HSRP

Description

HSRP is a Cisco proprietary protocol developed to allow several routers (or multilayer switches) to appear as a single gateway by sharing an IP between the routers. Only one router is active at any time.

Each interface can support multiple up to 16 unique virtual IP addresses using HSRP. They are distincted by the group number.

HSRP group number can range from 0 to 255. However, most Catalyst switches support only up to 16 unique HSRP group numbers. HSRP group number is locally significant on each interface.

HSRP Router Election

HSRP uses 224.0.0.2 (all routers) with UDP port 1985 to communicate and elect who takes responsible for the shared IP. HSRP election is based on a priority value. The highest priority value becomes the active router for the group. If priority ties, the one with the highest IP address becomes the active router.

HSRP interfaces run through the following states.

Disabled
Init
Listen
Speak
Standby
Active

By default, a router will not become an active router even if the router has a higher priority value if a active router is already there. This behavior can be modified by the preempt property.

Enabling EIGRP

Switch(config-if)# standby group ip ip-address [ secondary ]

When HSRP is used on an interface that has secondary IP addresses, you can add the secondary keyword so that HSRP can provide a redundant secondary gateway address.

Naturally, each router keeps a unique MAC address for its interface. This MAC address is always associated with the unique IP address configured on the interface.

For the virtual router address, HSRP defines a special MAC address of the form 0000.0c07.acxx, where xx represents the HSRP group number as a two-digit hex value. For example, HSRP Group 1 appears as 0000.0c07.ac01, HSRP Group 16 appears as 0000.0c07.ac10, and so on.

Tracking Interface

If a router has some of its links failed but the interface on which the HSRP is enabled is still working, the client will continue to forward the packets to this failed router and result in some unwanted result. Cisco iOS can handle this situation by enabling its tracking property in the interface.

Authentication

Plain-text Authentication

Switch(config-if)# standby group authentication string

MD5 Authentication

Switch(config-if)# standby group authentication md5 key-string [ 0 | 7 ] string

MD5 Authentication with key-chain

Switch(config)# key chain chain-name
Switch(config-keychain)# key key-number
Switch(config-keychain-key)# key-string [ 0 | 7 ] string
Switch(config)# interface type mod/num
Switch(config-if)# standby group authentication md5 key-chain chain-name

Show Command

Router# show standby [brief] [vlan vlan-id | type mod/num ]

Switch-A# show standby vlan 50 brief
                    P indicates configured to preempt.
|
Interface Grp Prio P State Active addr Standby addr Group addr
Vl50 1 200 P Active local 192.168.1.11 192.168.1.1
Vl50 2 100 Standby 192.168.1.11 local 192.168.1.2
Switch-A#
Switch-A# show standby vlan 50
Vlan50 - Group 1
  Local state is Active , priority 200, may preempt
  Hellotime 3 sec, holdtime 10 sec
  Next hello sent in 2.248
  Virtual IP address is 192.168.1.1 configured
  Active router is local
  Standby router is 192.168.1.11 expires in 9.860
  Virtual mac address is 0000.0c07.ac01
  Authentication text "MyKey"
  2 state changes, last state change 00:11:58
  IP redundancy name is "hsrp-Vl50-1" (default)
Vlan50 - Group 2
  Local state is Standby , priority 100
  Hellotime 3 sec, holdtime 10 sec
  Next hello sent in 1.302
  Virtual IP address is 192.168.1.2 configured
  Active router is 192.168.1.11, priority 200 expires in 7.812
  Standby router is local
  Authentication text "MyKey"
  4 state changes, last state change 00:10:04
  IP redundancy name is "hsrp-Vl50-2" (default)
Switch-A#

Properties

Per-Interface Properties

priority

Description: Used in the HSRP router election, the higher one wins
Values: 0 - 255
Default: 100
Command:

Switch(config-if)# standby group priority priority

Example:

Switch(config-if)# standby 1 priority 200

timers

Description: Hello interval
Values:
Default: 3 seconds
Command:

Switch(config-if)# standby group timers [msec] hello [msec] holdtime

Example:

Switch(config-if)# standby 1 timers msec 100 msec 300

preempt

Description: Enable preemption
Values: [Enabled | Disabled]
Default: Disabled
Command:

Switch(config-if)# standby group preempt [delay [minimum seconds] [reload seconds]]

By default, the local router immediately can preempt another router that has the active role. To delay the preemption, use the delay keyword followed by one or both of the following parameters:

Add the minimum keyword to force the router to wait for seconds (0 to 3600 seconds) before attempting to overthrow an active router with a lower priority. This delay time begins as soon as the router is capable of assuming the active role, such as after an interface comes up or after HSRP is configured.
Add the reload keyword to force the router to wait for seconds (0 to 3600 seconds) after it has been reloaded or restarted. This is handy if there are routing protocols that need time to converge. The local router should not become the active gateway before its routing table is fully populated; otherwise, it might not be capable of routing traffic properly.

track

Description: Decrease the interface priority in case of other link failure
Values:
Default: 0
Command:

Switch(config-if)# standby group track type mod/num [ decrementvalue ]

By default, the decrementvalue for an interface is 10.

You can also track a track object

Switch(config-if)# standby group track object-number decrement decrement-value

Example

Configuring an HSRP Group on a Switch

Switch-A(config)# interface vlan 50
Switch-A(config-if)# ip address 192.168.1.10 255.255.255.0
Switch-A(config-if)# standby 1 priority 200
Switch-A(config-if)# standby 1 preempt
Switch-A(config-if)# standby 1 ip 192.168.1.1
Switch-A(config-if)# no shutdown
Switch-B(config)# interface vlan 50
Switch-B(config-if)# ip address 192.168.1.11 255.255.255.0
Switch-B(config-if)# standby 1 priority 100
Switch-B(config-if)# standby 1 preempt
Switch-B(config-if)# standby 1 ip 192.168.1.1
Switch-B(config-if)# no shutdown

Configuring Load Balancing Between HSRP Groups

Switch-A(config)# interface vlan 50
Switch-A(config-if)# ip address 192.168.1.10 255.255.255.0
Switch-A(config-if)# standby 1 priority 200
Switch-A(config-if)# standby 1 preempt
Switch-A(config-if)# standby 1 ip 192.168.1.1
Switch-A(config-if)# standby 1 authentication MyKey
Switch-A(config-if)# standby 2 priority 100
Switch-A(config-if)# standby 2 ip 192.168.1.2
Switch-A(config-if)# standby 2 authentication MyKey
Switch-B(config)# interface vlan 50
Switch-B(config-if)# ip address 192.168.1.11 255.255.255.0
Switch-B(config-if)# standby 1 priority 100
Switch-B(config-if)# standby 1 ip 192.168.1.1
Switch-B(config-if)# standby 1 authentication MyKey
Switch-B(config-if)# standby 2 priority 200
Switch-B(config-if)# standby 2 preempt
Switch-B(config-if)# standby 2 ip 192.168.1.2
Switch-B(config-if)# standby 2 authentication MyKey

HSRP

HSRP

Description

HSRP Router Election

Enabling EIGRP

Tracking Interface

Authentication

Plain-text Authentication

MD5 Authentication

MD5 Authentication with key-chain

Show Command

Properties

Per-Interface Properties

priority

timers

preempt

track

Example

Configuring an HSRP Group on a Switch

Configuring Load Balancing Between HSRP Groups

results matching ""

No results matching ""