- Introduction
- HSRP Configuration Overview:
- Basic configuration Example:
- Topology Diagram:
- Verification:
- Related Information
Introduction
Hot Standby Router Protocol (HSRP) provides redundancy for IP networks, ensuring that user traffic immediately and transparently recovers from first hop router failures. HSRP allows multiple routers on a single LAN to share a virtual IP and MAC address which is configured as the default gateway on the hosts. From the group of routers configured in an HSRP group, there is one router elected as the active router and another as a standby router. The active router assumes the role of forwarding packets sent to the virtual IP address. If the active router fails, the standby router takes over as the new active router.
HSRP Configuration Overview:
1) Decide a virtual address to use for the HSRP address. This address must be in the same subnet that is assigned to the LAN interface where you want to run HSRP.This address is also referred to as the standby IP address. Each router in this group must define with the same virtual IP address using the standby [group-number] ip [Virtual ip-address] command.
The standby group number= The default is 0. The group number range is from 0 to 255 for HSRP version 1 and from 0 to 4095 for HSRP version 2.
If you are configuring HSRP on VLAN trunks, each VLAN or Ethernet sub interface must be in a different standby group.
2) Decide which router is to be the primary router. This can be accomplished with the standby [group-number] priority [priority] commands.
Priority=this range is from 1 to 255, where 1 denotes the lowest priority and 255 denotes the highest priority. The default priority value is 100. The router in the HSRP group with the highest priority value becomes the active router.
3) Optionally you can also enable preemption on the router using below command
Standby [group-number] preempt delay{ minimum = Delay at least this long
Reload = Delay after reload
Sync = Wait for IP redundancy clients}
HSRP-enabled router with preempt configured attempts to assume control as the primary router when its priority is higher than the current active router. The standby preempt command is needed in situations when you want an occurring state change of a tracked interface to cause a standby router to take over from the active router. For example, an active router tracks another interface and decrements its priority when that interface goes down. The standby router priority is now higher and it sees the state change in the hello packet priority field. If preempt is not configured, it cannot take over and failover does not occur.
4) Configure tracking, authentication, and timers on the primary router using the following commands:
A) Tracking: Optionally you can also enable tracking on the router using below command:
standby group_number track interface_name [cost]
When HSRP tracks an interface and the state of a tracked interface changes to down, the primary router decrements its priority. The standby router reads this value from the hello packet priority field, and becomes primary if this value is lower than its own priority and the standby preempt command is configured. You can configure by how much the router must decrement the priority. By default, it decrements its priority by 10
B) HSRP Authentication: The below command establishes authentication messages to be included in the HSRP multicast. This ensures that only authorized routers can become part of the HSRP group. The string must match all routers in the HSRP group.
standby [group-number] authentication { WORD=Plain text authentication string
md5=Use MD5 authentication
text=Plain text authentication}
C) HSRP timers: you can configure the time between hello packets and the time before other routers declare the active Hot Standby or standby router to be down using following command:
standby [group-number] timers [msec] hellotime [msec] holdtime
The default hello interval is 3 seconds and hold time is 10 seconds. If the msec option is specified, hello interval is in milliseconds.
Basic configuration Example:
In this scenario, on site A multiple clients reside on the fast Ethernet segment of 198.168.1.0/24. All the clients need access to Servers on Site B
HSRP will provide the clients with uninterrupted access to servers of site B. To accomplish this, R1 is selected as the primary router, and R2 is the secondary router. You need to use 192.168.1.1 as the virtual IP address between the two routers. To provide redundancy, you also need to track the serial interfaces. By tracking on the serial interface, you can force R2 to become the primary if the R1's link to ISP fail.
When tracking is used, two potential situations can cause R2 to become the primary router.
1) The loss of the connection to R1, such as physical loss to the Fast Ethernet port on R1.
2) The loss of physical connectivity between R1 and ISP
Topology Diagram:
HSRP Configuration on R1 and R2:
R1R2
| R1#sh run int fa0/0 Building configuration... Current configuration : 192 bytes ! interface FastEthernet0/0 ip address 192.168.1.2 255.255.255.0 duplex auto speed auto standby 1 ip 192.168.1.1 standby 1 priority 105 standby 1 preempt standby 1 track Serial0/0 end | R2#sh run int fa0/0 Building configuration... Current configuration : 168 bytes ! interface FastEthernet0/0 ip address 192.168.1.3 255.255.255.0 duplex auto speed auto standby 1 ip 192.168.1.1 standby 1 preempt standby 1 track Serial0/0 end |
Verification:
Show standby Command Output for the R1 and R2:
This command shows
A) Router R1:
1) Active router
2) Virtual IP: 192.168.1.1
3) Virtual MAC address: 0000.0c07.ac01
4) Priority: 105
5) Preemption is on
6) Tracking Serial0/0, If interface S0/0 state goes down Priority will decrease by 10 i.e. 95
B) Router R2:
1) Standby router
2) Virtual IP: 192.168.1.1
3) Virtual MAC address: 0000.0c07.ac01
4) Priority: 100
5) Preemption is on
6) Tracking Serial0/0, if interface S0/0 state goes down Priority will decrease by 10 i.e. 90
R1#sh standby
FastEthernet0/0 - Group 1
State is Active
2 state changes, last state change 00:02:43
Virtual IP address is 192.168.1.1
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 2.052 secs
Preemption enabled
Active router is local
Standby router is 192.168.1.3, priority 100 (expires in 7.452 sec)
Priority 105 (configured 105)
Track interface Serial0/0 state Up decrement 10
Group name is "hsrp-Fa0/0-1" (default)
R2#sh standby
FastEthernet0/0 - Group 1
State is Standby
1 state change, last state change 00:01:34
Virtual IP address is 192.168.1.1
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.408 secs
Preemption enabled
Active router is 192.168.1.2, priority 105 (expires in 7.068 sec)
Standby router is local
Priority 100 (default 100)
Track interface Serial0/0 state Up decrement 10
Group name is "hsrp-Fa0/0-1" (default)
Shutting down R1's WAN interface S0/0:
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#int s0/0
R1(config-if)#sh
R1(config-if)#
*Mar 1 00:11:55.811: %TRACKING-5-STATE: 1 interface Se0/0 line-protocol Up->Down
*Mar 1 00:11:56.507: %HSRP-5-STATECHANGE: FastEthernet0/0 Grp 1 state Active -> Speak
R1(config-if)#
*Mar 1 00:11:57.811: %LINK-5-CHANGED: Interface Serial0/0, changed state to administratively down
*Mar 1 00:11:58.811: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to down
R1(config-if)#
*Mar 1 00:12:06.507: %HSRP-5-STATECHANGE: FastEthernet0/0 Grp 1 state Speak -> Standby
R1#sh standby
FastEthernet0/0 - Group 1
State is Standby
4 state changes, last state change 00:00:41
Virtual IP address is 192.168.1.1
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.132 secs
Preemption enabled
Active router is 192.168.1.3, priority 100 (expires in 9.088 sec)
Standby router is local
Priority 95 (configured 105)
Track interface Serial0/0 state Down decrement 10
Group name is "hsrp-Fa0/0-1" (default)
R2#
*Mar 1 00:11:55.059: %HSRP-5-STATECHANGE: FastEthernet0/0 Grp 1 state Standby -> Active
R2#sh standby
FastEthernet0/0 - Group 1
State is Active
2 state changes, last state change 00:00:35
Virtual IP address is 192.168.1.1
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.712 secs
Preemption enabled
Active router is local
Standby router is 192.168.1.2, priority 95 (expires in 8.804 sec)
Priority 100 (default 100)
Track interface Serial0/0 state Up decrement 10
Group name is "hsrp-Fa0/0-1" (default)
As soon as R1's interface S0/0 goes down,it's group 1 priority reduce by 10 number i.e.to 95.R2 reads this value from the priority field of hello packet and becomes active router as its own priority is higher than R1 i.e.100.
Related Information
Hot Standby Router Protocol Features and Functionality
(HSRP): Frequently Asked Questions
Base Initial configuration:
Hi,
What will be the the configuration scenario if i want to configure HSRP on both side (LAN & WAN). I have configured something like this below. When i shut down the interface F0/1 on Router-1(Active), Router-2 takes the role of master for group 20. But interface F0/0 on Router-1 accepts coming from outside. Can any one please suggest me the solution for this scenario
ROUTER-1
track 1 interface FastEthernet0/0 line-protocol
!
track 2 interface FastEthernet0/1 line-protocol
!
!
!
interface FastEthernet0/0
ip address 172.16.17.11 255.255.255.192
ip nat outside
shutdown
speed 100
full-duplex
standby 10 ip 172.16.17.10
standby 10 timers 4 5
standby 10 priority 130
standby 10 preempt
standby 10 name Network-PUBLIC
standby 10 track 2 decrement 20
!
interface FastEthernet0/1
ip address 10.254.254.141 255.255.255.240
ip nat inside
duplex auto
speed auto
standby 20 ip 10.254.254.140
standby 20 timers 3 5
standby 20 priority 120
standby 20 preempt
standby 20 name Network-PRIVATE
standby 20 track 1 decrement 20
Router -2
------------------
interface FastEthernet0/0
ip address 172.16.17.12 255.255.255.192
ip nat outside
speed 100
full-duplex
standby 10 ip 172.16.17.10
standby 10 timers 4 5
standby 10 priority 120
standby 10 name Network-PUBLIC
!
interface FastEthernet0/1
ip address 10.254.254.142 255.255.255.240
ip nat inside
duplex auto
speed auto
standby 20 ip 10.254.254.140
standby 20 timers 3 5
standby 20 priority 110
standby 20 name Network-PRIVATE
!
Please suggest me a good solution for this scenario. Your support will be highly appreciated.
Thank You
Krish
