- π Project Overview
- π― Project Objective
- π Network Topology
- π§ Device Interface Table
- π IP Addressing Table
- π§ Lab Steps
- π» Device Configuration
- β Verification Commands
- β‘ How to Run Lab
- π Folder Structure
- 𧱠Lab Limitations
- π Learning Outcomes
- π‘ Repository Info
This lab demonstrates a redundant, segmented enterprise network integrating HSRP (Hot Standby Router Protocol), Layer 3 switching, and NAT-enabled Internet access.
The design ensures:
- High availability via dual routers using HSRP
- Secure VLAN segmentation
- Reliable Internet access through PAT
- Wireless connectivity for multiple clients
The key goals of this project:
- Configure Inter-VLAN routing on SW-1 (L3 switch).
- Deploy HSRP between R1 (Active) and R2 (Standby) for gateway redundancy.
- Set up PAT (Port Address Translation) for Internet access.
- Segment LAN with VLANs for Data, Voice, and Management.
- Validate wireless client connectivity via DHCP and ping to 8.8.8.8.
πΈ Network Topology Diagram
/topology/topology_overview_drawio.png
A simplified overview of the design:
- Edge Routers: R1 (Active) and R2 (Standby) connected to ISPs
- Core Layer: SW-1 providing Inter-VLAN routing
- Access Layer: SW-2 and Wireless Routers/APs for clients
- Clients: 15 wireless laptops (VLAN 10)
| Device | Interface | Connection | Description |
|---|---|---|---|
| R1 | G0/0/0 | ISP-R1 | NAT Outside |
| R1 | G0/0/1 | SW-1 F0/5 | HSRP/NAT Inside (VLAN 99) |
| R2 | G0/0/0 | ISP-R2 | NAT Outside |
| R2 | G0/0/1 | SW-1 F0/6 | HSRP/NAT Inside (VLAN 99) |
| SW-1 | G0/1 | SW-2 G0/1 | 802.1Q Trunk |
| SW-1 | VLAN 10 | SVI | Data Gateway (192.168.10.1) |
| SW-1 | VLAN 99 | SVI | Management Gateway (192.168.99.1) |
| Network / Component | Subnet / Address | Gateway / Purpose |
|---|---|---|
| Data Network | 192.168.10.0 /24 | SW-1 VLAN 10 (192.168.10.1) |
| Voice Network | 192.168.20.0 /24 | SW-1 VLAN 20 (192.168.20.1) |
| Management Network | 192.168.99.0 /24 | SW-1 VLAN 99 (192.168.99.1) |
| HSRP Virtual IP | 192.168.99.254 | Default Gateway for LAN |
| R1 Public Subnet | 203.0.113.0 /30 | ISP-R1 Link |
| R2 Public Subnet | 198.51.100.0 /30 | ISP-R2 Link |
| VLAN ID | Name | Network | Mask | Gateway | Purpose |
|---|---|---|---|---|---|
| 10 | DATA | 192.168.10.0 | 255.255.255.0 | 192.168.10.1 | End-user and Wireless Clients |
| 20 | VOICE | 192.168.20.0 | 255.255.255.0 | 192.168.20.1 | VoIP Traffic |
| 99 | MANAGEMENT | 192.168.99.0 | 255.255.255.0 | 192.168.99.1 | Network Management + HSRP |
-
VLAN & Trunk Setup
Created VLANs 10, 20, 99 on both switches. Configured G0/1 as 802.1Q trunk between SW-1 and SW-2. -
Inter-VLAN Routing
Configured SVIs on SW-1 for VLANs 10, 20, 99 to provide gateway functionality. -
DHCP Configuration
DHCP pools created for VLAN 10 (Data) and VLAN 20 (Voice). -
HSRP Setup
Configured R1 as Active (priority 110) and R2 as Standby (priority 100).
Virtual IP:192.168.99.254. -
NAT Configuration
Defined inside (G0/0/1) and outside (G0/0/0) interfaces on both routers.
Applied PAT using an ACL for VLAN subnets. -
Routing Setup
Default route on SW-1 β192.168.99.254.
Static routes on ISPs for return traffic. -
Wireless Integration
Wireless Routers connected via VLAN 10 access ports.
Verified laptop DHCP and Internet access.
π All configurations are available in the configs/ folder.
! --- 1. External (ISP) Configuration ---
interface GigabitEthernet0/0/0
description ** Link to ISP Router 1 **
ip address 203.0.113.2 255.255.255.252
no shutdown
ip nat outside
View Full Configuration File β
! --- 1. External (ISP) Configuration ---
interface GigabitEthernet0/0/0
description ** Link to ISP Router 2 **
ip address 198.51.100.2 255.255.255.252
no shutdown
ip nat outside
View Full Configuration File β
! --- Interface to R1 ---
interface GigabitEthernet0/1
ip address 203.0.113.1 255.255.255.252
no shutdown
View Full Configuration File β
! --- Interface to R2 ---
interface GigabitEthernet0/1
ip address 198.51.100.1 255.255.255.252
no shutdown
View Full Configuration File β
! --- 2. Configure SVIs (Default Gateways) ---
ip routing ! Activates Layer 3 routing
interface Vlan10
description ** Default Gateway for DATA VLAN **
ip address 192.168.10.1 255.255.255.0
no shutdown
View Full Configuration File β
! --- 2. Configure Inter-Switch Trunk Link (SW2 G0/2 to SW1 G0/2) ---
! This connects SW-2 to the Core Switch SW-1
interface GigabitEthernet0/2
description ** TRUNK to SW-1 **
switchport mode trunk
switchport trunk allowed vlan 10,20,99
no shutdown
View Full Configuration File β
| Device | IP Address | Subnet Mask | Default Gateway |
|---|---|---|---|
| Printer-P1 | 192.168.20.11 | 255.255.255.0 | 192.168.20.1 |
| Printer-P2 | 192.168.20.12 | 255.255.255.0 | 192.168.20.1 |
View Full Configuration File β
-
All end-user devices: DHCP enabled
-
Wireless routers: VLAN 10 access ports with WPA2-PSK
-
Verified Internet connectivity and HSRP failover behavior
** Network Topology
Section 1: Core Infrastructure and Redundancy
- VLAN and Trunking Verification of Switch 1 (Core Switch) and Switch 2 (Access Switch)
show vlan brief
show interfaces trunk
- HSRP Status (Active and Standby) on Edge Router 1 and Edge Router R2
show standby brief
- HSRP Failover
- HSRP Revert
Section 2: Internal DHCP and Interal-VLAN Routing
- DHCP Assignment - on Laptop
ipconfig /all
- Inter-VLAN Routing - Ping from a Laptop to Printer
ping 192.168.20.11
- **Trunking VLAN Bridge - Ping from SW1 PC to SW2 PC
ping 192.168.10.12
- Switch 1 Routing Check
show ip route
**Section 3: NAT and External Connectivity
- NAT Translation on Edge Router 1 (R1)
ping 8.8.8.8
Ping 8.8.8.8 from any internal PC. Immediately run show ip nat translations on R1.
- External Connectivity (End-to-End) From any Laptop
ping 8.8.8.8
- Edge Router (R1) Routing Table
show ip route
-
Open Topology: Launch the .pkt file in Cisco Packet Tracer.
-
Load Configs: Paste .txt configurations into device CLIs.
-
Run Tests: Execute commands from VERIFICATION.md.
-
Review Screenshots: Compare your results with those in /screenshots/
hsrp-dual-path-redundancy/ βββ configs/ β βββ router-config/ β β βββ r1.cfg β β βββ r2.cfg β β βββ r3.cfg β β βββ isp-r1.cfg β β βββ isp-r2.cfg β βββ switch-config/ β β βββ sw1.cfg β β βββ sw2.cfg β βββ printer-config/ β βββ printer.txt β βββ drwaio/ β βββ hsrp-dual-path-redundancy.drawio β βββ lab-file/ β βββ hsrp-dual-path-redundancy.pkt β βββ topology/ β βββ topology_overview.png β βββ topology_overview_drawio.png β βββ screenshots/ β βββ V1.1-SW1_VLAN_Trunk.png β βββ V1.1-SW2_VLAN_Trunk.png β βββ V1.2-R1_HSRP_Active.png β βββ V1.2-R2_HSRP_Standby.png β βββ V1.3-R2_HSRP_Failover.png β βββ V1.4-R1_HSRN_Preempt.png β βββ V2.1-DHCP_Laptop_V10.png β βββ V2.2-InterVLAN_Ping.png β βββ V2.3-Trunk_Connectivity.pV1ng β βββ V2.4-SW1_DefaultRoute.png β βββ V3.1-R1_NAT_Translation.png β βββ V3.2-Laptop_Internet_Ping.png β βββ V3.3-R1_Routing_Table.png β βββ README.md βββ verification.md
-
ISP ICMP Limitation: The ICMP echo reply from 8.8.8.8 results in a Request Timed Out (.....) due to a know simulator bug. THe external path is confirmed funcional by successful NAT translation entries (v3.1), but the return path for the ICMP packet is dropped by the simulated ISP environment.
-
Wireless VLAN Limitation: Packet Tracer wireless routers lack VLAN tagging support, limiting separation between VLAN 10 and 99.
-
Configured and validated HSRP for gateway redundancy.
-
Implemented PAT and ACLs for secure outbound traffic.
-
Applied Layer 3 switching and static routing to a virtual IP.
-
Strengthened skills in redundancy design and network troubleshooting.
-
Repository Name: hsrp-based-dual-path-edge-redundancy-and-segmented-access
-
Platform: Cisco Packet Tracer (Recommended: Latest Version)
-
Author: Mohamed Asmy
-
Focus Areas: Redundancy β’ VLANs β’ NAT β’ Inter-VLAN Routing β’ High Availability