IOS Configuration: HSRP

Contents

The Basics Basic Configuration

o

Enabling HSRP Popular Tweaks

The Basics
HSRP is Cisco's Hot Standby Router Protocol and provides a highly-available virtual IP address for use as a gateway. This virtual IP address is configured on multiple routers, and a silent election is held to determine which router should answer for that IP. This elected router, called the active member, begins answering for that IP address, and, if something should happen to it (like it catches on fire in the rack), the remaining standby members repeat the election.

Basic Configuration
Enabling HSRP
The basic configuration of HSRP is very simple.

Router(config-if)#standby ip 192.0.2.1

You can also add a group number to the configuration if you want to run more than one instance on the same interface. If you don't give a group number, the router will assume you are using group 0.

Router(config-if)#standby 1 ip 192.0.2.1

Router(config-if)#standby 150 ip 192.0.2.150

Popular Tweaks
You can skew the election of the active member by configuring a priority on the standby group. The higher the priority, the more preferred it will be during the election. Valid values are 0 - 255; default is 100.

Router(config-if)#standby 1 priority 110

Even if you change the priority to something high, the router won't take over unless you have preemption enabled.

Router(config-if)#standby 1 preempt

You can "secure" the HSRP group with a authentication password. However, the password is transmitted in plain text and can be captured.

Router(config-if)#standby 1 authentication PASSWORD

You can have HSRP track objects and decrement priority if that object were to fail. You can track interfaces or tracking objects that have already been defined. You can also dictate how much to decrement the priority; the default decrement value is 10. To track interface Serial0/0 and decrement the priority by 15 if if fails, you can do this.

Router(config-if)#standby 1 track s0/0 15

To track a track object that you've already defined and decrement 20 if it fails, you can do this.

Router(config-if)#standby 1 track 100 decrement 20

Each standby group has a name that is used to allow technologies like NAT to move around with the HSRP active member. The default name is a combination of interface name and standby group, but you can define one that is more meaningful.

Router(config-if)#standby 1 name GATEWAY

STEP-BY-STEP WITH CISCO'S

HOT STANDBY ROUTER PROTOCOL

Cisco's Hot Standby Router Protocol lets you add redundancy, fault tolerance, and load balancing to your network with relative ease. Michael Burton steps you through basic HSRP configuration and troubleshooting. The Hot Swappable Router Protocol (HSRP) is a way to build redundancy into your network by allowing two or more routers to continuously test each other for connectivity, and take over if a router fails. For purposes of discussing a basic HSRP configuration, let's assume we want to make the 10.10.10./24 network dynamically redundant and have two building routers at our disposal. Using HSRP terminology, both building routers together are referred to as a standby group and appear to the subnet as a single default gateway. Through an election process, one router is designated as active and the other router is designated as standby. Both the active and standby router listen to routing updates from the core router, but only the active router processes IP packets as the default gateway for the subnet. The active and standby routers are constantly sending "hello" packets back and forth. If the active router fails, as soon as a predetermined number of "hello" packets from the standby router to the active router go unanswered, the standby router becomes the active router and starts processing IP packets for the subnet. Both routers are configured with standard IP addresses on their interface into the subnet. Each router also has a special virtual IP address which is the same on both routers, configured via standby commands under the specific interfaces.

Configuring the Routers

Given a standard 24-bit subnet, we can build the following:

Network: 10.10.10.0 Subnet Mask: 255.255.255.0 Default Gateway: 10.10.10.251

Physical IP Address

Building Router A: Building Router B:

10.10.10.252 10.10.10.253

The configuration commands are as follows:

building router a# interface fa0/2 ip address 10.10.10.252 255.255.255.0

This sets the IP address for the interface

standby 100 timers 3 10

100 denotes the HSRP process number as "hot standby group 100". You can have multiple HSRP standby groups on the same interface. The timers command sets the interval to 3 seconds between HELLO messages, and waits 10 seconds before the other router is declared down.
standby 100 priority 200 preempt

Defines the priority of this router. The highest priority number will win the election. "Preempt" allows the router to take over control even if there is not an election in process if it comes on line with the highest priority.
standby 100 authentication fnord

Optional - Authentication [word] creates an unencrypted authentication process for each HSRP packet.
standby 100 ip 10.10.10.251

Establishes 10.10.10.251 as the virtual interface. This IP address should be the same on both HSRP routers.
standby 100 track fa0/0

Configuring the Routers

Given a standard 24-bit subnet, we can build the following:

Network: 10.10.10.0 Subnet Mask: 255.255.255.0 Default Gateway: 10.10.10.251

Physical IP Address

Building Router A: Building Router B:

10.10.10.252 10.10.10.253

The configuration commands are as follows:

building router a# interface fa0/2 ip address 10.10.10.252 255.255.255.0

This sets the IP address for the interface

standby 100 timers 3 10

100 denotes the HSRP process number as "hot standby group 100". You can have multiple HSRP standby groups on the same interface. The timers command sets the interval to 3 seconds between HELLO messages, and waits 10 seconds before the other router is declared down.
standby 100 priority 200 preempt

Defines the priority of this router. The highest priority number will win the election. "Preempt" allows the router to take over control even if there is not an election in process if it comes on line with the highest priority.
standby 100 authentication fnord

Optional - Authentication [word] creates an unencrypted authentication process for each HSRP packet.
standby 100 ip 10.10.10.251

Establishes 10.10.10.251 as the virtual interface. This IP address should be the same on both HSRP routers.
standby 100 track fa0/0