HSRP Introduction

Hot Standby Router Protocol (HSRP) provides redundancy for IP networks, ensuring that user traffic
immediately and transparently recovers from first hop router failures. HSRP allows multiple routers on a
single LAN to share a virtual IP and MAC address which is configured as the default gateway on the
hosts. From the group of routers configured in an HSRP group, there is one router elected as the active
router and another as a standby router. The active router assumes the role of forwarding packets sent to
the virtual IP address. If the active router fails, the standby router takes over as the new active router.

HSRP Configuration Overview:

1) Decide a virtual address to use for the HSRP address. This address must be in the same subnet that is
assigned to the LAN interface where you want to run HSRP.This address is also referred to as the
standby IP address. Each router in this group must define with the same virtual IP address using
thestandby [group-number] ip [Virtual ip-address] command.
The standby group number= The default is 0. The group number range is from 0 to 255 for HSRP version
1 and from 0 to 4095 for HSRP version 2.
If you are configuring HSRP on VLAN trunks, each VLAN or Ethernet sub interface must be in a different
standby group.
2) Decide which router is to be the primary router. This can be accomplished with the standby [group-
number] priority [priority] commands.
Priority=this range is from 1 to 255, where 1 denotes the lowest priority and 255 denotes the highest
priority. The default priority value is 100. The router in the HSRP group with the highest priority value
becomes the active router.

3) Optionally you can also enable preemption on the router using below command
Standby [group-number] preempt delay{ minimum = Delay at least this long
Reload = Delay after reload
Sync = Wait for IP redundancy clients}
HSRP-enabled router with preempt configured attempts to assume control as the primary router when its
priority is higher than the current active router. The standby preempt command is needed in situations
when you want an occurring state change of a tracked interface to cause a standby router to take over
from the active router. For example, an active router tracks another interface and decrements its priority
when that interface goes down. The standby router priority is now higher and it sees the state change in
the hello packet priority field. If preempt is not configured, it cannot take over and failover does not occur.

4) Configure tracking, authentication, and timers on the primary router using the following commands:

A) Tracking: Optionally you can also enable tracking on the router using below command:
standby group_number track interface_name [cost]
When HSRP tracks an interface and the state of a tracked interface changes to down, the primary router
decrements its priority. The standby router reads this value from the hello packet priority field, and
becomes primary if this value is lower than its own priority and the standby preempt command is
configured. You can configure by how much the router must decrement the priority. By default, it
decrements its priority by 10
B) HSRP Authentication: The below command establishes authentication messages to be included in
the HSRP multicast. This ensures that only authorized routers can become part of the HSRP group. The
string must match all routers in the HSRP group.
standby [group-number] authentication { WORD=Plain text authentication string
md5=Use MD5 authentication
text=Plain text authentication}
C) HSRP timers: you can configure the time between hello packets and the time before other routers
declare the active Hot Standby or standby router to be down using following command:
standby [group-number] timers [msec] hellotime [msec] holdtime
The default hello interval is 3 seconds and hold time is 10 seconds. If the msec option is specified, hello
interval is in milliseconds.

Basic configuration Example:

On site A multiple clients reside on the fast Ethernet segment of 198.168.1.0/24. All the clients need
access to Servers on Site B
HSRP will provide the clients with uninterrupted access to servers of site B. To accomplish this, R1 is
selected as the primary router, and R2 is the secondary router. You need to use 192.168.1.1 as the virtual
IP address between the two routers. To provide redundancy, you also need to track the serial interfaces.
By tracking on the serial interface, you can force R2 to become the primary if the R1's link to ISP fail.

When tracking is used, two potential situations can cause R2 to become the primary router.
1) The loss of the connection to R1, such as physical loss to the Fast Ethernet port on R1.
2) The loss of physical connectivity between R1 and ISP
Topology Diagram:

HSRP Configuration on R1 and R2:

R1 R2
R1#sh run int fa0/0 R2#sh run int fa0/0
Building configuration... Building configuration...
Current configuration : 192 bytes Current configuration : 168 bytes
! !
interface FastEthernet0/0 interface FastEthernet0/0
ip address 192.168.1.2 255.255.255.0 ip address 192.168.1.3 255.255.255.0
duplex auto duplex auto
speed auto speed auto
standby 1 ip 192.168.1.1 standby 1 ip 192.168.1.1
standby 1 priority 105 standby 1 preempt
standby 1 preempt standby 1 track Serial0/0
standby 1 track Serial0/0 end
end
Verification:
Show standby Command Output for the R1 and R2:
This command shows
A) Router R1:
1) Active router
2) Virtual IP: 192.168.1.1
3) Virtual MAC address: 0000.0c07.ac01
4) Priority: 105
5) Preemption is on
6) Tracking Serial0/0, If interface S0/0 state goes down Priority will decrease by 10 i.e. 95

B) Router R2:
1) Standby router
2) Virtual IP: 192.168.1.1
3) Virtual MAC address: 0000.0c07.ac01
4) Priority: 100
5) Preemption is on
6) Tracking Serial0/0, if interface S0/0 state goes down Priority will decrease by 10 i.e. 90

An Overview of HSRP

The Hot Standby Router Protocol (HSRP) is a Cisco protocol which, as detailed

in RFC 2281, allows multiple client gateways to be configured as one "virtual"

router. This "virtual" router is configured with a single IP address which is shared

among the group along with a virtual MAC address. The idea behind this is, of course,

that the client sees its one gateway even if that gateway fails. HSRP elects

an active router which forwards the client's IP packets. A backup

or standby router can be configured to take over the forwarding of packets in the

event that the active router fails. To track each other, HSRP uses multicast to send

its HSRP updates and hellos. I could go on and on about HSRP, but I said this would

be brief!

An Overview of VRRP

Chances are, if you have a multi-vendor environment and desire the same benefits of

HSRP, you will configure the Virtual Router Redundancy Protocol (VRRP) to do this.

VRRP, detailed in RFC 3768, operates in the same manner as HSRP does by electing

an Active router called the Master among a group of routers and allowing it to be the
"keeper" of a virtual IP and MAC. As with HSRP a failure would trigger

the standby router (backup) to then become the Master and subsequently forward

the client's traffic. VRRP also uses multicast for its hello mechanism and elections,

but unlike HSRP* which uses 224.0.0.2 (This subnet) VRRP uses 224.0.0.18.

Configuration Time

Now that you have a basic understanding on how each protocol works, let's look at

how to configure them on your Cisco router.

Diagram – 1

Using the diagram above we are going to configure R1 and R2 for HSRP using the

virtual IP address of 171.16.6.100 using an authentication key of cisco.

R1

R1(config)# interface e0

R1(config-if)# description R1 Ethernet interface for HSRP example – Active

R1(config-if)# ip address 171.16.6.5 255.255.255.0

R1(config-if)# standby 1 ip 171.16.6.100

R1(config-if)# standby 1 priority 110

R1(config-if)# standby 1 preempt

R1(config-if)# standby 1 authentication cisco

R1(config-if)# no shut

R1(config)# router ospf 1

R1(config-router)# network 171.16.6.0 0.0.0.255 area 171.16.6.0

R1(config-router)# network 171.16.2.4 0.0.0.3 area 0.0.0.0

R2

R2(config)# interface e0

R2(config-if)# description R2 Ethernet interface for HSRP example – Standby

R2(config-if)# ip address 171.16.6.6 255.255.255.0

R2(config-if)# standby 1 ip 171.16.6.100

R2(config-if)# standby 1 preempt

R2(config-if)# standby 1 authentication cisco

R2(config-if)# no shut

R2(config)# router ospf 1

R2(config-router)# network 171.16.6.0 0.0.0.255 area 171.16.6.0

R2(config-router)# network 171.16.7.4 0.0.0.3 area 0.0.0.0

We have now configured R1 and R2 for HSRP using the virtual IP address of

171.16.6.100 and the authentication key of cisco.

Now let's take a look at how to configure VRRP using Diagram 1.

R1
R1(config)# interface ethernet0

R1(config-if)# description R1 Ethernet interface for VRRP example – Master

R1(config-if)# ip address 171.16.6.5 255.255.255.0

R1(config-if)# vrrp 1 ip 171.16.6.100

R1(config-if)# vrrp 1 priority 110

R1(config-if)# vrrp 1 authentication cisco

R1(config-if)# no shut

R1(config)# router ospf 1

R1(config-router)# network 171.16.6.0 0.0.0.255 area 171.16.6.0

R1(config-router)# network 171.16.2.4 0.0.0.3 area 0.0.0.0

R2

R2(config)# interface e0

R2(config-if)# description R2 Ethernet interface for VRRP example – Backup

R2(config-if)# ip address 171.16.6.6 255.255.255.0

R2(config-if)# vrrp 1 ip 171.16.6.100

R2(config-if)# vrrp 1 authentication cisco

R2(config-if)# no shut

R2(config)# router ospf 1

R2(config-router)# network 171.16.6.0 0.0.0.255 area 171.16.6.0

R2(config-router)# network 171.16.7.4 0.0.0.3 area 0.0.0.0

We have now configured both HSRP and VRRP on R1 and R2. Notice in the VRRP

example that I did not use the vrrp group preempt command as I did in the HSRP

example. This is because preempt is enabled by default for VRRP. If there's a case

when you need to turn preempting off, use the command no vrrp group preempt.