1

Redundancy is the name of the game when it comes to uptime in the computer networking
field. We as networking professionals spend time tracking down our single points of failure
and eliminating them one by one. However, one place we typically see a lack of redundancy
is in Internet connectivity. Many times a business only has a single Internet circuit connected
to a single router which makes setup and configuration a breeze but offers no redundancy.
When moving to two diverse circuits with two redundant routers the configuration can get a
little tricky. One of the first challenges you have to tackle is how do you handle the default
route for your network and how do you move that default route from your primary router to
your backup router in the case of a network or router outage? Well good news, we’ve done
the research for you and provided the step-by-step Hot Standby Router Protocol or HSRP
configuration below.

Requirements:

2x ISR or ASR routers. I used two ASRs, so the config may vary slightly if you use an ISR.
Two diverse internet connections running a BGP failover setup between them.

The Setup:

Configuration:

I always find it helpful when the full configuration is given at the beginning of an article and
is then broken down into chunks. So here the complete and final configuration:

Router 1:

interface GigabitEthernet0/0/1
description Corp Facing Interface
ip address 192.168.1.3 255.255.255.0
standby 1 ip 192.168.1.2
standby 1 priority 105
standby 1 track 1 decrement 10

interface GigabitEthernet0/0/0
description Carrier Facing Interface
ip address 10.1.0.2 255.255.255.252
2

track 1 ip sla 1 reachability

down delay 21

ip sla 1
icmp-echo 172.16.0.1 source-interface GigabitEthernet0/0/0
frequency 5

ip sla schedule 1 life forever start-time now

Router 2:

interface GigabitEthernet0/0/1
description Corp Facing Interface
ip address 192.168.1.4 255.255.255.0
standby 1 ip 192.168.1.2
standby 1 priority 101

Now let’s break everything down part by part:

Router 1 Step-by-step:

The initial interface configuration on the corp facing interface is fairly standard fair. You will
want to assign an IP address to the interface so the primary and backup routers can chat to
each other and so you have an interface to use for management, this is not the IP address you
should use as your default route. The IP address you assign should be on the same network as
the IP you plan on using for your default route and the same network as your outside interface
on your firewall.

interface GigabitEthernet0/0/1
description Corp Facing Interface
ip address 192.168.1.3 255.255.255.0
standby 1 ip 192.168.1.2
standby 1 priority 105
standby 1 track 1 decrement 10

Next we assign the IP address we want used as our default gateway using the standby
command. This “standby” IP is the address that can swap between the two routers in the event
of an outage. The number 1 listed right after the standby command is the standby group
number with which we will assign all additional configurations that relate to this specific
HSRP instance.
3

interface GigabitEthernet0/0/1
description Corp Facing Interface
ip address 192.168.1.3 255.255.255.0
standby 1 ip 192.168.1.2
standby 1 priority 105
standby 1 track 1 decrement 10

The priority command determines which router should currently have the standby address and
thus the default route IP. The router with the highest number will be the device that currently
holds the standby IP.

interface GigabitEthernet0/0/1
description Corp Facing Interface
ip address 192.168.1.3 255.255.255.0
standby 1 ip 192.168.1.2
standby 1 priority 105
standby 1 track 1 decrement 10

Now for the good stuff. We need a way for HSRP to determine whether or not connection to
the internet is down or not. We start this process by specifying a track that will determine if
the connection is up for not, more on this later. We will be using track 1 in this case and in the
case of the track dependency failing we will decrement the priority by 10. By decrementing
the priority by 10 from 105 to 95 the primary router will have a lower priority than the
secondary and the standby IP address will switch over to the secondary and along with it the
default Internet route of the corp firewall.

interface GigabitEthernet0/0/1
description Corp Facing Interface
ip address 192.168.1.3 255.255.255.0
standby 1 ip 192.168.1.2
standby 1 priority 105
standby 1 track 1 decrement 10

We will assign sla 1 to track 1 with the command reachability. Reachability is used to
determine the ability of the router to reach its remote destination. We also set the down delay
to 21 so that if the sla reports to the track that there is an issue to wait 21 seconds before
reacting. This can avoid missing a few random pings and having your standby IP address
over-actively switching between routers.

track 1 ip sla 1 reachability

down delay 21

 
4

The sla configuration itself fairly straight forward. First we specify what we want the sla to
do. In this case I want the sla to ping the first offsite (or first next hop) router of my carrier. I
ping the first offsite router of my carrier for a couple of reasons. If you ping the on-prem
carrier router it will not account for network failures further up the chain to the Internet
because your sla will still be able to reach its destination. Now you could ping further down
the chain to your carriers head-end  (and it might not be a bad idea depending on link
reliability) but you risk missing pings and causing a false positive and triggering the standby
IP to switch to the secondary switch. Next we set the frequency of the ping to 5 seconds, this
number is up to you, but I didn’t see the need to ping more than every 5 seconds.

ip sla 1
icmp-echo 172.16.0.1 source-interface GigabitEthernet0/0/0
frequency 5

The final configuration step on Router 1 is to start the sla immediately and running it forever.

ip sla schedule 1 life forever start-time now

Router 2 Step-by-step:

The initial setup for the corp facing interface is similar to the primary router in that we setup
an ip address used for the primary to communicate to the secondary and for management
purposes.

interface GigabitEthernet0/0/1
description Corp Facing Interface
ip address 192.168.1.4 255.255.255.0
standby 1 ip 192.168.1.2
standby 1 priority 101

We will continue to use the standby group number 1 and assign the same standby IP address
to this interface as we did for Router 1.

interface GigabitEthernet0/0/1
description Corp Facing Interface
ip address 192.168.1.4 255.255.255.0
standby 1 ip 192.168.1.2
standby 1 priority 101

We will set the priority of this router to a number lower than Router 1. You can set this
number to whatever you want, just make sure that you keep it below Router 1’s priority yet
5

above its decremented value. So in this example, you could use any number between 96 and
104.

interface GigabitEthernet0/0/1
description Corp Facing Interface
ip address 192.168.1.4 255.255.255.0
standby 1 ip 192.168.1.2
standby 1 priority 101

Final Thoughts and Notes:

In the event of a failure the standby router will pick up the standby IP and MAC address used
as your networks default route and allow you to route data down your secondary circuit.
Whenever the priority of the primary router is restored to its original state (higher than the
secondary) the secondary will switch the standby IP address back over to the primary, after
the 21 second delay timer we set of course.

The secondary router is constantly monitoring the availability of the primary so in the event of
a complete primary router failure such as as power loss, software crash, etc., the secondary
will take over the standby IP address.