The following is a quick example on how to configure Cisco’s HSRP protocol.
Many net admins ask about redundancy in Cisco routers and the answer is usually always the same: If your uptime has to be high, and the thought of having a failure and suffering the downtime that it will take to make the correction is simply unacceptable, you have to use something called Cisco HSRP (Hot Standby Router Protocol). Plus, you will usually benefit from two interfaces to the network that protects the network connection as well as the router itself. This Cisco How To discusses the simplest configuration for HSRP.
Fundamentally, HSRP is a Cisco proprietary protocol for router redundancy. It can provide nearly 100 percent router availability and redundancy so, if one router goes down, a backup router takes over the routing functions of the primary one. However, there are other available industry protocols supported by Cisco. One industry standard is Virtual Router Redundancy Protocol (VRRP). Another HSRP alternative is Gateway Load Balancing Protocol (GLBP), another Cisco proprietary solution.
The basic configuration we discuss below is based on the following network design:
/—–Router A (10.0.0.1/24)—/
Internet ——-< >–Switch C—-USER
/—–Router B (10.0.0.2/24)—/ (def gateway 10.0.0.3)
You note that the PC’s default gateway to IP address 10.0.0.3. However, that IP address doesn’t point to a real device; instead, it serves as the virtual IP address you will see configured in the routers A and B for whichever router is the primary.
Either Router A or B can be primary or standby. If the primary router doesn’t send out the HELLO packet to the standby router for a period of time, the standby router assumes the primary router is down and takes over as primary. The standby router then assumes responsibility for the virtual IP address and begins responding to the virtual Ethernet MAC address to which the virtual IP address is pointing. The primary and standby routers exchange HSRP HELLO packets so that each knows the other router is there. These HELLO packets use a registered multicast address of 184.108.40.206 and registered UDP port 1985. The most basic form of HSRP has been available since IOS 10.0, but there have been newer features released in the 11 and 12 versions of the IOS.
You can configure a priority as to which router is primary using a number to determine it, and then it’s by the highest IP address. The default priority number is 100; a higher priority number signifies the preferred router. Of course, when setting up router redundancy, you aren’t limited to just two routers. In fact, you can set up groups of routers that work together and have multiple “standby” routers.
You can accomplish almost all HSRP configuration in the router’s Interface Configuration Mode using the standby command. For Router A:
- Configure the IP address on the Ethernet interface.
- Configure the standby IP address.
- Configure standby preempt. (With preempt, Router A will always be the primary router as long as it’s available.)
For Router B follow the exact same step, except for step 3: configure standby priority to be less than 100 (in this case, it’s 90). Now, let’s look at the configuration for our sample network.
ip address 10.0.0.1 255.255.255.0
standby ip 10.0.0.3
RouterA# show standby
Ethernet0/0 – Group 0
State is Active
3 state changes, last state change 00:00:15
Virtual IP address is 10.0.0.3
Active virtual MAC address is 0000.0b02.ac07
Local virtual MAC address is 0000.0b02.ac07 (default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.714 secs
Active router is local
Standby router is 10.0.0.2, priority 90 (expires in 5.714 sec)
Priority 100 (default 100)
IP redundancy name is “hsrp-Et0/0-0” (default)
ip address 10.0.0.2 255.255.255.0
standby ip 10.0.0.3
standby priority 90
RouterB# show standby
Ethernet0/0 – Group 0
Local state is Standby, priority 90
Hellotime 3 sec, holdtime 10 sec
Next hello sent in 0.514
Virtual IP address is 10.0.0.3 configured
Active router is 10.0.0.1, priority 100 expires in 5.959
Standby router is local
5 state changes, last state change 00:15:01
As we show you above, the show standby command (when in Privileged Mode) allows you to check the status of HSRP.
On the PC, the default IP address should point to 10.0.0.3 – not either of the routers. This way, if one of the routers goes down, the other will take over. And you may even be able to use this redundancy to take production routers down during the day because the HSRP failover time is usually less than 10 seconds. For more details on HSRP usage, check the Cisco web site at Cisco HSRP FAQ.
We hope this helps get you started with HSRP.