This article will provide you the required information to understand what Hot Standby Router Protocol (HSRP) is and how to configure its most common features.

Afterwards, you should be able to complete a lab where you will configure these features. The lab will use a GNS3 simulator. You can download the topology and the initial configuration files. If you haven’t set up GNS3 already and you need guidance to do so, you can use go through this article for initial installation: GNS3 Labs for CCNA: Getting Started

HSRP is one of the First Hop Redundancy Protocol that can be configured on Cisco routers.

HSRP allows transparent failover for end users (hosts). It provides redundancy by allowing multiple routers to be configured with the same virtual IP address. Only one router owns the virtual IP address at any one moment. All the packets are destined to this active router. The other router, the standby, monitors the active router and can take over in case of failure. The takeover can also happen if specific operational conditions are met.

HSRP is meant to be used on multi-access networks like Ethernet.

When HSRP is used, a virtual IP is configured on multiple routers. This virtual IP address is configured as the default gateway on hosts or any other devices that need a default route to get out of the LAN.

HSRP bring the following benefits:

  • High availability – redundancy design
  • Failover – transparent failover of the gateway
  • Pre-emption – ability to take over the active role after the router is back online
  • Authentication – protects HSRP operation against spoofing using MD5. You can use clear text passwords as well.

I have put the topology below so that you will be able to go through the article and understand what is happening without opening the topology file in case you don’t have access to the GNS3 simulator for the moment.

Once you open the topology in GNS3 and start all the routers using the configuration files that you can download along with the topology file, you will see that there is already some configuration present on these routers.

If you intend to use the router configuration files provided, make sure that you have the same path as in the topology file or adapt the topology file to the new path.

The starting points of the lab will be the actual HSRP configuration tasks and hosts IP address configuration.

The diagram is more than self explanatory regarding the IP addressing.

There are few things not displayed on the diagram:

  • The virtual HSRP IP address will be 10.10.12.3.
  • R3 has a loopback interface configured with the IP address 1.1.1.1/32.
  • R1, R2 and R3 are running OSPF protocol so that R1 and R2 can reach the loopback interface of R3, which can reach the hosts from the 10.10.12.0/24 subnet.

This is the routing table of R3:

R3#show ip route | begin Gateway
Gateway of last resort is not set

     1.0.0.0/32 is subnetted, 1 subnets
C       1.1.1.1 is directly connected, Loopback0
     10.0.0.0/24 is subnetted, 3 subnets
O       10.10.12.0 [110/2] via 10.10.23.2, 00:09:46, FastEthernet1/0
                   [110/2] via 10.10.13.1, 00:09:46, FastEthernet0/0
C       10.10.13.0 is directly connected, FastEthernet0/0
C       10.10.23.0 is directly connected, FastEthernet1/0
R3#

And this is the routing table of R1, which is almost identical with the one from R2:

R1#show ip route | begin Gateway
Gateway of last resort is not set

     1.0.0.0/32 is subnetted, 1 subnets
O       1.1.1.1 [110/2] via 10.10.13.3, 00:11:34, FastEthernet1/0
     10.0.0.0/24 is subnetted, 3 subnets
C       10.10.12.0 is directly connected, FastEthernet0/0
C       10.10.13.0 is directly connected, FastEthernet1/0
O       10.10.23.0 [110/2] via 10.10.13.3, 00:11:34, FastEthernet1/0
                   [110/2] via 10.10.12.2, 00:11:34, FastEthernet0/0
R1#

Before you can configure the hosts, you should know that they are emulated using a lightweight version of Linux. You can download it here http://sourceforge.net/projects/gns-3/files/Qemu%20Appliances/linux-microcore-3.8.2.img. Once you’ve downloaded it, you need to configure GNS3. Go to Edit – Preferences – Qemu. You should have something similar to this. Keep in mind that path location might be different based on where you decided to store the Linux image.

Once you have configured Qemu, you can start the hosts (PC_1, PC_2 and PC_3) as well. If you are prompted for login credentials, use ‘tc’ as username and you will be able to login without a password.

Because by default, you don’t have any IP configuration on the hosts’ interfaces, you need to configure them. Use this command to configure PC_1. Repeat the same step for all the other hosts and make the appropriate changes to the IP address configurations:

sudo ifconfig eth0 10.10.12.101 netmask 255.255.255.0

Once you configured this, you should be able to ping R1 or R2:

However, this is not all. A host needs to have a default gateway and this will be the virtual HSRP IP address, 10.10.12.3. This is how you configure the default gateway on Linux and check the routing table:

sudo route add default gw 10.10.12.3 eth0

Once you configure the IP address on all hosts as well as the default route, you are good to go in configuring HSRP on R1 and R2.

You can paste this configuration on R1 to configure it as HSRP active:

R1#show running-config interface f0/0
Building configuration...

Current configuration : 258 bytes
!
interface FastEthernet0/0
 ip address 10.10.12.1 255.255.255.0
 duplex auto
 speed auto
 standby 1 ip 10.10.12.3
 standby 1 priority 105
 standby 1 preempt
 standby 1 authentication cisco-hs
 standby 1 name HSRP_GROUP
 standby 1 track FastEthernet1/0
end

R1#

And this is the configuration from R2:

R2#show running-config interface f0/0
Building configuration...

Current configuration : 234 bytes
!
interface FastEthernet0/0
 ip address 10.10.12.2 255.255.255.0
 duplex auto
 speed auto
 standby 1 ip 10.10.12.3
 standby 1 preempt
 standby 1 authentication cisco-hs
 standby 1 name HSRP_GROUP
 standby 1 track FastEthernet1/0
end

R2#

Let’s check the operational status of HSRP on R1:

R1#show standby
FastEthernet0/0 - Group 1
  State is Active
    2 state changes, last state change 00:05:28
  Virtual IP address is 10.10.12.3
  Active virtual MAC address is 0000.0c07.ac01
    Local virtual MAC address is 0000.0c07.ac01 (v1 default)
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 1.632 secs
  Authentication text "cisco-hs"
  Preemption enabled
  Active router is local
  Standby router is 10.10.12.2, priority 100 (expires in 8.252 sec)
  Priority 105 (configured 105)
    Track interface FastEthernet1/0 state Up decrement 10
  IP redundancy name is "HSRP_GROUP" (cfgd)
R1#

As you can see, the active router is local with the priority of 105 and the standby (backup) is 10.10.12.2 (R2).

Pre-emption is enabled, which means that if R1 goes through a reboot, it will assume the active role when it goes online again.

The authentication is clear text and the password is cisco-hs.

The default timers are used: hello timer is 3 seconds and hold timer is 10 seconds.

The virtual MAC is 0000.0c07.ac01 and this will be the MAC address that will resolve the ARP for the default gateway of 10.10.12.3 on the hosts:

You might have noticed that there is a track configuration stanza under the interface:

standby 1 track FastEthernet1/0

And also noticed this when the HSRP state was checked:

Track interface FastEthernet1/0 state Up decrement 10

This means that HSRP is monitoring the state of interface F1/0. If the interface goes down, then the priority of HSRP will be decreased by 10. This will allow R2 to take the active role and be the physical gateway of the hosts.

In our example, if the hosts want to reach 1.1.1.1 IP address from R3, they will not be able to do it if the interface F1/0 from R1 is down.

Let’s shutdown the interface F1/0 from R1 and confirm that R1 will transition to standby role while R2 gets the active role:

R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#interface F1/0
R1(config-if)#shut
R1(config-if)#end
R1#
*Mar  1 01:16:24.131: %OSPF-5-ADJCHG: Process 1, Nbr 10.10.23.3 on FastEthernet1/0 from FULL to DOWN, Neighbor Down: Interface down or detached
*Mar  1 01:16:24.323: %HSRP-5-STATECHANGE: FastEthernet0/0 Grp 1 state Active -> Speak
*Mar  1 01:16:24.519: %SYS-5-CONFIG_I: Configured from console by console
R1#
*Mar  1 01:16:26.111: %LINK-5-CHANGED: Interface FastEthernet1/0, changed state to administratively down
*Mar  1 01:16:27.111: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0, changed state to down
*Mar  1 01:16:34.323: %HSRP-5-STATECHANGE: FastEthernet0/0 Grp 1 state Speak -> Standby
R1#

R1#show standby
FastEthernet0/0 - Group 1
  State is Standby
    4 state changes, last state change 00:00:08
  Virtual IP address is 10.10.12.3
  Active virtual MAC address is 0000.0c07.ac01
    Local virtual MAC address is 0000.0c07.ac01 (v1 default)
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 0.684 secs
  Authentication text "cisco-hs"
  Preemption enabled
  Active router is 10.10.12.2, priority 100 (expires in 7.408 sec)
  Standby router is local
  Priority 95 (configured 105)
    Track interface FastEthernet1/0 state Down decrement 10
  IP redundancy name is "HSRP_GROUP" (cfgd)
R1#

And R2 is active:

R2#show standby
FastEthernet0/0 - Group 1
  State is Active
    2 state changes, last state change 00:01:48
  Virtual IP address is 10.10.12.3
  Active virtual MAC address is 0000.0c07.ac01
    Local virtual MAC address is 0000.0c07.ac01 (v1 default)
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 2.664 secs
  Authentication text "cisco-hs"
  Preemption enabled
  Active router is local
  Standby router is 10.10.12.1, priority 95 (expires in 6.992 sec)
  Priority 100 (default 100)
    Track interface FastEthernet1/0 state Up decrement 10
  IP redundancy name is "HSRP_GROUP" (cfgd)
R2#

The final confirmation that everything is working as designed would be to test reachability between one host and the IP address from R3 loopback interface:

HSRP is pretty straightforward to configure and most of the problems are due to hello packets not reaching the other router. Most likely, such as in our case, the two routers have L2 reachability through a switch. If the hellos do not reach the other router, then you should check for connectivity problems on the middle switch.

References

  1. Hot Standby Router Protocol Features and Functionality (link to http://www.cisco.com/c/en/us/support/docs/ip/hot-standby-router-protocol-hsrp/9234-hsrpguidetoc.html#background)
  2. Configuring HSRP (http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp_fhrp/configuration/12-4/fhp-12-4-book/fhp-hsrp.html)