HSRP

1. Introduction to HSRP

🔍 What is HSRP?

In the previous course, you learned the importance of First Hop Redundancy Protocols (FHRPs) in ensuring network reliability and availability. Now, we’ll explore HSRP (Hot Standby Router Protocol), one of the most widely used FHRPs developed by Cisco. HSRP provides redundancy for your network’s default gateway, ensuring continuous connectivity even if a router fails.

By the end of this course, you’ll understand how HSRP works, its roles, and how to configure it effectively in a network.

2. HSRP Group

🔍 Understanding HSRP Groups

HSRP organizes routers into logical units called HSRP groups, identified by a unique group number. These groups work together to share a virtual gateway address that devices on the network can use.

🔹 HSRP Group Example

In our example, we’ll group Router R1 and Router R2 into HSRP Group 1.

Once you decide which routers belong to the same HSRP group, you assign a Virtual IP Address (VIP) that acts as the gateway address.

3. HSRP VIP

🔍 Virtual IP Address (VIP) Assignment

The VIP is the IP address shared by the HSRP group and it serves as the default gateway for devices in the network. End devices use this VIP to communicate with devices outside their subnet.

🔹 Assigning the VIP

In our network (192.168.10.0/24), we assign the VIP 192.168.10.3 for HSRP Group 1. Hosts in this network will use 192.168.10.3 as their default gateway.

🔹 Configuration Example

Here’s how to configure the VIP for HSRP Group 1 on R1 and R2:

R1 Configuration:

R1(config)# interface g0/0
R1(config-if)# ip address 192.168.10.1 255.255.255.0
R1(config-if)# standby 1 ip 192.168.10.3

R2 Configuration:

R2(config)# interface g0/0
R2(config-if)# ip address 192.168.10.2 255.255.255.0
R2(config-if)# standby 1 ip 192.168.10.3

Key Notes:

  • standby initiates HSRP.
  • 1 represents the HSRP group number.
  • The ip command sets the Virtual IP Address (VIP).

4. HSRP Roles

🔍 Active and Standby Routers

In every HSRP group, routers are assigned specific roles to ensure network redundancy and reliability.

🔹 Active Router

The Active Router is responsible for managing traffic destined for the Virtual IP Address (VIP). It:

  • Responds to ARP requests for the VIP.
  • Handles all traffic from devices using the VIP as their default gateway.

🔹 Standby Router

The Standby Router acts as a backup. It:

  • Monitors the Active Router by exchanging Hello packets.
  • Takes over as the Active Router if the current Active Router fails.

🔹 Assigning Roles

For this course, we will configure:

  • R1 as the Active Router: R1 will handle the network traffic under normal conditions.
  • R2 as the Standby Router: R2 will monitor R1 and take over in case of failure.

In the next section, we will explore how to configure these roles effectively.

5. HSRP Election Process

🔍 How Active and Standby Roles Are Elected

As you learn about HSRP, a common question might come to mind:

This is an excellent question and the answer is straightforward.

The election of Active and Standby routers in HSRP is determined by two key parameters:

🔹 1. Priority

The router with the highest priority is elected as the Active Router.

  • By default, all routers have a priority of 100, but this can be manually adjusted to influence the election.
  • The priority value ranges from 0 to 255, with 255 being the highest possible priority.

Configuring priority allows you to designate specific routers for the Active and Standby roles

🔹 2. Highest IP Address

  • If two or more routers have the same priority, the router with the highest IP address on the HSRP interface is elected as the Active Router.

This acts as a tiebreaker when priority values are identical.

🔹 Configuring Active and Standby Roles

To designate R1 as the Active Router and R2 as the Standby Router, you need to adjust their priority values. This ensures R1 takes the Active role while R2 remains on standby, ready to take over in case of a failure.

R1 Configuration (Active Router):

R1(config)# interface g0/0
R1(config-if)# ip address 192.168.10.1 255.255.255.0
R1(config-if)# standby 1 ip 192.168.10.3
R1(config-if)# standby 1 priority 110
  1. interface g0/0: Specifies the interface to configure.
  2. ip address 192.168.10.1 255.255.255.0: Assigns an IP address and subnet mask to the interface.
  3. standby 1 ip 192.168.10.3: Configures the HSRP group (1) and assigns the Virtual IP (VIP) 192.168.10.3.
  4. standby 1 priority 110: Sets the HSRP priority to 110, ensuring R1 becomes the Active Router.

R2 Configuration (Standby Router):

R2(config)# interface g0/0
R2(config-if)# ip address 192.168.10.2 255.255.255.0
R2(config-if)# standby 1 ip 192.168.10.3
R2(config-if)# standby 1 priority 100
  1. interface g0/0: Specifies the interface to configure.
  2. ip address 192.168.10.2 255.255.255.0: Assigns an IP address and subnet mask to the interface.
  3. standby 1 ip 192.168.10.3: Configures the HSRP group (1) and assigns the Virtual IP (VIP) 192.168.10.3.
  4. standby 1 priority 100: Sets the HSRP priority to 100, ensuring R2 becomes the Standby Router.

6. HSRP States

🔍 Understanding HSRP States

HSRP routers transition through several states to determine their roles within the group, ultimately deciding which router will become the Active Router and which will become the Standby Router.

In this setup with two routers:

  • R1 will transition to the Active State, becoming the primary router responsible for forwarding traffic.
  • R2 will move to the Standby State, ready to take over if R1 becomes unavailable.

7. HSRP Versions

🔍 HSRP Version Differences

HSRP has two main versions: HSRPv1 and HSRPv2. Each version has distinct characteristics in terms of addresses, compatibility, and scalability.

🔹 HSRP Version 1 (HSRPv1)

  • Virtual MAC Address: 0000.0C07.ACxx
    • xx represents the group number in hexadecimal (e.g., AC0A for group 10).
  • Multicast Address: 224.0.0.2 (used for hello packets).
  • Group Limit: Supports up to 256 groups (0–255).

🔹 HSRP Version 2 (HSRPv2)

  • Virtual MAC Address: 0000.0C9F.Fxxx
    • xxx represents the group number in hexadecimal (e.g., F1F4 for group 500).
  • Multicast Address: 224.0.0.102 (less prone to conflicts).
  • Group Limit: Supports up to 4096 groups.
  • IPv6 Support: Fully supported, ideal for modern dual-stack networks.

🔹 Changing HSRP Version

To configure or change the HSRP version on an interface, use the following command in global configuration mode:

Router(config)# interface 
Router(config-if)# standby version <1 | 2>
  • Replace <interface-id> with the interface you are configuring (GigabitEthernet0/1).
  • Replace <1 | 2> with the desired HSRP version.

Version Compatibility

All routers within the same HSRP group must use the same HSRP version. A version mismatch will prevent communication and disable group functionality. Always verify version settings to ensure proper operation.

8. HSRP Hello and Hold Timers

🔍 Understanding Hello and Hold Timers

HSRP routers use Hello packets to maintain communication and monitor the status of peers within the group. These timers play a vital role in detecting failures !

🔹 Hello Timer

  • Determines how often Hello packets are sent.
  • Default value: 3 seconds.

🔹 Hold Timer

  • Specifies the duration a router waits without receiving Hello packets before declaring the peer as failed.
  • Default value: 10 seconds.

🔹 Customizing the Timers

For networks requiring faster failover, you can configure shorter Hello and Hold timers. Here’s how you can do it on R1:

R1(config)# interface g0/0
R1(config-if)# standby 1 timers 1 3
  • Hello Timer: 1 second.
  • Hold Timer: 3 seconds.

🔹 Verifying Timer Configuration

After setting the timers, use the show standby command to verify:

R1# show standby
GigabitEthernet0/0 - Group 1
  State is Active
  Hello time 1 sec, hold time 3 sec
  Virtual IP address is 192.168.10.3
  Active router is local
  Standby router is 192.168.10.2

These timers ensure quicker detection and failover in the event of a router failure.

9. HSRP Failover

🔍 Understanding Failover in HSRP

Failover occurs when the Active Router becomes unavailable. The Standby Router then transitions into the active state.

🔹 Failover Process

  1. The Active Router fails and stops sending Hello packets (due to an power failure).

2. The Standby Router detects the absence of Hello packets and wait until the Hold Timer expires.

  1. The Standby Router transitions into the Active Router role.
  2. The new Active Router sends a Gratuitous ARP (GARP) to update the ARP caches of connected devices, ensuring traffic continues to the VIP.

Failover is completely transparent to hosts on the network, as they continue using the same VIP (192.168.10.3) as their default gateway.

🔹 Logs During Failover

When a router transitions to the Active role, the following log entry appears on R2:

%HSRP-5-STATECHANGE: GigabitEthernet0/0 Grp 1 Standby -> Active

Failover is transparent to network hosts, as they continue using the same VIP as their gateway.

10. Preemption

🔍 Understanding Preemption

Preemption is a feature that ensures the router with the highest priority always becomes the Active Router when it’s available.

Imagine this situation:

You have two routers:

  • R1 with a priority of 150 (currently the Active Router)
  • R2 with a priority of 100 (currently the Standby Router)

If R1 fails, R2 will take over as the Active Router after the hold timer expires.

Now, here’s something important: by default, when R1 comes back online, it will not automatically reclaim its role as the Active Router even though it has a higher priority.

This default behavior occurs because Preemption is not enabled.

Here you can see the process:

🔍 What Happens When Preemption is Enabled?

When we enable Preemption on R1, things change:

  • As soon as R1 recovers, it will automatically reclaim its role as the Active Router because it has a higher priority than R2.

You can see the process below:

🔹 Enabling Preemption

Here’s how you can configure Preemption:

R1(config)# interface g0/0
R1(config-if)# standby 1 preempt

With Preemption enabled, you can ensure that the router with the highest priority is always the active router when the router comes back online.

📢 Reminder: Preemption is enabled on a router basis!

11. HSRP Load Balancing

HSRP, or Hot Standby Router Protocol, is typically used to ensure network redundancy. One router actively forwards traffic, while the other is on standby, ready to take over if the active router fails. However, HSRP can also be configured to perform load balancing, where traffic is distributed between routers for better resource utilization.

🔍 Understanding HSRP Load Balancing

Let’s explore how this works: instead of having one router always active and the other on standby, you can assign different routers as active for specific parts of the network.

For example, one router might handle traffic for VLAN 10, while another manages traffic for VLAN 20. This way, both routers are actively used, reducing the load on each.

For your CCNA, it’s important to understand that HSRP can be used for load balancing by creating multiple HSRP groups. Each group is responsible for specific traffic, ensuring both routers contribute to the network.

📢 You don’t need to configure this in detail for the exam—just focus on the concept!

12. HSRP Interface Tracking

🔍 HSRP Interface Tracking ensures high availability by dynamically adjusting router priorities when a critical interface fails. This feature allows HSRP to transfer the role of Active Router to the Standby Router, maintaining uninterrupted connectivity.

Step 1 : Traffic Flow Through R1 (Active Router)

Imagine this scenario:

  • R1 is the Active Router in the HSRP group, responsible for forwarding all traffic to the internet.
  • Devices in the network use the Virtual IP Address (VIP) assigned to the HSRP group as their default gateway.
  • The link between R1 and the internet is operational, ensuring smooth and uninterrupted traffic flow.

Step 2: R1 WAN Link Failure

⚠️ When the link between R1 and the internet fails:

  • R1 remains the Active Router, but it can no longer forward traffic because its WAN link is down.
  • Devices continue sending traffic to the VIP, but this traffic is blocked at R1, causing a network outage.
  • Without Interface Tracking, this failure creates a Single Point of Failure in the network.

Step 3: Traffic Redirected to R2 with Interface Tracking

🛠️ R1 Configuration:

interface GigabitEthernet0/0
 ip address 192.168.10.1 255.255.255.0
 standby 1 ip 192.168.10.3
 standby 1 priority 110
 standby 1 track GigabitEthernet0/1 decrement 20

🛠️ R2 Configuration:

interface GigabitEthernet0/0
 ip address 192.168.10.2 255.255.255.0
 standby 1 ip 192.168.10.3
 standby 1 priority 100

Now, consider the same scenario with Interface Tracking enabled:

How it works:

  • HSRP detects the failure on R1’s critical interface.
  • R1’s priority is automatically reduced (from 110 to 90).
  • The reduction in priority allows R2 to take over as the Active Router.
  • Devices continue using the VIP as their default gateway, but traffic is now forwarded through R2, ensuring uninterrupted connectivity.

13. Conclusion

HSRP ensures gateway redundancy by electing an Active Router and a Standby Router, providing seamless failover in case of failure. Key points to remember:

VIP for redundancy – Devices always use the same gateway.
Priority-based election – Highest priority (or IP) determines the Active Router.
Automatic failover – The Standby Router takes over instantly.
Preemption – The highest-priority router reclaims its role when back online.
Interface Tracking – Adjusts priority dynamically to prevent traffic black holes.

Administrative Distance