
!
ip classless
ip http server
!
!
!
!
control-plane
!
!
line con 0
line vty 0 4
 password cisco1234
 login
line vty 5 15
 login
!
!
monitor session 1 source interface Gi0/1 , Gi0/15
monitor session 1 destination interface Gi0/23
end

3560-2#
kulcatzAsked:
Who is Participating?
 
Joey YungSenior Network EngineerCommented:
FYR:

3560-1:

interface Vlan2
 ip address 172.31.18.11 255.255.255.224
 standby 2 ip 172.31.18.1
 standby 2 priority 200
 standby 2 preempt
!
interface Vlan3
 ip address 172.31.18.41 255.255.255.240
 standby 3 ip 172.31.18.33
 standby 3 priority 200
 standby 3 preempt
!
interface Vlan8
 ip address 172.31.18.61 255.255.255.248
 standby 8 ip 172.31.18.57
 standby 8 priority 200
 standby 8 preempt



3560-2:

interface Vlan2
 ip address 172.31.18.12 255.255.255.224
 standby 2 ip 172.31.18.1
!
interface Vlan3
 ip address 172.31.18.42 255.255.255.240
 standby 3 ip 172.31.18.33
!
interface Vlan8
 ip address 172.31.18.62 255.255.255.248
 standby 8 ip 172.31.18.57
0
 
kulcatzAuthor Commented:
Hi Joey,

Thank you for the response. However, I forgot to add that I have an IP range of 172.31.18.0/26 currently being used by both switches which cannot be changed as it requires changing the configuration of other switches.

1. 172.31.18.0/27 with one spare IP for VLAN 2
2. 172.31.18.32/28 with two spare IPs for VLAN 3
3. 172.31.18.48/30 with no spare IP for VLAN 388
4. 172.31.18.52/30 with no spare IP for VLAN 389
5. 172.31.18.56/29 with no spare IP for VLAN 8

Is it still possible to configure HSRP between the two switches so that one acts as an Active and the other as standby?
0
 
Joey YungSenior Network EngineerCommented:
A bit confuse for your question... you are concerning about not enough IP issue, right?

The above configuration provided by using HSRP technology, it is required at least 3 IP addresses to make it work. one for switchA vlan interface, one for switchB vlan interface and one for virtual IP share with SwitchA and SwitchB

For IP address shortage case, you might consider to use VRRP technology instead, it is required at least 2 IP addresses to make it work, one for switchA vlan interface, one for switchB vlan interface and the virtual IP can be same as the SwitchA vlan interface IP
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.