In this post, I would like to show you how to configure HSRP on your Cisco router or switch.
HSRP stands for Hot Standby Router Protocol and it is a Cisco proprietary protocol. Therefore, you will be able to use it in your environment only if all your devices are Cisco devices. If you have devices from different vendors, you can use VRRP for the same purposes. In a future post, I will show you how to configure VRRP. If you want to follow along, download Packet Tracer and replicate the same lab. You can find more details about Packet Tracer here.
Table of Contents
You may ask yourself why you need HSRP. As you know, in order for any device to reach the Internet and exit from the local area network, it needs to have a default gateway configured. Usually the default gateway is a router. If the router is down, you will not be able to send traffic outside of your LAN.
In order to increase the resilience within your network, you can add a second default gateway. However, as you may know, you cannot configure 2 default gateways on your OS (operating system). In order to mitigate this issue and have a redundant default gateway you need to configure some sort of FHRP (First Hop Redunancy Protocol).
Cisco devices support 3 such protocols:
- HSRP – Hot Standby Router Protocol
- VRRP – Virtual Router Redundancy Protocol
- GLBP – Gateway Load Balancing Protocol
FHRP is the generic term used for these protocols.
Here is the network topology that I use in my lab.
Configure HSRP on router R2
I will start to configure HSRP on router R2.
You need to identify the interface on which you will configure HSRP. You need to add the following configuration in the interface configuration mode.
R2#conf term
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#int gig0/1
R2(config-if)#stan
R2(config-if)#standby 10 ?
authentication Authentication
follow Name of HSRP group to follow
ip Enable HSRP IPv4 and set the virtual IP address
ipv6 Enable HSRP IPv6
mac-address Virtual MAC address
name Redundancy name string
preempt Overthrow lower priority Active routers
priority Priority level
timers Hello and hold timers
track Priority tracking
R2(config-if)#standby 10 ip 172.16.10.1
R2(config-if)#standby pree
R2(config-if)#standby preempt
R2(config-if)#sta
R2(config-if)#standby prio
R2(config-if)#standby priority 120
R2(config-if)#
The command standby 10 ip 172.16.10.1 enables HSRP IPv4 and sets the virtual IP address which will serve as the default gateway for our hosts.
The command standby preempt enables the router with the highest priority to immediately become the Active router.
With the command standby priority, you specify the priority for this interface. The default priority is 100.
Configure HSRP on swtich SW3750
Now you need to configure HSRP on your second device. In my case, I need to add the configuration on switch SW3750. As you can see, HSRP can be configured on routers as well as on multilayer switches.
Add the following commands on your second device. The switch will act as the backup gateway.
SW3750#conf term
Enter configuration commands, one per line. End with CNTL/Z.
SW3750(config)#int gig3/0/20
SW3750(config-if)#standby 10 ip 172.16.10.1
SW3750(config-if)#standby 10 preempt
SW3750(config-if)#end
SW3750#
Verify that HSRP is running as it should
After you finish the configuration, you need to check that the HSRP is running on your devices.
You can use the following commands for verification.
R2:
R2#show standby
GigabitEthernet0/1 - Group 10
State is Active
11 state changes, last state change 00:19:51
Virtual IP address is 172.16.10.1
Active virtual MAC address is 0000.0c07.ac0a
Local virtual MAC address is 0000.0c07.ac0a (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.384 secs
Preemption enabled
Active router is local
Standby router is 172.16.10.3, priority 100 (expires in 7.552 sec)
Priority 110 (configured 110)
Track object 1 state Up decrement 30
Group name is "hsrp-Gi0/1-10" (default)
R2# 
R2#show standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Gi0/1 10 110 P Active local 172.16.10.3 172.16.10.1
R2#
The HSRP is active on interface Gi0/1. The virtual IP address is 172.16.10.1 The active router is the R2 which has the IP address 172.16.10.2. Preemption is enabled.
The standby router is the switch with the IP address 172.16.10.3.
SW3750:
SW3750#show standby
GigabitEthernet3/0/20 - Group 10
State is Standby
7 state changes, last state change 00:25:18
Virtual IP address is 172.16.10.1
Active virtual MAC address is 0000.0c07.ac0a
Local virtual MAC address is 0000.0c07.ac0a (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.280 secs
Preemption enabled
Active router is 172.16.10.2, priority 110 (expires in 7.735 sec)
Standby router is local
Priority 100 (default 100)
IP redundancy name is "hsrp-Gi3/0/20-10" (default)
SW3750#show standby brief
P indicates configured to preempt.
|
Interface Grp Prio P State Active Standby Virtual IP
Gi3/0/20 10 100 P Standby 172.16.10.2 local 172.16.10.1
SW3750#
Check the connectivity from the end host
After you confirmed that the HSRP is running on both devices, let’s check the connectivity to the Internet from the end host device. In my case, I will test the connectivity from a Windows machine.
To check the IP address and default gateway for the Windows machine, run the command ipconfig.
C:\Users\Petru Gulian>ipconfig
Windows IP Configuration
Ethernet adapter Ethernet0:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::c594:2b67:976:a68%4
IPv4 Address. . . . . . . . . . . : 172.16.10.100
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 172.16.10.1
Ethernet adapter Bluetooth Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
C:\Users\Petru Gulian>ping 8.8.8.8
Pinging 8.8.8.8 with 32 bytes of data:
Reply from 8.8.8.8: bytes=32 time=1ms TTL=254
Reply from 8.8.8.8: bytes=32 time=1ms TTL=254
Reply from 8.8.8.8: bytes=32 time=1ms TTL=254
Reply from 8.8.8.8: bytes=32 time=2ms TTL=254
Ping statistics for 8.8.8.8:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 2ms, Average = 1ms
C:\Users\Petru Gulian>To check the connectivity to the Internet, run the command ping 8.8.8.8.
As you can see, the default gateway for the Windows machine is 172.16.10.1 and there is connectivity to the Internet.
Let’s check the path whereby the packets are flowing to the address 8.8.8.8.
Run the command tracert 8.8.8.8
C:\Users\Petru Gulian>tracert 8.8.8.8
Tracing route to 8.8.8.8 over a maximum of 30 hops
1 1 ms <1 ms <1 ms 172.16.10.2
2 1 ms 1 ms <1 ms 8.8.8.8
Trace complete.
C:\Users\Petru Gulian>
Simulate an interface failure on router R2
Let’s simulate a failure in our environment. I will shut down the interface Gi0/1.
R2:
R2#conf term
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#int gig0/1
R2(config-if)#shut
R2(config-if)#end
R2#
*Sep 10 14:33:49.759: %LINK-5-CHANGED: Interface GigabitEthernet0/1, changed state to administratively down
*Sep 10 14:33:49.979: %SYS-5-CONFIG_I: Configured from console by console
*Sep 10 14:33:50.759: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to down
R2#show standb
R2#show standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Gi0/1 10 110 P Init unknown unknown 172.16.10.1
R2#
SW3750:
SW3750#show standby brief
P indicates configured to preempt.
|
Interface Grp Prio P State Active Standby Virtual IP
Gi3/0/20 10 100 P Active local unknown 172.16.10.1
SW3750#
As you can see from the above output, the switch is acting as the active router. It is serving the IP address 172.16.10.1 instead of the router R2.
Let’s check the connectivity from the Windows host.
The Windows machine is able to reach the Internet. The traffic is flowing through the switch at the moment. If we hadn’t configured HSRP in our environment, the Windows machine would have lost the access to the Internet.
Check if the router is taking back the active role after the interface issue is resolved
Now, let’s check if the router R2 is taking back the active role after the interface issue is resolved. Because we configured the preemtion, it should take back its active role.
R2#conf term
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#int gig0/1
R2(config-if)#no shut
R2(config-if)#
*Sep 10 14:43:30.415: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to down
R2(config-if)#
*Sep 10 14:43:34.643: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to up
*Sep 10 14:43:35.643: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to up
R2(config-if)#end
R2#sho
*Sep 10 14:43:45.959: %SYS-5-CONFIG_I: Configured from console by consolew
R2#show standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Gi0/1 10 110 P Speak unknown unknown 172.16.10.1
R2#
*Sep 10 14:43:57.015: %HSRP-5-STATECHANGE: GigabitEthernet0/1 Grp 10 state Standby -> Active
R2#show standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Gi0/1 10 110 P Active local 172.16.10.3 172.16.10.1
R2#
Let’s confirm that the Windows machine is using the path through the router R2.
We have the confirmation that the Windows machine is reaching the Internet through the router R2.
I hope you find this post useful. Share it on your social media channels so that other people can read it too.