Configure HSRP

Configuring HSRP

These sections include HSRP configuration information:

•Default HSRP Configuration

•Enabling HSRP

•Configuring HSRP Group Attributes

•Configuring HSRP Groups and Clustering

In the following procedures, the specified interface must be one of these Layer 3 interfaces:

•Routed port: a physical port configured as a Layer 3 port by entering the no switchport interface configuration command.

•SVI: a VLAN interface created by using the interface vlan vlan_id global configuration command and by default a Layer 3 interface.

•Etherchannel port channel in Layer 3 mode: a port-channel logical interface created by using the interface port-channel port-channel-number global configuration command and binding the Ethernet interface into the channel group. For more information,

All Layer 3 interfaces must have IP addresses assigned to them.

Default HSRP Configuration

Table 31-1 shows the default HSRP configuration.

Table 31-1 Default HSRP Configuration

Feature	Default Setting
HSRP groups	None configured
Standby group number	0
Standby MAC address	System assigned as: 0000.0c07.acXX, where XX is the HSRP group number
Standby priority	100
Standby delay	0 (no delay)
Standby track interface priority	10
Standby hello time	3 seconds
Standby holdtime	10 seconds

Enabling HSRP

The standby ip interface configuration command activates HSRP on the configured interface. If an IP address is specified, that address is used as the designated address for the Hot Standby group. If no IP address is specified, the address is learned through the standby function. You must configure at least one routing port on the cable with the designated address. Configuring an IP address always overrides another designated address currently in use.

When the standby ip command is enabled on an interface and proxy ARP is enabled, if the interface's Hot Standby state is active, proxy ARP requests are answered using the Hot Standby group MAC address. If the interface is in a different state, proxy ARP responses are suppressed.

Beginning in privileged EXEC mode, follow these steps to create or enable HSRP on a Layer 3 interface:

	Command	Purpose
Step 1	configure terminal	Enter global configuration mode.
Step 2	interfaceinterface-id	Enter interface configuration mode, and enter the Layer 3 interface on which you want to enable HSRP.
Step 3	standby[group-number] ip[ip-address[secondary]]	Create (or enable) the HSRP group using its number and virtual IP address. •(Optional) group-number—The group number on the interface for which HSRP is being enabled. The range is 0 to 255; the default is 0. If there is only one HSRP group, you do not need to enter a group number. •(Optional on all but one interface) ip-address—The virtual IP address of the hot standby router interface. You must enter the virtual IP address for at least one of the interfaces; it can be learned on the other interfaces. •(Optional) secondary—The IP address is a secondary hot standby router interface. If neither router is designated as a secondary or standby router and no priorities are set, the primary IP addresses are compared and the higher IP address is the active router, with the next highest as the standby router.
Step 4	end	Return to privileged EXEC mode.
Step 5	show standby[interface-id[group]]	Verify the configuration.
Step 6	copy running-config startup-config	(Optional) Save your entries in the configuration file.

Use the no standby [group-number] ip [ip-address] interface configuration command to disable HSRP.

This example shows how to activate HSRP for group 1 on Gigabit Ethernet interface 0/1. The IP address used by the hot standby group is learned by using HSRP.

Switch# configure terminal

Switch(config)# interface gigabitethernet0/1

Switch(config-if)# standby 1 ip

Switch(config-if)# end

Switch# show standby

Configuring HSRP Group Attributes

Although HSRP can run with no other configuration required, you can configure attributes for the HSRP group, including authentication, priority, preemption and preemption delay, timers, or MAC address.

Configuring HSRP Priority

The standby priority, standby preempt, and standby track interface configuration commands are all used to set characteristics for determining active and standby routers and behavior regarding when a new active router takes over. When configuring priority, follow these guidelines:

•Assigning priority helps select the active and standby routers. If preemption is enabled, the router with the highest priority becomes the designated active router. If priorities are equal, the primary IP addresses are compared, and the higher IP address has priority.

•The highest number (1 to 255) represents the highest priority (most likely to become the active router).

•When setting the priority, preempt, or both, you must specify at least one keyword (priority, preempt, or both).

•The priority of the device can change dynamically if an interface is configured with the standby track command and another interface on the router goes down.

•The standby track interface configuration command ties the router hot standby priority to the availability of its interfaces and is useful for tracking interfaces that are not configured for HSRP. When a tracked interface fails, the hot standby priority on the device on which tracking has been configured decreases by 10. If an interface is not tracked, its state changes do not affect the hot standby priority of the configured device. For each interface configured for hot standby, you can configure a separate list of interfaces to be tracked.

•The standby track interface-priority interface configuration command specifies how much to decrement the hot standby priority when a tracked interface goes down. When the interface comes back up, the priority is incremented by the same amount.

•When multiple tracked interfaces are down and interface-priority values have been configured, the configured priority decrements are cumulative. If tracked interfaces that were not configured with priority values fail, the default decrement is 10, and it is noncumulative.

•When routing is first enabled for the interface, it does not have a complete routing table. If it is configured to preempt, it becomes the active router, even though it is unable to provide adequate routing services. To solve this problem, configure a delay time to allow the router to update its routing table.

Beginning in privileged EXEC mode, use one or more of these steps to configure HSRP priority characteristics on an interface:

	Command	Purpose
Step 1	configure terminal	Enter global configuration mode.
Step 2	interface interface-id	Enter interface configuration mode, and enter the HSRP interface on which you want to set priority.
Step 3	standby [group-number] priority priority [preempt [delay delay]]	Set a priority value used in choosing the active router. The range is 1 to 255; the default priority is 100. The highest number represents the highest priority. •(Optional) group-number—The group number to which the command applies. •(Optional) preempt—Select so that when the local router has a higher priority than the active router, it assumes control as the active router. •(Optional) delay—Set to cause the local router to postpone taking over the active role for the shown number of seconds. The range is 0 to 36000 (1 hour); the default is 0 (no delay before taking over). Use the no form of the command to restore the default values.
Step 4	standby [group-number] [prioritypriority] preempt [delaydelay]	Configure the router to preempt, which means that when the local router has a higher priority than the active router, it assumes control as the active router. •(Optional) group-number—The group number to which the command applies. •(Optional) priority—Enter to set or change the group priority. The range is 1 to 255; the default is 100. •(Optional) delay—Set to cause the local router to postpone taking over the active role for the number of seconds shown. The range is 0 to 36000 (1 hour); the default is 0 (no delay before taking over). Use the no form of the command to restore the default values.
Step 5	standby [group-number] track type number [interface-priority]	Configure an interface to track other interfaces so that if one of the other interfaces goes down, the device's Hot Standby priority is lowered. •(Optional) group-number—The group number to which the command applies. •type—Enter the interface type (combined with interface number) that is tracked. •number—Enter the interface number (combined with interface type) that is tracked. •(Optional) interface-priority—Enter the amount by which the hot standby priority for the router is decremented or incremented when the interface goes down or comes back up. The default value is 10.
Step 6	end	Return to privileged EXEC mode.
Step 7	show running-config	Verify the configuration of the standby groups.
Step 8	copy running-config startup-config	(Optional) Save your entries in the configuration file.

Use the no standby [group-number] priority priority [preempt [delay delay]] and no standby [group-number] [priority priority] preempt [delay delay] interface configuration commands to restore default priority, preempt, and delay values.

Use the no standby [group-number] track type number [interface-priority] interface configuration command to remove the tracking.

This activates Gigabit Ethernet interface 0/1, sets an IP address and a priority of 120 (higher than the default value), and waits for 300 seconds (5 minutes) before attempting to become the active router:

Switch# configure terminal

Switch(config)# interface gigabitethernet0/1

Switch(config-if)# standby ip 172.19.108.254

Switch(config-if)# standby priority 120 preempt delay 300

Switch(config-if)# end

Switch# 

Configuring HSRP Authentication and Timers

You can optionally configure an HSRP authentication string or change the hello-time interval and holdtime.

When configuring these attributes, follow these guidelines:

•The authentication string is sent unencrypted in all HSRP messages. You must configure the same authentication string on all routers and access servers on a cable to ensure interoperation. Authentication mismatch prevents a device from learning the designated Hot Standby IP address and timer values from other routers configured with HSRP.

•Routers or access servers on which standby timer values are not configured can learn timer values from the active or standby router. The timers configured on an active router always override any other timer settings.

•All routers in a Hot Standby group should use the same timer values. Normally, the holdtime is greater than or equal to 3 times the hellotime.

Beginning in privileged EXEC mode, use one or more of these steps to configure HSRP authentication and timers on an interface:

	Command	Purpose
Step 1	configure terminal	Enter global configuration mode.
Step 2	interface interface-id	Enter interface configuration mode, and enter the HSRP interface on which you want to set authentication.
Step 3	standby [group-number]authentication string	(Optional) authentication string—Enter a string to be carried in all HSRP messages. The authentication string can be up to eight characters in length; the default string is cisco. (Optional) group-number—The group number to which the command applies.
Step 4	standby [group-number] timershellotime holdtime	(Optional) Configure the time between hello packets and the time before other routers declare the active router to be down. •group-number—The group number to which the command applies. •hellotime—The hello interval in seconds. The range is from 1 to 255; the default is 3 seconds. •holdtime—The time in seconds before the active or standby router is declared to be down. The range is from 1 to 255; the default is 10 seconds.
Step 5	end	Return to privileged EXEC mode.
Step 6	show running-config	Verify the configuration of the standby groups.
Step 7	copy running-config startup-config	(Optional) Save your entries in the configuration file.

Use the no standby [group-number] authentication string interface configuration command to delete an authentication string. Use the no standby [group-number] timers hellotime holdtime interface configuration command to restore timers to their default values.

This example shows how to configure word as the authentication string required to allow Hot Standby routers in group 1 to interoperate:

Switch# configure terminal

Switch(config)# interface gigabitethernet0/1

Switch(config-if)# standby 1 authentication word

Switch(config-if)# end

Switch# 

This example shows how to set the timers on standby group 1 with the time between hello packets at 5 seconds and the time after which a router is considered down to be 15 seconds:

Switch# configure terminal

Switch(config)# interface gigabitethernet0/1

Switch(config-if)# standby 1 ip 

Switch(config-if)# standby 1 timers 5 15

Switch(config-if)# end

Switch# 

Configuring HSRP Groups and Clustering

When a device is participating in an HSRP standby routing and clustering is enabled, you can use the same standby group for command switch redundancy and HSRP redundancy. Use the cluster standby-group HSRP-group-name [routing-redundancy] global configuration command to enable the same HSRP standby group to be used for command switch and routing redundancy. If you create a cluster with the same HSRP standby group name without entering the routing-redundancy keyword, HSRP standby routing is disabled for the group.

This example shows how to bind standby group my_hsrp to the cluster and enable the same HSRP group to be used for command switch redundancy and router redundancy. The command can only be executed on the command switch. If the standby group name or number does not exist, or if the switch is a member switch, an error message appears.

Switch# configure terminal

Switch(config)# cluster standby-group my_hsrp routing-redundancy

Switch(config)# end

Displaying HSRP Configurations

From privileged EXEC mode, use this command to display HSRP settings:

show standby [interface-id [group]] [brief] [detail]

You can display HSRP information for the whole switch, for a specific interface, for an HSRP group, or for an HSRP group on an interface. You can also specify whether to display a concise overview of HSRP information or detailed HSRP information. The default display is detail. If there are a large number of HSRP groups, using the show standby command without qualifiers can result in an unwieldy display.

This is a an example of output from the show standby privileged EXEC command, displaying HSRP information for two standby groups (group 1 and group 100):

Switch# show standby 

VLAN1 - Group 1

   Local state is Standby, priority 105, may preempt

   Hellotime 3 holdtime 10

   Next hello sent in 00:00:02.182

   Hot standby IP address is 10.0.0.1 configured

   Active router is 172.20.138.35 expires in 00:00:09

   Standby router is local

   Standby virtual mac address is 0000.0c07.ac01

   Name is bbb

VLAN1 - Group 100

   Local state is Active, priority 105, may preempt

   Hellotime 3 holdtime 10

   Next hello sent in 00:00:02.262

   Hot standby IP address is 172.20.138.51 configured

   Active router is local

   Standby router is unknown expired

   Standby virtual mac address is 0000.0c07.ac64

   Name is test