How to configure HSRP on Cisco – Basic to Advanced

HSRP (Hot Standby Router Protocol) is one of the most popular First Hop Redundancy Protocols (FHRP) made by Cisco. It is Cisco proprietary protocol. The FHRP allows a router on a LAN segment to automatically take over if other fails. Today, in this lesson, we will learn to configure HSRP on Cisco IOS.

We will be following below network topology to implement our HSRP.

Advertisements

Basic HSRP configuration:

HSRP configuration on Cisco from Basic to Advanced

First of all, let’s configure IP addresses on WAN interfaces. In this case, interface gigabitEthernet 0/0 is the WAN interface for both of the routers.

RTR-01#configure terminal 
Enter configuration commands, one per line.  End with CNTL/Z.
RTR-01(config)#
RTR-01(config)#interface gigabitEthernet 0/0
RTR-01(config-if)#ip address 103.21.40.2 255.255.255.252
RTR-01(config-if)#no shutdown  
RTR-01(config-if)#exit
RTR-01(config)#
RTR-02#configure terminal 
Enter configuration commands, one per line.  End with CNTL/Z.
RTR-02(config)#
RTR-02(config)#interface gigabitEthernet 0/0
RTR-02(config-if)#ip add 59.152.100.2 255.255.255.252
RTR-02(config-if)#no shutdown 
RTR-02(config-if)#exit
RTR-02(config)#

Before configuring the LAN interfaces, make sure you have minimum /29 IP address block.

Here is the ip addressing on LAN interfaces.

RTR-01(config)#interface gigabitEthernet 0/1
RTR-01(config-if)#ip address 10.1.1.2 255.255.255.248
RTR-01(config-if)#no shutdown
RTR-02(config)#interface gigabitEthernet 0/1
RTR-02(config-if)#ip add 10.1.1.3 255.255.255.248
RTR-02(config-if)#no shutdown

In the final configuration section, we need to specify the virtual IP address and its priority. We need to configure this on LAN interfaces.

Advertisements
RTR-01(config)#interface gigabitEthernet 0/1
RTR-01(config-if)#standby 1 ip 10.1.1.1
RTR-01(config-if)#standby 1 priority 150
RTR-01(config-if)#
RTR-02(config)#interface gigabitEthernet 0/1
RTR-02(config-if)#standby 1 ip 10.1.1.1
RTR-02(config-if)#standby 1 priority 110
RTR-02(config-if)#

We can verify our configuration by using show standby command.

RTR-01#show standby 
GigabitEthernet0/1 - Group 1
  State is Active
    2 state changes, last state change 00:02:42
  Virtual IP address is 10.1.1.1
  Active virtual MAC address is 0000.0c07.ac01
    Local virtual MAC address is 0000.0c07.ac01 (v1 default)
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 0.656 secs
  Preemption disabled
  Active router is local
  Standby router is 10.1.1.3, priority 110 (expires in 11.440 sec)
  Priority 150 (configured 150)
  Group name is "hsrp-Gi0/1-1" (default)
RTR-01#
RTR-02#show standby 
GigabitEthernet0/1 - Group 1
  State is Standby
    1 state change, last state change 00:00:48
  Virtual IP address is 10.1.1.1
  Active virtual MAC address is 0000.0c07.ac01
    Local virtual MAC address is 0000.0c07.ac01 (v1 default)
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 1.056 secs
  Preemption disabled
  Active router is 10.1.1.2, priority 150 (expires in 8.928 sec)
  Standby router is local
  Priority 110 (configured 110)
  Group name is "hsrp-Gi0/1-1" (default)
RTR-02#

Let’s trace from our user PC.

C:\>tracert -d 8.8.8.8

Tracing route to 8.8.8.8 over a maximum of 30 hops

  1   123 ms     1 ms     1 ms  10.1.1.2
  2   227 ms     1 ms     1 ms  103.21.40.1
  3     1 ms     1 ms     3 ms  ***********
  4     3 ms     4 ms     6 ms  ***********
  5     3 ms     3 ms     2 ms  8.8.8.8

Failover Test

To test the traffic shifting, we need to shutdown gigabitEthernet 0/1 interface in RTR-01. And then trace again.

C:\>tracert -d 8.8.8.8

Tracing route to 8.8.8.8 over a maximum of 30 hops

  1   165 ms     1 ms     1 ms  10.1.1.3
  2   227 ms     2 ms     1 ms  59.152.100.1
  3     1 ms    <1 ms     5 ms  ***********
  4     2 ms     2 ms     2 ms  ***********
  5     3 ms     2 ms     3 ms  8.8.8.8

In RTR-02, show standby command also shows HSRP status change –

RTR-02#show standby
GigabitEthernet0/1 - Group 1
  State is Active
    2 state changes, last state change 00:02:10
  Virtual IP address is 10.1.1.1
  Active virtual MAC address is 0000.0c07.ac01
    Local virtual MAC address is 0000.0c07.ac01 (v1 default)
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 0.672 secs
  Preemption disabled
  Active router is local
  Standby router is unknown
  Priority 150 (configured 150)
  Group name is "hsrp-Gi0/1-1" (default)
RTR-02#

So, this is the basic configuration. Let’s move to advance.

Advertisements

Advanced Configuration

In this section, we will be adding some optional configuration, which will make our HSRP more functional.

HSRP Preempt:

If you want to make a router always active whenever it is UP and Functional, you need to enable preemption mechanism.

RTR-01(config)#interface gigabitEthernet 0/1
RTR-01(config-if)#standby 1 preempt 
RTR-01(config-if)#exit
RTR-01(config)#
RTR-02(config)#interface gigabitEthernet 0/1
RTR-02(config-if)#standby 1 preempt 
RTR-02(config-if)#exit
RTR-02(config)#

If you want to wait some time before preempting, you can do that by following command-

RTR-01(config-if)#standby 1 preempt delay minimum 60

RTR-02(config-if)#standby 1 preempt delay minimum 60
RTR-01#show standby 
GigabitEthernet0/1 - Group 1
  State is Init (interface down)
    3 state changes, last state change 02:50:43
  Virtual IP address is 10.1.1.1
  Active virtual MAC address is unknown
    Local virtual MAC address is 0000.0c07.ac01 (v1 default)
  Hello time 3 sec, hold time 10 sec
  Preemption enabled
  Active router is unknown
  Standby router is unknown
  Priority 250 (configured 250)
  Group name is "hsrp-Gi0/1-1" (default)
RTR-01#

Standby Track Configuration:

If you you want to switch traffic to the second router (RTR-02) whenever WAN interface (gig-0/0) of Active router is down, you need to track it. It’s only need to configure on first router (RTR-01).

RTR-01#configure terminal 
RTR-01(config)#track 1 interface gigabitEthernet 0/0 ip routing 
RTR-01(config-track)#exit
RTR-01(config)#

Here we have created a track named “1” to track gigabitEthernet 0/0 interface.

RTR-01(config)#interface gigabitEthernet 0/1 
RTR-01(config-if)#standby 1 track 1 decrement 100
RTR-01(config-if)#exit
RTR-01(config)#

Whenever the link is down, the priority will be 50 (150-100=50), because we already set our priority for RTR-01 is 150.

RTR-01#show standby
GigabitEthernet0/1 - Group 1
  State is Init (interface down)
    3 state changes, last state change 03:27:46
  Virtual IP address is 10.1.1.1
  Active virtual MAC address is unknown
    Local virtual MAC address is 0000.0c07.ac01 (v1 default)
  Hello time 3 sec, hold time 10 sec
  Preemption enabled, delay min 60 secs
  Active router is unknown
  Standby router is unknown
  Priority 150 (configured 150)
    Track object 1 state Up decrement 100
  Group name is "hsrp-Gi0/1-1" (default)
RTR-01#

Load-Balancing with HSRP:

To do the load balancing, we need to configure two HSRP groups (number of groups equals the number of routers). Here, for group 1, RTR-01 is active due to higher priority. And, for group 2, RTR-02 is the active, which has the higher priority.

RTR-01#configure terminal
RTR-01(config)#interface gigabitEthernet 0/1 
RTR-01(config-if)#ip address 10.1.1.2 255.255.255.0
RTR-01(config-if)#standby 1 ip 10.1.1.1
RTR-01(config-if)#standby 1 priority 150
RTR-01(config-if)#standby 1 preempt
RTR-01(config-if)#standby 2 ip 10.1.1.4
RTR-01(config-if)#standby 2 priority 110
RTR-01(config-if)#standby 2 preempt
RTR-01(config-if)#exit
RTR-01(config)#exit
RTR-01#
RTR-02#configure terminal
RTR-02(config)#interface gigabitEthernet 0/1 
RTR-02(config-if)#ip address 10.1.1.3 255.255.255.0
RTR-02(config-if)#standby 1 ip 10.1.1.1
RTR-02(config-if)#standby 1 priority 110
RTR-02(config-if)#standby 1 preempt
RTR-02(config-if)#standby 2 ip 10.1.1.4
RTR-02(config-if)#standby 2 priority 150
RTR-02(config-if)#standby 2 preempt
RTR-02(config-if)#exit
RTR-02(config)#exit
RTR-02#

We can use “show standby” command to verify.

RTR-01#show standby 
GigabitEthernet0/1 - Group 1
  State is Active
    4 state changes, last state change 00:00:24
  Virtual IP address is 10.1.1.1
  Active virtual MAC address is 0000.0c07.ac01
    Local virtual MAC address is 0000.0c07.ac01 (v1 default)
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 0.080 secs
  Preemption enabled
  Active router is local
  Standby router is 10.1.1.3, priority 110 (expires in 11.808 sec)
  Priority 150 (configured 150)
  Group name is "hsrp-Gi0/1-1" (default)
GigabitEthernet0/1 - Group 2
  State is Standby
    1 state change, last state change 00:00:16
  Virtual IP address is 10.1.1.4
  Active virtual MAC address is 0000.0c07.ac02
    Local virtual MAC address is 0000.0c07.ac02 (v1 default)
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 2.080 secs
  Preemption enabled
  Active router is 10.1.1.3, priority 150 (expires in 11.360 sec)
  Standby router is local
  Priority 110 (configured 110)
  Group name is "hsrp-Gi0/1-2" (default)
RTR-01#

HSRP Timers

If you want to lower down the shifting time, then you need to modify the timer. By default, it will be shifted after 10s.

RTR-01#show standby 
GigabitEthernet0/1 - Group 1
  State is Active
    1 state change, last state change 00:01:18
  Virtual IP address is 10.1.1.1
  Active virtual MAC address is 0000.0c07.ac01
    Local virtual MAC address is 0000.0c07.ac01 (v1 default)
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 1.088 secs
  Preemption enabled
  Active router is local
  Standby router is 10.1.1.3, priority 110 (expires in 9.248 sec)
  Priority 150 (configured 150)
  Group name is "hsrp-Gi0/1-1" (default)
RTR-01#

So, let’s change it –

RTR-01(config)#interface gigabitEthernet 0/1 
RTR-01(config-if)#standby 1 timers 1 3
RTR-01(config-if)#end
RTR-01#

We can verify it –

RTR-01#show standby 
GigabitEthernet0/1 - Group 1
  State is Active
    1 state change, last state change 00:04:07
  Virtual IP address is 10.1.1.1
  Active virtual MAC address is 0000.0c07.ac01
    Local virtual MAC address is 0000.0c07.ac01 (v1 default)
  Hello time 1 sec, hold time 3 sec
    Next hello sent in 0.368 secs
  Preemption enabled
  Active router is local
  Standby router is 10.1.1.3, priority 110 (expires in 3.120 sec)
  Priority 150 (configured 150)
  Group name is "hsrp-Gi0/1-1" (default)
RTR-01#

HSRP Authentication:

If we want add authentication, then you need to do the following –

Plain text –

RTR-02#configure terminal
RTR-02(config)#interface gigabitEthernet 0/1
RTR-01(config-if)#standby 1 authentication cisco
RTR-01(config-if)#

RTR-02#configure terminal
RTR-02(config)#interface gigabitEthernet 0/1
RTR-02(config-if)#standby 1 authentication cisco
RTR-02(config-if)#

MD5 –

RTR-02#configure terminal
RTR-02(config)#interface gigabitEthernet 0/1
RTR-01(config-if)#standby 1 authentication md5 key-string cisco
RTR-01(config-if)#

RTR-02#configure terminal
RTR-02(config)#interface gigabitEthernet 0/1
RTR-02(config-if)#standby 1 authentication md5 key-string cisco
RTR-02(config-if)#

“Show standby” is the command to verify it.

RTR-01#show standby 
GigabitEthernet0/1 - Group 1
  State is Active
    1 state change, last state change 00:19:46
  Virtual IP address is 10.1.1.1
  Active virtual MAC address is 0000.0c07.ac01
    Local virtual MAC address is 0000.0c07.ac01 (v1 default)
  Hello time 1 sec, hold time 3 sec
    Next hello sent in 0.752 secs
  Authentication MD5, key-string
  Preemption enabled
  Active router is local
  Standby router is 10.1.1.3, priority 110 (expires in 2.432 sec)
  Priority 150 (configured 150)
  Group name is "hsrp-Gi0/1-1" (default)
RTR-01#

Troubleshooting

If there is any issue, then following commands will help to identify them.

  • 1. debug standby errors
  • 2. debug standby events
  • 3. debug standby packets
  • 4. debug standby terse

You can read more details about HSRP from Cisco documentation.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top