HSRP

Feature history for HSRP

This table provides release and platform support information for the features explained in this module.

These features are available in all the releases subsequent to the one they were introduced in, unless noted otherwise.

Release

Feature name and description

Supported platform

Cisco IOS XE 17.18.1

HSRP: HSRP is the standard method used by Cisco to provide high network availability through first-hop redundancy for IP hosts on an IEEE 802 LAN configured with a default gateway IP address.

Cisco C9350 Series Smart Switches

Cisco C9610 Series Smart Switches

Understand HSRP

HSRP is the standard method used by Cisco to provide high network availability through first-hop redundancy for IP hosts on an IEEE 802 LAN configured with a default gateway IP address. HSRP routes IP traffic without relying on the availability of any single router. It enables a set of router interfaces to work together to present the appearance of a single virtual router or default gateway to the hosts on a LAN. When HSRP is configured on a network or segment, it provides a virtual Media Access Control (MAC) address and an IP address that is shared among a group of configured routers.

Two or more routers configured with HSRP can use the MAC address and IP network address of a virtual router. The virtual router does not exist; it represents the common target for routers that are configured to provide backup to each other. The active router is selected among the routers, with another designated as the standby router. This standby router assumes control of the group's MAC and IP address if the active router fails.


Note

  • Routers in an HSRP group can include routed ports and switch virtual interfaces (SVIs), as long as they support HSRP.

  • On Cisco 9610 Smart Series Switches, HSRP is not supported on subinterfaces.

HSRP benefits

HSRP provides high-network availability by ensuring redundancy for IP traffic from hosts on networks. In a group of router interfaces, the active router is the router of choice for routing packets; the standby router is the router that takes over the routing duties when an active router fails or when preset conditions are met.

HSRP is useful for hosts that do not support a router discovery protocol and cannot switch to a new router when their selected router reloads or loses power. When HSRP is configured on a network segment, it provides a virtual MAC address and an IP address that is shared among router interfaces in a group of router interfaces running HSRP. The router selected by the protocol to be the active router receives and routes packets destined for the group's MAC address. For a given number 'n' of routers running HSRP, there are 'n +1' IP and MAC addresses assigned.

HSRP detects when the designated active router fails, and a selected standby router assumes control of the MAC and IP addresses of the Hot Standby group. A new standby router is also selected at that time. Devices running HSRP send and receive multicast, UDP-based 'hello' packets to detect a router failure and to designate active and standby routers.

When HSRP is configured on interfaces, ICMP redirect messages are automatically enabled. ICMP is a network layer Internet protocol that provides message packets for reporting errors and information relevant to IP processing. ICMP provides diagnostic functions. It sends and directs error packets to the host. This feature filters outgoing ICMP redirect messages through HSRP, changing the next hop IP address to an HSRP virtual IP address.

HSRP operation

You can configure multiple Hot Standby groups among switches and switch stacks operating in Layer 3 to coordinate the use of redundant routers. To do so, specify a group number for each Hot Standby command group you configure for an interface. For example, you might configure an interface on switch 1 as an active router and one on switch 2 as a standby router and also configure another interface on switch 2 as an active router with another interface on switch 1 as its standby router.

The figure illustrates a network segment configured for HSRP. Each router is configured with the MAC address and IP address of the virtual router. Instead of configuring hosts on the network with the IP address of Router A, you configure them with the IP address of the virtual router as their default router. When Host C sends packets to Host B, it directs them to the MAC address of the virtual router. If Router A stops transferring packets for any reason, Router B assumes the active router duties by responding to the virtual IP address and MAC address. Host C continues to use the IP address of the virtual router to address packets destined for Host B, which Router B now receives and sends to Host B. Until Router A resumes operation, HSRP allows Router B to provide uninterrupted service to users on Host C's segment that need to communicate with users on Host B's segment. It also continues to handle packets between the Host A segment and Host B, fulfilling its normal function.

Figure 1. Typical HSRP configuration

The figure shows the typical HSRP configuration

HSRP versions

The switch supports these HSRP versions:

  • HSRPv1: Version 1 is the default version and has these features:

    • The HSRP group number can range from 0 to 255.

    • HSRPv1 uses the multicast address 224.0.0.2 to send hello packets, which can conflict with Cisco Group Management Protocol (CGMP) leave processing. You cannot enable HSRPv1 and CGMP at the same time; they are mutually exclusive.

  • HSRPv2: Version 2 has these features:

    • HSRPv2 uses the multicast address 224.0.0.102 to send hello packets. HSRPv2 and CGMP leave processing are not mutually exclusive, so you can enable both simultaneously.

    • HSRPv2 has a different packet format than HRSPv1.

When running HSRPv1, the switch cannot identify the physical router that sends a hello packet because the router's source MAC address appears as the virtual MAC address.

HSRPv2 has a different packet format than HSRPv1. An HSRPv2 packet uses the type-length-value (TLV) format and includes a 6-byte identifier field with the MAC address of the physical router that sent the packet.

If an interface running HSRPv1 gets an HSRPv2 packet, the type field is ignored.

HSRP for IPv6 operation

HSRP ensures routing redundancy for IPv6 traffic without depending on a single router’s availability. IPv6 hosts learn about available routers through IPv6 neighbor discovery router advertisement messages that are multicast periodically or solicited by hosts.

An HSRP IPv6 group features a virtual MAC address derived from the HSRP group number and a virtual IPv6 link-local address, which is, by default, derived from the HSRP virtual MAC address. The range is 0005.73A0.0000 through 0005.73A0.0FFF (4096 addresses).

When the HSRP group is active, it sends periodic messages related to the HSRP virtual IPv6 link-local address. The messaging ceases after a final message is sent when the group exits the active state.


Note

To configure HSRP for IPv6, ensure that HSRP version 2 (HSRPv2) is enabled on the interface.

HSRP group IPv6 operation

A link-local address is an IPv6 unicast address that can be automatically configured on any interface using the link-local prefix FE80::/10 (1111 1110 10) and the interface identifier in the modified EUI-64 format. Link-local addresses are used in the stateless autoconfiguration process. Nodes on a local link can communicate using link-local addresses. They do not require site-local or globally unique addresses.

When you enter the standby ipv6 command, a link-local address is generated from the link-local prefix, and a modified EUI-64 format interface identifier is generated in which the EUI-64 interface identifier is created from the relevant HSRP virtual MAC address.

In IPv6, a device on the link uses RA messages to advertise any site-local and global prefixes and its capability to function as a default device for the link. RA messages are sent periodically and in response to router solicitation messages, sent by hosts during system startup.

A node on the link can automatically configure site-local and global IPv6 addresses by appending its interface identifier (64 bits) to the prefixes (64 bits) included in the RA messages. The resulting 128-bit IPv6 addresses that are configured by the node are then subjected to duplicate address detection to ensure their uniqueness on the link. If the prefixes advertised in the RA messages are globally unique, then the IPv6 addresses configured by the node are also guaranteed to be globally unique. Router solicitation messages, which have a value of 133 in the Type field of the ICMP packet header, are sent by hosts at system startup for immediate autoconfiguration and avoiding the wait for the next scheduled RA message.

Multiple HSRP

The switch supports Multiple HSRP (MHSRP), an extension of HSRP that enables load sharing across multiple HSRP groups. Configure MHSRP to achieve load-balancing and to use two or more standby groups (and paths) from a host network to a server network.

In the figure, half of the clients are configured for Router A, and the other half for Router B. The configurations of Routers A and B together establish two HSRP groups. For group 1, Router A is the active router due to its higher priority, with Router B as standby. For group 2, Router B becomes active with Router A as standby, given a similar priority setting. The two routers share IP traffic during normal operations. If one router is unavailable, the other router handles packet transfer functions.


Note
Enter the standby preempt interface configuration command on the HSRP interfaces for MHSRP to ensure preemption restores load sharing after a router failure and reboot.
Figure 2. MHSRP load sharing

The figure shows MHSRP load sharing.

HSRP SSO

HSRP stateful switchover (SSO) alters the behavior of HSRP on devices configured for SSO redundancy mode with redundant Route Processors (RPs). When an RP is active and the other RP is standby, SSO enables the standby RP to take over if the active RP fails.

This functionality synchronizes HSRP SSO information to the standby RP, allowing continuous traffic forwarding using the HSRP virtual IP address during a switchover without data loss or path change. Additionally, if both RPs fail on the active HSRP device, the standby HSRP device becomes the active device.

The system automatically enables the feature when the redundancy mode is set to SSO.

HSRP and switch stacks

HSRP hello messages are generated by the active switch. If HSRP fails on the active switch, the HSRP active state may experience a flap. This is because HSRP hello messages are not generated while a new active switch is elected and initialized, and the standby router may become active after the active switch fails.

Default settings

Table 1. Default HSRP configuration

Feature

Default setting

HSRP version

Version 1

HSRP groups

None configured

Standby group number

0

Standby MAC address

System assigned as: 0000.0c07.acXX, where XX is the HSRP group number

Standby priority

100

Standby delay

0 (no delay)

Standby track interface priority

10

Standby hello time

3 seconds

Standby holdtime

10 seconds

HSRP IPv6 UDP port number

2029

HSRP configuration guidelines

Refer to these guidelines before configuring HSRP:

  • HSRPv2 and HSRPv1 are mutually exclusive. HSRPv2 and HSRPv1 cannot interoperate on the same interface.

  • In the procedures, the specified interface must be one of these Layer 3 interfaces:

    • Routed port: A physical port configured as a Layer 3 port by entering the no switchport command in interface configuration mode.

    • SVI: A VLAN interface created by using the interface vlan vlan_id in global configuration mode, and by default a Layer 3 interface.

    • Etherchannel port channel in Layer 3 mode: A port-channel logical interface created by using the interface port-channel port-channel-number in global configuration mode, and binding the Ethernet interface into the channel group.

  • Assign IP addresses to all Layer 3 interfaces.

When configuring HSRP priority, follow these guidelines:

  • Specify a priority to choose the active and standby routers. If preemption is enabled, the router with the highest priority becomes the active router. If priorities are equal, the current active router does not change.

  • The highest number (1 to 255) represents the highest priority (most likely to become the active router).

  • When setting the priority, preempt, or both, you must specify at least one keyword: priority, preempt, or both.

  • Configure a delay time to allow the router to update its routing table when routing is first enabled. This ensures the router can provide adequate service and solve potential preemption issues.

When configuring HSRP authentication and timers, follow these guidelines:

  • HSRP messages send the authentication string unencrypted. You must configure the same authentication string on all routers and access servers on a cable to ensure interoperation. An authentication mismatch prevents a device from learning the designated Hot Standby IP address and timer values from other routers configured with HSRP.

  • Routers or access servers on which standby timer values are not configured can learn timer values from the active or standby router. The timers configured on an active router always override any other timer settings.

  • All routers in a Hot Standby group should use the same timer values. Normally, the holdtime is greater than or equal to 3 times the hellotime.

Configure HSRP

This section provides configuration information about HSRP.

Enable HSRP

The standby ip interface configuration command activates HSRP on the configured interface. If an IP address is specified, that address is used as the designated address for the Hot Standby group. If no IP address is specified, the address is learned through the standby function. Configure at least one Layer 3 port on the LAN with the designated address. Configuring an IP address overrides the current designated address.

When the standby ip command is enabled on an interface and proxy ARP is enabled, if the interface's Hot Standby state is active, proxy ARP requests are answered using the Hot Standby group MAC address. Proxy ARP responses are suppressed if the interface is in a different state.

Procedure

  Command or Action Purpose

Step 1

configure terminal

Example:


Device(config)# configure terminal
Enters global configuration mode.

Step 2

interface interface-id

Example:


Device(config)# interface gigabitethernet1/0/1

Enters interface configuration mode, and enter the Layer 3 interface on which you want to enable HSRP.

Step 3

standby version {1 | 2}

Example:


Device(config-if)# standby version 1

(Optional) Configures the HSRP version on the interface.

  • 1 : Selects HSRPv1.

  • 2 : Selects HSRPv2.

Without a specified keyword, the interface defaults to HSRP v1.

Step 4

standby group-number ip [ip-address [secondary]]

Example:


Device(config-if)# standby 1 ip
Creates (or enable) the HSRP group using its number and virtual IP address.

  • group-number : The group number on the interface for which HSRP is being enabled. The range is 0 to 255; the default is 0. If there is only one HSRP group, you do not need to enter a group number.

  • (Optional on all but one interface) ip-address : The virtual IP address of the hot standby router interface. You must enter the virtual IP address for at least one of the interfaces; it can be learned on the other interfaces.

  • (Optional) secondary : The IP address is a secondary hot standby router interface. If neither router is designated as a secondary or standby router, and no priorities are set, the primary IP addresses are compared. The router with the higher IP address becomes the active router, and the router with the next highest IP address becomes the standby router.

Step 5

end

Example:


Device(config-if)# end
Returns to privileged EXEC mode

Step 6

show standby [interface-id [group]]

Example:


Device# show standby
Verifies the configuration of the standby groups.

Step 7

copy running-config startup-config

Example:


Device# copy running-config startup-config

(Optional) Saves your entries in the configuration file.

Enable an HSRP group for IPv6 operation

To enable an HSRP group for IPv6, perform this procedure:

Procedure

  Command or Action Purpose

Step 1

enable

Example:

Device> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 3

ipv6 unicast-routing

Example:


Device(config)# ipv6 unicast-routing

Enables the forwarding of IPv6 unicast datagrams.

  • The ipv6 unicast-routing command must be enabled for HSRP for IPv6 to work.

Step 4

interface type number

Example:


Device(config)# interface GigabitEthernet 0/0/0

Specifies an interface type and number, and places the device in interface configuration mode.

Step 5

standby group-number ipv6 {link-local-address | autoconfig }

Example:


Device(config-if)# standby 1 ipv6 autoconfig

Activates the HSRP in IPv6.

Step 6

standby group-number preempt [delay {minimum seconds | reload seconds | sync seconds }]

Example:


Device(config-if)# standby 1 preempt

Configures HSRP preemption and preemption delay.

Step 7

standby group-number priority priority

Example:


Device(config-if)# standby 1 priority 110

Configures HSRP priority.

Step 8

exit

Example:


Device(config-if)# exit

Returns the device to privileged EXEC mode.

Step 9

show standby [type number [group | summary ]]

Example:


Device# show standby

Displays HSRP information.

Step 10

show ipv6 interface type number

Example:


Device# show ipv6 interface GigabitEthernet 0/0/0

Displays the usability status of interfaces configured for IPv6.

Configure HSRP priority

The standby priority , standby preempt , and standby track interface configuration commands are all used to set characteristics for finding active and standby routers and behavior regarding when a new active router takes over.

Beginning in privileged EXEC mode, use one or more of these steps to configure HSRP priority characteristics on an interface:

Procedure

  Command or Action Purpose

Step 1

configure terminal

Example:


Device# configure terminal

Enters global configuration mode.

Step 2

interface interface-id

Example:

Device(config)# interface gigabitethernet1/0/1
Enters interface configuration mode, and enter the HSRP interface on which you want to set priority.

Step 3

standby group-number priority priority

Example:


Device(config-if)# standby 120 priority 50
Sets a priority value used in choosing the active router. The range is from 1 to 255; the default priority is 100. The highest number represents the highest priority.

group-number : The group number to which the command applies.

Use the no form of the command to restore the default values.

Step 4

standby group-number preempt [delay {minimum seconds | reload seconds | sync seconds}]

Example:


Device(config-if)# standby 1 preempt delay minimum 300

Configures the router to preempt , which means that when the local router has a higher priority than the active router, it becomes the active router.

  • group-number : The group number to which the command applies.

  • (Optional) delay minimum : Set to cause the local router to postpone taking over the active role for the number of seconds shown. The range is from 0 to 3600 seconds (1 hour); the default is 0 (no delay before taking over).

  • (Optional) delay reload : Set to cause the local router to postpone taking over the active role after a reload by the indicated number of seconds. The range is from 0 to 3600 seconds (1 hour); the default is 0 (no delay before taking over after a reload).

  • (Optional) delay sync : Set to cause the local router to postpone taking over the active role so that IP redundancy clients can reply (either with an ok or wait reply) for the number of seconds shown. The range is from 0 to 3600 seconds (1 hour); the default is 0 (no delay before taking over).

Use the no form of the command to restore the default values.

Step 5

standby group-number track number [decrement decrement-value]

Example:


Device(config-if)# standby 1 track 1 decrement 20

Configures an interface to perform object priority tracking.

  • group-number : The group number to which the command applies.

  • number : Enter the object number (combined with interface type) that is tracked.

  • (Optional) decrement decrement-value : Enter the decrement value.

Step 6

end

Example:


Device(config-if)# end
Returns to privileged EXEC mode.

Step 7

show running-config

Verifies the configuration of the standby groups.

Step 8

copy running-config startup-config

(Optional) Saves your entries in the configuration file.

Configure MHSRP

To enable MHSRP and load-balancing, configure two routers as active routers for your groups, with virtual routers as standby routers, as shown in the MHSRP Load Sharing figure in the Multiple HSRP section. Enter the standby preempt interface configuration command on each HSRP interface. This ensures that if a router fails and comes back up, the preemption occurs and restores load-balancing.

Router A is configured as the active router for group 1, while Router B is configured as the active router for group 2. The HSRP interface for Router A has an IP address of 10.0.0.1 with a group 1 standby priority of 110 (the default is 100). The HSRP interface for Router B has an IP address of 10.0.0.2 with a group 2 standby priority of 110.

Group 1 uses a virtual IP address of 10.0.0.3 and group 2 uses a virtual IP address of 10.0.0.4.

Configure Router A

Procedure
  Command or Action Purpose

Step 1

configure terminal

Example:

Device# configure terminal
Enters global configuration mode.

Step 2

interface type number

Example:

Device(config)# interface gigabitethernet1/0/1
Configures an interface type and enters interface configuration mode.

Step 3

ip address ip-address mask

Example:

Device(config-if)# ip address 10.0.0.1 255.255.255.0
Specifies an IP address for an interface.

Step 4

standby group-number ip [ip-address [secondary]]

Example:

Device(config-if)# standby 1 ip 10.0.0.3
Creates (or enable) the HSRP group using its number and virtual IP address.

  • group-number : The group number on the interface for which HSRP is being enabled. The range is 0 to 255; the default is 0. If there is only one HSRP group, you do not need to enter a group number.

  • (Optional on all but one interface) ip-address : The virtual IP address of the hot standby router interface. You must enter the virtual IP address for at least one of the interfaces; it can be learned on the other interfaces.

  • (Optional) secondary : The IP address is a secondary hot standby router interface. If neither router is designated as a secondary or standby router and no priorities are set, the primary IP addresses are compared and the higher IP address is the active router, with the next highest as the standby router.

Step 5

standby group-number priority priority

Example:

Device(config-if)# standby 1 priority 110
Sets a priority value used in choosing the active router. The range is 1 to 255; the default priority is 100. The highest number represents the highest priority.

group-number : The group number to which the command applies.

Use the no form of the command to restore the default values.

Step 6

standby group-number preempt [delay {minimum seconds | reload seconds | sync seconds}]

Example:

Device(config-if)# standby 1 preempt delay minimum 300

Configures the router to preempt, which means that when the local router has a higher priority than the active router, it becomes the active router.

  • group-number : The group number to which the command applies.

  • (Optional) delay minimum : Set to cause the local router to postpone taking over the active role for the number of seconds shown. The range is from 0 to 3600 seconds (1 hour); the default is 0 (no delay before taking over).

  • (Optional) delay reload : Set to cause the local router to postpone taking over the active role after a reload by the indicated number of seconds. The range is from 0 to 3600 seconds (1 hour); the default is 0 (no delay before taking over after a reload).

  • (Optional) delay sync : Set to cause the local router to postpone taking over the active role so that IP redundancy clients can reply (either with an ok or wait reply) for the number of seconds shown. The range is from 0 to 3600 seconds (1 hour); the default is 0 (no delay before taking over).

Use the no form of the command to restore the default values.

Step 7

standby group-number ip [ip-address [secondary]]

Example:

Device(config-if)# standby 1 ip 10.0.0.4
Creates (or enable) the HSRP group using its number and virtual IP address.

  • group-number : The group number on the interface for which HSRP is being enabled. The range is 0 to 255; the default is 0. If there is only one HSRP group, you do not need to enter a group number.

  • (Optional on all but one interface) ip-address : The virtual IP address of the hot standby router interface. You must enter the virtual IP address for at least one of the interfaces; it can be learned on the other interfaces.

  • (Optional) secondary : The IP address is a secondary hot standby router interface. If neither router is designated as a secondary or standby router and no priorities are set, the primary IP addresses are compared and the higher IP address is the active router, with the next highest as the standby router.

Step 8

standby group-number preempt [delay {minimum seconds | reload seconds | sync seconds}]

Example:

Device(config-if)# standby 2 preempt delay minimum 300

Configures the router to preempt , which means that when the local router has a higher priority than the active router, it becomes the active router.

  • group-number : The group number to which the command applies.

  • (Optional) delay minimum : Set to cause the local router to postpone taking over the active role for the number of seconds shown. The range is from 0 to 3600 seconds (1 hour); the default is 0 (no delay before taking over).

  • (Optional) delay reload : Set to cause the local router to postpone taking over the active role after a reload by the indicated number of seconds. The range is from 0 to 3600 seconds (1 hour); the default is 0 (no delay before taking over after a reload).

  • (Optional) delay sync : Set to cause the local router to postpone taking over the active role so that IP redundancy clients can reply (either with an ok or wait reply) for the number of seconds shown. The range is from 0 to 3600 seconds (1 hour); the default is 0 (no delay before taking over).

Use the no form of the command to restore the default values.

Step 9

end

Example:

Device(config-if)# end
Returns to privileged EXEC mode.

Step 10

show running-config

Verifies the configuration of the standby groups.

Step 11

copy running-config startup-config

(Optional) Saves your entries in the configuration file.

Configure Router B

Procedure
  Command or Action Purpose

Step 1

configure terminal

Example:

Device# configure terminal
Enters global configuration mode.

Step 2

interface type number

Example:

Device(config)# interface gigabitethernet1/0/1
Configures an interface type and enters interface configuration mode.

Step 3

ip address ip-address mask

Example:

Device(config-if)# ip address 10.0.0.2 255.255.255.0
Specifies an IP address for an interface.

Step 4

standby group-number ip [ip-address [secondary]]

Example:

Device(config-if)# standby 1 ip 10.0.0.3
Creates (or enable) the HSRP group using its number and virtual IP address.

  • group-number : The group number on the interface for which HSRP is being enabled. The range is 0 to 255; the default is 0. If there is only one HSRP group, you do not need to enter a group number.

  • (Optional on all but one interface) ip-address : The virtual IP address of the hot standby router interface. You must enter the virtual IP address for at least one of the interfaces; it can be learned on the other interfaces.

  • (Optional) secondary : The IP address is a secondary hot standby router interface. If neither router is designated as a secondary or standby router, and no priorities are set, the primary IP addresses are compared. The router with the higher IP address becomes the active router, and the router with the next highest IP address becomes the standby router.

Step 5

standby group-number priority priority

Example:

Device(config-if)# standby 2 priority 110
Sets a priority value used in choosing the active router. The range is from 1 to 255; the default priority is 100. The highest number represents the highest priority.

group-number : The group number to which the command applies.

Use the no form of the command to restore the default values.

Step 6

standby group-number preempt [delay {minimum seconds | reload seconds | sync seconds}]

Example:

Device(config-if)# standby 1 preempt delay minimum 300

Configures the router to preempt , which means that when the local router has a higher priority than the active router, it becomes the active router.

  • group-number : The group number to which the command applies.

  • (Optional) delay minimum : Set to cause the local router to postpone taking over the active role for the number of seconds shown. The range is from 0 to 3600 seconds (1 hour); the default is 0 (no delay before taking over).

  • (Optional) delay reload : Set to cause the local router to postpone taking over the active role after a reload by the indicated number of seconds. The range is from 0 to 3600 seconds (1 hour); the default is 0 (no delay before taking over after a reload).

  • (Optional) delay sync : Set to cause the local router to postpone taking over the active role so that IP redundancy clients can reply (either with an ok or wait reply) for the number of seconds shown. The range is from 0 to 3600 seconds (1 hour); the default is 0 (no delay before taking over).

Use the no form of the command to restore the default values.

Step 7

standby group-number ip [ip-address [secondary]]

Example:

Device(config-if)# standby 2 ip 10.0.0.4
Creates the HSRP group using its number and virtual IP address.

  • group-number : The group number on the interface for which HSRP is being enabled. The range is 0 to 255; the default is 0. If there is only one HSRP group, you do not need to enter a group number.

  • (Optional on all but one interface) ip-address : The virtual IP address of the hot standby router interface. You must enter the virtual IP address for at least one of the interfaces; it can be learned on the other interfaces.

  • (Optional) secondary : The IP address is a secondary hot standby router interface. If neither router is designated as a secondary or standby router and no priorities are set, the primary IP addresses are compared and the higher IP address is the active router, with the next highest as the standby router.

Step 8

standby group-number preempt [delay {minimum seconds | reload seconds | sync seconds}]

Example:

Device(config-if)# standby 2 preempt delay minimum 300

Configures the router to preempt , which means that when the local router has a higher priority than the active router, it becomes the active router.

  • group-number : The group number to which the command applies.

  • (Optional) delay minimum : Set to cause the local router to postpone taking over the active role for the number of seconds shown. The range is from 0 to 3600 seconds (1 hour); the default is 0 (no delay before taking over).

  • (Optional) delay reload : Set to cause the local router to postpone taking over the active role after a reload by the indicated number of seconds. The range is from 0 to 3600 seconds (1 hour); the default is 0 (no delay before taking over after a reload).

  • (Optional) delay sync : Set to cause the local router to postpone taking over the active role so that IP redundancy clients can reply (either with an ok or wait reply) for the number of seconds shown. The range is from 0 to 3600 seconds (1 hour); the default is 0 (no delay before taking over).

Use the no form of the command to restore the default values.

Step 9

end

Example:

Device(config-if)# end
Returns to privileged EXEC mode.

Step 10

show running-config

Verifies the configuration of the standby groups.

Step 11

copy running-config startup-config

(Optional) Saves your entries in the configuration file.

Configure HSRP authentication and timers

You can optionally configure an HSRP authentication string or change the hello-time interval and hold-time interval.

Beginning in privileged EXEC mode, use one or more of these steps to configure HSRP authentication and timers on an interface:

Procedure

  Command or Action Purpose

Step 1

configure terminal

Example:


Device# configure terminal

Enters global configuration mode.

Step 2

interface interface-id

Example:


Device(config)# interface gigabitethernet1/0/1
Enters interface configuration mode, and enter the HSRP interface on which you want to set priority.

Step 3

standby group-number authentication string

Example:


Device(config-if)# standby 1 authentication word
authentication string : Enter a string to be carried in all HSRP messages. The authentication string can be up to eight characters in length; the default string is cisco.

group-number : The group number to which the command applies.

Step 4

standby group-number timers hellotime holdtime

Example:


Device(config-if)# standby 1 timers 5 15

Configures the time interval to send and receive hello packets.

  • group-number : The group number to which the command applies.

  • hellotime : Set the interval between successive hello packets in seconds. The range is 1 to 254 seconds.

  • holdtime : Set the interval to wait for a hello packet from a neighbor device before declaring the neighbor device as inactive. The range is 34 to 255 seconds.

Step 5

end

Example:


Device(config-if)# end
Returns to privileged EXEC mode.

Step 6

show running-config

Verifies the configuration of the standby groups.

Step 7

copy running-config startup-config

(Optional) Saves your entries in the configuration file.

Configure HSRP groups and clustering

When your device participates in HSRP standby routing and clustering is enabled, use the same standby group for command switch redundancy and HSRP redundancy.

Procedure

  Command or Action Purpose

Step 1

configure terminal

Example:


Device# configure terminal

Enters global configuration mode.

Step 2

cluster standby-group HSRP-group-name [routing-redundancy]

Example:


Device(config)# cluster standby-group my_hsrp routing-redundancy

Binds the HSRP standby group to the cluster and enables the same HSRP standby group to be used for command switch and routing redundancy.

HSRP standby routing is disabled for the group if you create a cluster with the same HSRP standby group name without entering the routing-redundancy keyword.

Step 3

end

Example:


Device(config)# end
Returns to privileged EXEC mode.

Configuration examples

The following sections provide various configuration examples for HSRP.

Example: Enable HSRP

This example shows how to activate HSRP for group 1 on an interface. The IP address used by the hot standby group is learned by using HSRP.


Note
This procedure is the minimum number of steps required to enable HSRP. Other configurations are optional. 
Device# configure terminal
Device(config)# interface gigabitethernet1/0/1
Device(config-if)# no switchport
Device(config-if)# standby 1 ip
Device(config-if)# end
Device# show standby

Example: Configure and verify an HSRP group

These examples show configuration and verification for an HSRP group for IPv6 that consists of Device 1 and Device 2.

You can display HSRP information for the entire switch, a specific interface, an HSRP group, or an HSRP group on an interface. You can also specify whether to display a concise overview of HSRP information or detailed HSRP information. The default display is detail . If there are a large number of HSRP groups, using the show standby command without qualifiers can result in an unwieldy display.

Device 1 configuration

interface FastEthernet0/0.100
description DATA VLAN for PCs 
encapsulation dot1Q 100 
ipv6 address 2001:DB8:CAFE:2100::BAD1:1010/64 
standby version 2 
standby 101 priority 120 
standby 101 preempt delay minimum 30 
standby 101 authentication ese 
standby 101 track 1 decrement 20
standby 201 ipv6 autoconfig 
standby 201 priority 120 
standby 201 preempt delay minimum 30 
standby 201 authentication ese 
standby 201 track 1 decrement 20 

Device1# show standby

FastEthernet0/0.100 - Group 101 (version 2) 
State is Active 
2 state changes, last state change 5w5d 
Active virtual MAC address is 0000.0c9f.f065 
Local virtual MAC address is 0000.0c9f.f065 (v2 default) 
Hello time 3 sec, hold time 10 sec 
Next hello sent in 2.296 secs 
Authentication text "ese"
Preemption enabled, delay min 30 secs 
Active router is local 
Priority 120 (configured 120)
Track 1 state Up decrement 20 
IP redundancy name is "hsrp-Fa0/0.100-101" (default) 
FastEthernet0/0.100 - Group 201 (version 2) 
State is Active 
2 state changes, last state change 5w5d 
Virtual IP address is FE80::5:73FF:FEA0:C9 
Active virtual MAC address is 0005.73a0.00c9 
Local virtual MAC address is 0005.73a0.00c9 (v2 IPv6 default) 
Hello time 3 sec, hold time 10 sec 
Next hello sent in 2.428 secs 
Authentication text "ese" 
Preemption enabled, delay min 30 secs 
Active router is local 
Standby router is FE80::20F:8FFF:FE37:3B70, priority 100 (expires in 7.856 sec) 
Priority 120 (configured 120) 
Track 1 state Up decrement 20 
IP redundancy name is "hsrp-Fa0/0.100-201" (default)

Device 2 configuration 

interface FastEthernet0/0.100
description DATA VLAN for Computers 
encapsulation dot1Q 100
ipv6 address 2001:DB8:CAFE:2100::BAD1:1020/64 
standby version 2 
standby 101 preempt 
standby 101 authentication ese 
standby 201 ipv6 autoconfig 
standby 201 preempt 
standby 201 authentication ese

Device2# show standby

FastEthernet0/0.100 - Group 101 (version 2) 
State is Standby 
7 state changes, last state change 5w5d 
Active virtual MAC address is 0000.0c9f.f065 
Local virtual MAC address is 0000.0c9f.f065 (v2 default) 
Hello time 3 sec, hold time 10 sec 
Next hello sent in 0.936 secs 
Authentication text "ese" 
Preemption enabled 
MAC address is 0012.7fc6.8f0c 
Standby router is local 
Priority 100 (default 100) 
IP redundancy name is "hsrp-Fa0/0.100-101" (default) 
FastEthernet0/0.100 - Group 201 (version 2) 
State is Standby 
7 state changes, last state change 5w5d
Virtual IP address is FE80::5:73FF:FEA0:C9
Active virtual MAC address is 0005.73a0.00c9 
Local virtual MAC address is 0005.73a0.00c9 (v2 IPv6 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.936 secs 
Authentication text "ese" 
Preemption enabled 
Active router is FE80::212:7FFF:FEC6:8F0C, priority 120 (expires in 7.548 sec) 
MAC address is 0012.7fc6.8f0c 
Standby router is local 
Priority 100 (default 100) 
IP redundancy name is "hsrp-Fa0/0.100-201" (default)

Example: Configure HSRP priority

This example activates a port, sets an IP address and a priority of 120 (higher than the default value), and waits for 300 seconds (5 minutes) before attempting to become the active router: 

Device# configure terminal
Device(config)# interface gigabitethernet1/0/1
Device(config-if)# standby ip 172.20.128.3
Device(config-if)# standby priority 120 preempt delay minimum 300
Device(config-if)# end
Device# show standby

Example: Configure MHSRP

This example shows how to enable the MHSRP configuration shown in the figure MHSRP load sharing.

Router A configuration

Device# configure terminal
Device(config)# interface gigabitethernet1/0/1
Device(config-if)# ip address 10.0.0.1 255.255.255.0
Device(config-if)# standby ip 10.0.0.3
Device(config-if)# standby 1 priority 110
Device(config-if)# standby 1 preempt
Device(config-if)# standby 2 ip 10.0.0.4
Device(config-if)# standby 2 preempt
Device(config-if)# end

Router B configuration

Device# configure terminal
Device(config)# interface gigabitethernet1/0/1
Device(config-if)# ip address 10.0.0.2 255.255.255.0
Device(config-if)# standby ip 10.0.0.3
Device(config-if)# standby 1 preempt
Device(config-if)# standby 2 ip 10.0.0.4
Device(config-if)# standby 2 priority 110
Device(config-if)# standby 2 preempt
Device(config-if)# end

Example: Configure HSRP authentication and timer

This example shows how to configure word as the authentication string required to allow Hot Standby routers in group 1 to interoperate: 

Device# configure terminal
Device(config)# interface gigabitethernet1/0/1
Device(config-if)# standby 1 authentication word
Device(config-if)# end

This example shows how to set the timers on standby group 1 with the time between hello packets at 5 seconds and the time after which a router is considered down to be 15 seconds: 

Device# configure terminal
Device(config)# interface gigabitethernet1/0/1
Device(config-if)# standby 1 ip
Device(config-if)# standby 1 timers 5 15
Device(config-if)# end

Example: Configure HSRP groups and clustering

This example shows how to bind standby group my_hsrp to the cluster and enable the same HSRP group to be used for command switch redundancy and router redundancy. The command can only be executed on the cluster command switch. If the standby group name or number does not exist, or if the switch is a cluster member switch, an error message appears. 

Device# configure terminal
Device(config)# cluster standby-group my_hsrp routing-redundancy
Device(config-if)# end