Cisco First Hop Redundancy Protocol (FHRP)

Explained
In every host within the organization’s network, there should be a need for a router as
the default gateway for every host to connect to the Internet. But what if the gateway
router goes offline or the default gateway IP is changed during configuration?

Replacing the gateway router will cause a longer service interruption to the users within
the organization, and that is not a reactive way to handle the issue. This is where FHRP
will take place.

The below diagram is an example of a network topology without FHRP implementation:

What is First Hop Redundancy Protocol (FHRP)?

First Hop Redundancy Protocol (FHRP) is a hop redundancy protocol that is designed
to provide redundancy to the gateway router within the organization’s network by the
use of a virtual IP address and virtual MAC address.

To implement FHRP, there should be two or more routers that will be used as a
gateway router. The virtual IP address and virtual MAC address will be used on both the
router. The virtual IP address will be the default gateway IP address for all the devices
inside the organization’s network. One router will be used as an active router (gateway
router), and the other router will be standby. If the active router goes offline, the standby
router will take its place to be the gateway router for all the hosts.
 The below diagram is an example of network topology with FHRP implemented:

First Hop Redundancy Protocol (FHRP) Options

We have three ways to implement FHRP. These are by using the following First Hop
Redundancy Protocols:

1. Hot Standby Router Protocol (HSRP)

HSRP, or Hot Standby Router Protocol, is a Cisco-proprietary router redundancy

protocol that enables a cluster of routers to cooperate, and all routers are willing to be a
default router. All the routers within the cluster will have the same virtual IP address and
virtual mac address.

The Two Hot Standby Router Protocol (HSRP) Router States:

 Active Router– the router that actively sends and receives a packet to the host within
the organization. It is the default gateway router. Only one active router will be selected
among the cluster of routers.
 Standby Router– the router/s that in case the incumbent active router will go offline,
among the standby router will be chosen as the active router.
 If the active router goes offline, router failover will occur. These changes will not affect
the hosts. The host keeps the same IP address and MAC address setting. The default
gateway IP address will be the same still on all hosts. There will be no changes on the
host’s ARP table as the gateway router’s virtual MAC address will be the same.
Changes in failover only happen on router and switch, and hosts are not affected.

NOTE
Preemption in HSRP is not enabled by default. Preemption must be configured manually on the
router.

Follow this link : https://networklessons.com/cisco/ccie-routing-switching/hsrp-hot-

standby-routing-protocol

HSRP (Hot Standby Routing Protocol)

Lesson Contents
 Configurations
o Active Gateway Election
o Preemption
o Authentication
o HSRP Timers
o HSRP Version 1 and 2
o Object (Interface) Tracking
 Conclusion
In this lesson I will explain how HSRP (Hot Standby Routing Protocol) works and how to
configure it. If you have no idea what virtual gateways are about then make sure to read
my introduction lesson first.

Here’s the topology I will use:

 Here’s what we have:

 SW1 and SW2 are multilayer switches. The 192.168.1.0/24 subnet belongs to VLAN
1 and there is one host device.
 There is a layer two switch in between SW1, SW2, and H1 to connect the
192.168.1.0/24 segment.
 IP address 192.168.1.254 will be used for the virtual gateway address.
 The multilayer switches are connected with layer three interfaces to an upstream
router called R3.

Let’s look at the configuration.

Configurations

 Configurations
 H1
 R3
 SW1
 SW2
Want to try this example yourself? Here you will find the startup configuration of each
device.

The first thing we’ll do is enable HSRP. We will do this on the VLAN 1 interfaces of SW1
and SW2:

SW1 & SW2

(config)#interface Vlan 1

(config-if)#standby 1 ip 192.168.1.254

Use the standby command to configure HSRP. 192.168.1.254 will be the virtual gateway IP
address. The “1” is the group number for HSRP. It doesn’t matter what you pick just make
sure it’s the same on both devices. On your console you’ll see something like this:

SW1#

%HSRP-5-STATECHANGE: Vlan1 Grp 1 state Standby -> Listen

%HSRP-5-STATECHANGE: Vlan1 Grp 1 state Speak -> Standby

SW2#

%HSRP-5-STATECHANGE: Vlan1 Grp 1 state Standby -> Active

Depending on which switch you configured first you’ll see these messages. One of the
switches will be the active gateway, the other one goes in standby mode. Let’s see if we
can reach this virtual gateway from our host:

R1#ping 192.168.1.254

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.1.254, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 6/206/1007 ms

As you can see we can successfully reach the virtual gateway IP address.

That wasn’t too bad right? Only one command and HSRP works! There are a couple of
other things we have to look at though. We use 192.168.1.254 as the virtual IP address but
what MAC address will it use?

R1#show ip arp | include 1.254

Internet 192.168.1.254 1 0000.0c07.ac01 ARPA GigabitEthernet0/1

You can see the MAC address of 192.168.1.254 in the ARP table, where did this MAC
address come from?

0000.0c07.ac01 is the MAC address that we have. HSRP uses the 0000.0c07.acXX MAC
address where XX is the HSRP group number. In my example I configured HSRP group
number 1. There are a couple of other interesting things to check, take a look below:

SW1#show standby

Vlan1 - Group 1

State is Standby
 3 state changes, last state change 00:03:33

Virtual IP address is 192.168.1.254

Active virtual MAC address is 0000.0c07.ac01 (MAC Not In Use)

Local virtual MAC address is 0000.0c07.ac01 (v1 default)

Hello time 3 sec, hold time 10 sec

Next hello sent in 0.144 secs

Preemption disabled

Active router is 192.168.1.2, priority 100 (expires in 7.776 sec)

Standby router is local

Priority 100 (default 100)

Group name is "hsrp-Vl1-1" (default)

SW2#show standby

Vlan1 - Group 1

State is Active

2 state changes, last state change 00:04:25

Virtual IP address is 192.168.1.254

Active virtual MAC address is 0000.0c07.ac01 (MAC In Use)

Local virtual MAC address is 0000.0c07.ac01 (v1 default)

Hello time 3 sec, hold time 10 sec

Next hello sent in 0.992 secs

Preemption disabled

Active router is local

 Standby router is 192.168.1.1, priority 100 (expires in 10.640 sec)

Priority 100 (default 100)

Group name is "hsrp-Vl1-1" (default)

Use the show standby command to verify your configuration. There’s a couple of
interesting things here:

 We can see the virtual IP address here (192.168.1.254).

 It also shows the virtual MAC address (0000.0c07.ac01).
 You can see which router is active or in standby mode.
 The hello time is 3 seconds and the hold time is 10 seconds.
 Preemption is disabled.

The active router will respond to ARP requests from computers and it will be actively
forwarding packets from them. It will send hello messages to the routers that are in standby
mode. Routers in standby mode will listen to the hello messages, if they don’t receive
anything from the active router they will wait for the hold time to expire before taking over.
The hold time is 10 seconds by default which is pretty slow; we’ll see how to speed this up
in a bit.

Each HSRP router will go through a number of states before it ends up as an active or
standby router, this is what will happen:

State Explanation

This is the first state when HSRP starts. You’ll see this just after you configured HSRP or when the
Initial
interface just got enabled.

Listen The router knows the virtual IP address and will listen for hello messages from other HSRP routers.

The router will send hello messages and will join the election to see which router will become active or
Speak
standby.

The router didn’t become the active router but will keep sending hello messages. If the active router
Standby
fails it will take over.
 Active The router will actively forward packets from clients and sends hello messages.

We can see all these steps with a debug command. Let’s shut the VLAN 1 interfaces first so
that we can restart HSRP:

SW1 & SW2

(config)#interface Vlan 1

(config-if)#shutdown

Now use the debug standby events command:

SW1 & SW2

#debug standby events

HSRP Events debugging is on

Now we will enable the VLAN 1 interface on SW1 first:

SW1

(config)#interface Vlan 1

(config-if)#no shutdown

Here’s what you will see on SW1:

SW1#

HSRP: Vl1 Interface UP

HSRP: Vl1 Starting minimum intf delay (1 secs) - uptime 997

HSRP: Vl1 Intf min delay expired - uptime 998

HSRP: Vl1 Grp 1 Init: a/HSRP enabled

HSRP: Vl1 Grp 1 Init -> Listen

HSRP: Vl1 Grp 1 Redundancy "hsrp-Vl1-1" state Init -> Backup

HSRP: Vl1 IP Redundancy "hsrp-Vl1-1" update, Init -> Backup

HSRP: Vl1 Grp 1 Listen: d/Standby timer expired (unknown)

HSRP: Vl1 Grp 1 Listen -> Speak

HSRP: Vl1 Grp 1 Redundancy "hsrp-Vl1-1" state Backup -> Speak

HSRP: Vl1 IP Redundancy "hsrp-Vl1-1" update, Backup -> Speak

HSRP: Vl1 Grp 1 Speak: d/Standby timer expired (unknown)

HSRP: Vl1 Grp 1 Standby router is local

HSRP: Vl1 Grp 1 Speak -> Standby

HSRP: Vl1 Grp 1 Redundancy "hsrp-Vl1-1" state Speak -> Standby

HSRP: Vl1 IP Redundancy "hsrp-Vl1-1" standby, unknown -> local

HSRP: Vl1 IP Redundancy "hsrp-Vl1-1" update, Speak -> Standby

HSRP: Vl1 Grp 1 Standby: c/Active timer expired (unknown)

HSRP: Vl1 Grp 1 Active router is local

HSRP: Vl1 Grp 1 Standby router is unknown, was local

HSRP: Vl1 Grp 1 Standby -> Active

HSRP: Vl1 Grp 1 Redundancy "hsrp-Vl1-1" state Standby -> Active

HSRP: Vl1 Grp 1 Added 192.168.1.254 to ARP (0000.0c07.ac01)

HSRP: Vl1 Grp 1 Activating MAC 0000.0c07.ac01

HSRP: Vl1 Grp 1 Adding 0000.0c07.ac01 to MAC address filter - resetting the interface

HSRP: Vl1 IP Redundancy "hsrp-Vl1-1" standby, local -> unknown

HSRP: Vl1 IP Redundancy "hsrp-Vl1-1" update, Standby -> Active

HSRP: Vl1 IP Redundancy "hsrp-Vl1-1" update, Active -> Active

Above you can clearly see the different states we go through before we end up in the active
state. Right now SW1 is the only switch that is running HSRP so let’s enable the VLAN 1
interface of SW2 as well:

SW2(config)#interface Vlan 1

SW2(config-if)#no shutdown

Here’s the debug output:

SW2#

HSRP: Vl1 Grp 1 Active router is 192.168.1.1

HSRP: Vl1 Nbr 192.168.1.1 created

HSRP: Vl1 Nbr 192.168.1.1 active for group 1

HSRP: Vl1 Interface UP

HSRP: Vl1 Starting minimum intf delay (1 secs) - uptime 1089

HSRP: Vl1 Intf min delay expired - uptime 1090

HSRP: Vl1 Grp 1 Init: a/HSRP enabled

HSRP: Vl1 Grp 1 Init -> Listen

HSRP: Vl1 Grp 1 Redundancy "hsrp-Vl1-1" state Init -> Backup

HSRP: Vl1 IP Redundancy "hsrp-Vl1-1" update, Init -> Backup

HSRP: Vl1 Grp 1 Listen: d/Standby timer expired (unknown)

HSRP: Vl1 Grp 1 Listen -> Speak

HSRP: Vl1 Grp 1 Redundancy "hsrp-Vl1-1" state Backup -> Speak

HSRP: Vl1 IP Redundancy "hsrp-Vl1-1" update, Backup -> Speak

HSRP: Vl1 Grp 1 Speak: d/Standby timer expired (unknown)

HSRP: Vl1 Grp 1 Standby router is local

HSRP: Vl1 Grp 1 Speak -> Standby

HSRP: Vl1 Grp 1 Redundancy "hsrp-Vl1-1" state Speak -> Standby

HSRP: Vl1 IP Redundancy "hsrp-Vl1-1" standby, unknown -> local

HSRP: Vl1 IP Redundancy "hsrp-Vl1-1" update, Speak -> Standby

Above we can see that SW2 is seeing 192.168.1.1 (SW1) as the active router. Eventually it
ends up in the standby state.

Active Gateway Election

Why did SW2 go in standby mode instead of SW1?

By default the switch with the highest priority will become the active HSRP device. If the
priority is the same then the highest IP address will be the tie-breaker. Let’s take a look at
the priorities:

SW1#show standby | include Priority

Priority 100 (default 100)

SW2#show standby | include Priority

Priority 100 (default 100)

The priority is the same on both switches, SW2 has a higher IP address so it should
become the active router but it’s not. Let’s try increasing its priority:

SW2(config)#interface Vlan 1

SW2(config-if)#standby 1 priority 150

Here’s how we can verify the new priority:

SW2#show standby | include Priority

Priority 150 (configured 150)

SW2#show standby | include Active

Active virtual MAC address is 0000.0c07.ac01 (MAC Not In Use)

Active router is 192.168.1.1, priority 100 (expires in 9.232 sec)

Even though SW2 has a higher priority, SW1 remains the active router. Another useful
command to verify which router is active or standby is the show standby brief command:

SW1#show standby brief

P indicates configured to preempt.

Interface Grp Pri P State Active Standby Virtual IP

Vl1 1 100 Active local 192.168.1.2 192.168.1.254

SW2#show standby brief

P indicates configured to preempt.

Interface Grp Pri P State Active Standby Virtual IP

Vl1 1 150 Standby 192.168.1.1 local 192.168.1.254

We can confirm SW2 has a higher priority but SW1 is still active. Once HSRP has decided
which device should be active it will stay active until it goes down. We can overrule this if
we want though…

Preemption
When we enable preemption the switch with the highest priority (or IP address in case the
priority is the same) will always become the new active device. Here’s how to enable this:
SW1 & SW2

(config)#interface Vlan 1

(config-if)#standby 1 preempt

Let’s see if it makes any difference:

SW1#show standby brief

P indicates configured to preempt.

Interface Grp Pri P State Active Standby Virtual IP

Vl1 1 100 P Standby 192.168.1.2 local 192.168.1.254

SW2#show standby brief

P indicates configured to preempt.

Interface Grp Pri P State Active Standby Virtual IP

Vl1 1 150 P Active local 192.168.1.1 192.168.1.254

There goes…SW2 is now active and SW1 goes to standby!

By default preemption will take effect immediately but it might be a good idea to use a
delay. If a router or reboots it might need some time to “converge”. Maybe OSPF or EIGRP
need to form neighbor adjacencies or spanning-tree isn’t ready yet unblocking ports. If you
want to add a delay then you can do it like this:

SW1 & SW2

(config)#interface Vlan 1

(config-if)#standby 1 preempt delay minimum 60

This will delay the preemption by 60 seconds.

Authentication
HSRP also supports authentication. You can choose between plaintext or MD5
authentication. Here’s how to configure MD5:

SW1 & SW2

(config)#interface Vlan 1

(config-if)#standby 1 authentication md5 key-string MY_SECRET_KEY

This ensures that all packets sent between the two switches are authenticated. This
prevents someone on the 192.168.1.0/24 subnet from joining our HSRP setup.

HSRP Timers
By default HSRP is pretty slow. SW1 is my standby router and it will wait for 10 seconds
(hold time) before it will become active once SW2 fails. That means we’ll have 10 seconds
of downtime…let’s see if we can speed that up:

SW1(config-if)#standby 1 timers ?

<1-254> Hello interval in seconds

msec Specify hello interval in milliseconds

We can speed things up by changing the timers with the standby timers command. We
can even use millisecond values, let’s try that:

SW1 & SW2

(config)#interface Vlan 1

(config-if)#standby 1 timers msec 100 msec 300

I’ve set the hello time to 100 milliseconds and the hold timer to 300 milliseconds. Make sure
your hold time is at least three times the hello timer. Let’s verify our work:

SW1#show standby | include time

 Hello time 100 msec, hold time 300 msec

SW2#show standby | include time

Hello time 100 msec, hold time 300 msec

HSRP Version 1 and 2

There are two versions of HSRP and depending on the router or switch model you might
have the option to use HSRP version 2. You can change the version by using the standby
version command.

HSRPv1 HSRPv2

Group Numbers 0 – 255 0 – 4095

Virtual MAC address 0000.0c07.acXX (XX = group number) 0000.0c9f.fxxx (XXX = group number)

Multicast Address 224.0.0.2 224.0.0.102

Let’s try switching our devices to HSRP version 2:

SW1 & SW2

(config)#interface Vlan 1

(config-if)#standby version 2

SW1#show standby | include version

Vlan1 - Group 1 (version 2)

That’s all there is to it.

Object (Interface) Tracking

There is one more thing we need to look at and it’s called object (interface) tracking. Take
a look at the following picture:
In the picture above SW2 is the active router because we changed the priority to 150. That’s
great but what if the interface on SW2 to R3 fails? It will be the active router but it doesn’t
have a direct path to R3 anymore.
When this happens it will send an ICMP redirect to the computer. It would be better if
SW1 becomes the active HSRP router in case this happens.
HSRP offers a feature called interface tracking. We can select an interface to track and if it
fails we will give it a penalty. This way your priority will decrease and another device can
become the active router.

Make sure you have enabled preemption if you want to use interface tracking. Here’s an
example:

SW2(config)track 1 interface GigabitEthernet 0/2 line-protocol

First we configure object tracking for the GigabitEthernet 0/2 interface. When the line-
protocol changes (goes down) then the object state will change.

We can now use this object with HSRP:

SW2(config)#interface Vlan 1

SW2(config-if)#standby 1 track 1 ?

decrement Priority decrement

shutdown Shutdown group

We can choose to decrement the priority or you can decide to shut the entire HSRP group
in case the interface is down. Let’s try decrementing the priority:

SW2(config-if)#standby 1 track 1 decrement 60

Let’s try this out:

SW2(config)#interface GigabitEthernet 0/2

SW2(config-if)#shutdown

Here’s what we will see on SW2:

SW2#

%TRACK-6-STATE: 1 interface Gi0/2 line-protocol Up -> Down

The interface goes down so the state of our object changes. Let’s see if the priority has
decreased:

SW2#show standby | include Priority

Priority 90 (configured 150)

SW2#show standby | include Active

Active virtual MAC address is 0000.0c9f.f001 (MAC Not In Use)

Active router is 192.168.1.1, priority 100 (expires in 0.352 sec)

You can see the priority is now 90 instead of the 150 that we configured.
You can see the priority is now 90 which is lower than SW1 (100). As a result SW2 will go to
the standby state and SW1 will move to the active state. Interface tracking is useful but it
will only check the state of the interface. It’s possible that the interface remains in the up
state but that we are unable to reach R3. It might be a better idea to use IP SLA instead
since it can check end-to-end connectivity.

Let’s remove the current object tracking configuration:

SW2(config)#interface GigabitEthernet 0/2

SW2(config-if)#no shutdown

SW2(config-if)#no standby 1 track 1 decrement 60

And configure IP SLA to ping the IP address of R3:

SW2(config)#ip sla 1

SW2(config-ip-sla)#icmp-echo 192.168.23.3

SW2(config-ip-sla-echo)#frequency 10

SW2(config)#ip sla schedule 1 start-time now life forever

We can now combine IP SLA with object tracking:

SW2(config)#no track 1

SW2(config)#track 1 ip sla 1

And we’ll configure SW2 once again that the priority will decrease by 60 when the object is
down:

SW2(config)#interface Vlan 1

SW2(config-if)#standby 1 track 1 decrement 60

Let’s test our configuration. First we want to make sure that IP SLA is working:

SW2#show ip sla statistics

IPSLAs Latest Operation Statistics

IPSLA operation id: 1

Latest RTT: 3 milliseconds

Latest operation start time: 13:31:57 UTC Thu Feb 18 2016

Latest operation return code: OK

Number of successes: 7

Number of failures: 0

Operation time to live: Forever

IP SLA is up and running. Let’s shut the GigabitEthernet 0/2 interface on SW2 again so that
IP SLA will fail:

SW2(config)#interface GigabitEthernet 0/2

SW2(config-if)#shutdown
 Let’s check the current priority:

SW2#show standby | include Priority

Priority 90 (configured 150)

The priority has decreased which will cause SW1 to become the active router:

SW2#show standby | include Active

Active virtual MAC address is 0000.0c9f.f001 (MAC Not In Use)

Active router is 192.168.1.1, priority 100 (expires in 0.288 sec)

That’s all there is to it.

 Configurations
 H1
 R3
 SW1
 SW2
Want to take a look for yourself? Here you will find the final configuration of each device.

Conclusion
You have now seen how to configure HSRP, how to enable authentication and how to
“tune” some of its parameters. I hope this has been useful. Share it with your friends and/or
colleagues. If you have any questions feel free to leave a comment in our forum.

2. Virtual Router Redundancy Protocol (VRRP)

VRRP, Virtual Router Redundancy Protocol, is a vendor-neutral redundancy protocol

that groups a cluster of physical routers (two or more routers) to produce a new single
virtual router. It enables redundancy by assigning the same virtual gateway IP address
and MAC address on all physical routers within the VRRP group. Currently, VRRP is at
version 2. It almost has the same concept as HSRP. The only difference is that
preemption is enabled by default on VRRP, while on HSRP, it needs to be configured
manually.
 Two states of Virtual Router Redundancy Protocol (VRRP):

 Master Router– It is the current default gateway of all the hosts within the organization.
It is actively sending and receiving packets to the hosts.
 Backup Router – The backup router will take the role of the master router during the
failover or when the master router goes offline.

NOTE
VRRPv3 supports IPv6 and is more scalable than VRRPv2.

VRRP (Virtual Router Redundancy

Protocol)
VRRP (Virtual Router Redundancy Protocol) is very similar to HSRP (Hot Standby Routing
Protocol) and can be used to create a virtual gateway. If you don’t know why we use virtual
gateways then I suggest to read my Introduction to virtual gateways first. Also make sure
you check the HSRP lesson first since many of the things I describe there also apply to
VRRP.

VRRP is very similar to HSRP; if you understood HSRP you’ll have no trouble with VRRP
which is a standard protocol defined by the IETF in RFC 3768. Configuration-wise it’s
pretty much the same but there are a couple of differences.

Let’s start with an overview:

HSRP VRRP

Protocol Cisco proprietary IETF – RFC 3768

Number of groups 16 groups maximum 255 groups maximum

 1 active, 1 standby and multiple
Active/Standby 1 active and several backups.
candidates.

Different from real IP addresses on Can be the same as the real IP address
Virtual IP Address
interfaces on an interface.

Multicast address 224.0.0.2 224.0.0.18

Tracking Interfaces or Objects Objects

Hello timer 3 seconds, hold time 10 Hello timer 1 second, hold time 3
Timers
seconds. seconds.

Authentication Supported Not supported in RFC 3768

As you can see there are a number of differences between HSRP and VRRP. Nothing too
fancy however. HSRP is a cisco proprietary protocol so you can only use it between Cisco
devices.

Let’s see if we can configure it…

Configuration
This is the topology that I will use:
SW1 and SW2 are multilayer switches and their interfaces are configured as routed ports.
We will create a virtual gateway using VRRP on the interfaces facing SW3:

SW1(config)#interface fa0/17

SW1(config-if)#vrrp 1 ip 192.168.1.3

SW1(config-if)#vrrp 1 priority 150

SW1(config-if)#vrrp 1 authentication md5 key-string mykey

SW2(config-if)#interface fa0/19
SW2(config-if)#vrrp 1 ip 192.168.1.3

SW2(config-if)#vrrp 1 authentication md5 key-string mykey

Here’s an example how to configure VRRP. You can see the commands are pretty much
the same but I didn’t type “standby” but vrrp. I have changed the priority on SW1 to 150 and
I’ve enabled MD5 authentication on both switches.

SW1#

%VRRP-6-STATECHANGE: Fa0/17 Grp 1 state Init -> Backup

%VRRP-6-STATECHANGE: Fa0/17 Grp 1 state Backup -> Master

SW2#

%VRRP-6-STATECHANGE: Fa0/19 Grp 1 state Init -> Backup

%VRRP-6-STATECHANGE: Fa0/19 Grp 1 state Backup -> Master

%VRRP-6-STATECHANGE: Fa0/19 Grp 1 state Master -> Backup

You will see these messages pop-up in your console. VRRP uses different terminology than
HSRP. SW1 has the best priority and will become the master router. SW2 will become a
backup router. Let’s see what else we have:

SW1#show vrrp

FastEthernet0/17 - Group 1

State is Master

Virtual IP address is 192.168.1.3

Secondary Virtual IP address is 192.168.1.4

Virtual MAC address is 0000.5e00.0101

Advertisement interval is 1.000 sec

Preemption enabled
 Priority is 150

Authentication MD5, key-string "mykey"

Master Router is 192.168.1.1 (local), priority is 150

Master Advertisement interval is 1.000 sec

Master Down interval is 3.414 sec

SW2#show vrrp

FastEthernet0/19 - Group 1

State is Backup

Virtual IP address is 192.168.1.3

Virtual MAC address is 0000.5e00.0101

Advertisement interval is 1.000 sec

Preemption enabled

Priority is 100

Authentication MD5, key-string "mykey"

Master Router is 192.168.1.1, priority is 150

Master Advertisement interval is 1.000 sec

Master Down interval is 3.609 sec (expires in 3.065 sec)

Use show vrrp to verify your configuration. The output looks similar to HSRP; one of the
differences is that VRRP uses another virtual MAC address:

3. Gateway Load Balancing Protocol (GLBP)

As compared to HSRP and VRRP, Gateway Load Balancing Protocol is a bit different.
With GLBP, routers within the group are allowed to do load balancing. To put it simply,
all the traffic that is transmitted to the default gateway IP address will be load-balanced
one at a time or in a round-robin manner among the routers within the group. GLBP has
the same state as HSRP, which is called active and standby. The mechanism of
GLBP’s active and standby state is the same as HSRP’s active and standby state.

GLBP (Gateway Load Balancing Protocol)

GLBP stands for Gateway Load Balancing Protocol and just like HSRP / VRRP it is used
to create a virtual gateway that you can use for hosts. If you have no idea what a virtual
gateway is then read my Introduction to Gateway Redundancy first. Also I would
recommend to look at the HSRP and VRRP lessons before you continue with GLBP.

One of the key differences of GLBP is that it can do load balancing without the group
configuration that HSRP/VRRP use (what’s in a name right?).

Let’s take a closer look:

All devices running GLBP elect an AVG (Active Virtual Gateway). There will be only one
AVG for a single group running GLBP but other devices can take over this rule if the AVG
fails. The role of the AVG is to assign a virtual MAC address to all other devices running
GLBP. All devices will become an AVF (Active Virtual Forwarder) including the AVG.
Whenever a computer sends an ARP Request the AVG will respond with one of the virtual
MAC addresses of the available AVFs. Because of this mechanism all devices running
GLBP will be used to forward IP packets.

There are multiple methods for load balancing:

  Round-robin: the AVG will hand out the virtual MAC address of AVF1, then AVF2,
AVF3 and gets back to AVF1 etc.
 Host-dependent: A host will be able to use the same virtual MAC address of an
AVF as long as it is reachable.
 Weighted: If you want some AVFs to forward more traffic than others you can
assign them a different weight.

Let’s take a look at a configuration example so you can see how this works.

Configuration
I will use the following topology to configure GLBP:
SW1 and SW2 are multilayer switches, their GigabitEthernet 0/1 interfaces are switchports
and in VLAN 1. Their interfaces that connect to R3 are routed ports. We configure SW1 and
SW2 so they create a virtual gateway for the hosts in the 192.168.1.0 /24 subnet. Let’s
enable GLBP:

SW1(config)#interface Vlan1

SW1(config-if)#glbp 1 ip 192.168.1.254

SW1(config-if)#glbp 1 priority 150

SW2(config)#interface Vlan1

SW2(config-if)#glbp 1 ip 192.168.1.254

I’ll enable GLBP on SW1 and Sw2 using the same group number (1). I changed the priority
on SW1 because I want it to be the AVG. Let’s see if this works:

SW1#show glbp brief

Interface Grp Fwd Pri State Address Active router Standby router

Vl1 1 - 150 Active 192.168.1.254 local 192.168.1.2

Vl1 1 1 - Active 0007.b400.0101 local -

Vl1 1 2 - Listen 0007.b400.0102 192.168.1.2 -

SW2#show glbp brief

Interface Grp Fwd Pri State Address Active router Standby router

Vl1 1 - 100 Standby 192.168.1.254 192.168.1.1 local

Vl1 1 1 - Listen 0007.b400.0101 192.168.1.1 -

Vl1 1 2 - Active 0007.b400.0102 local -

Use the show glbp brief command to verify your configuration. There are a couple of
things we can see here:
 • SW1 has become the AVG for group 1. SW2 (192.168.1.2) is standby for the AVG role
and will take over in case SW1 fails and group1 has two AVFs:

 1: SW1: Virtual MAC address 0007.b400.0101.

 2: SW2: Virtual MAC address 0007.b400.0102.

The virtual MAC address that GLBP uses is 0007.b400.XXYY (where X = GLBP group
number and Y = AVF number). Let’s take a look at our host, I configured it to use the
192.168.1.254 address for the default gateway.

CISCO

How to Use the standby preempt and

standby track Commands

Introduction
This document describes how the standby preempt and standby track commands work together, and
when you must use each one.
The standby preempt command enables the Hot Standby Router Protocol (HSRP) router with the
highest priority to immediately become the active router. Priority is determined first by the configured
priority value, and then by the IP address. In each case, a higher value is of greater priority. When a
higher priority router preempts a lower priority router, the router sends a Coup message. When a
lower priority active router receives a Coup message or a Hello message from an active, higher
priority router, the router changes to the Speak state and sends a resign message.
The standby track command allows you to specify another interface on the router for the HSRP
process to monitor in order to alter the HSRP priority for a given group. If the line protocol of the
specified interface goes down, the HSRP priority is reduced. This means that another HSRP router
with higher priority can become the active router if that router has standby preempt enabled.
Prerequisites
Requirements
There are no specific requirements for this document.
Components Used
The information in this document is based on these software and hardware versions:
 Cisco IOS® Software Release 12.2(10b)
 Cisco 2503 Routers
 The information in this document was created from the devices in a specific lab environment. All of
the devices used in this document started with a cleared (default) configuration. If your network is
live, make sure that you understand the potential impact of any command.
Conventions
Refer to Cisco Technical Tips Conventions for more information on document conventions.
Background Information
This diagram shows an example that uses the standby preempt command in conjunction with
the standby track command.

Configuration Examples
In the network diagram, HSRP is configured in this manner:
 R1 is the active router and tracks the R1 serial 0 interface state. When R1 is the active router, all the traffic
from the hosts (Host 1, 2, 3) to the servers is routed through R1.
 R2 is the standby router and tracks the R2 serial 1 interface state.
 If the R1 serial 0 interface goes down, the R1 HSRP priority is decreased by 10. At this point the R2 HSRP
priority is higher than R1, and R2 takes over as the active router. When R2 becomes the active router, all the
traffic from the hosts to the servers is routed through R2.

Note: The default gateway for Hosts 1, 2, and 3 is configured with the HSRP virtual IP address
(171.16.6.100, in this case). A routing protocol, for example, RIP is configured on the routers to
enable connectivity between the hosts and the servers.
Here is the configuration for each router:

Router 1 ( Cisco 2503)

interface Ethernet0
ip address 171.16.6.5 255.255.255.0

!--- Assigns an IP address to the interface.

no ip redirects
standby 1 ip 171.16.6.100

!--- Assigns a standby group and standby IP address

standby 1 priority 105

!--- Assign a priority (105 in this case) to the router interface

(e0) !--- for a particular group number (1). The default is 100.

standby 1 preempt

!--- Allows the router to become the active router when the
priority !--- is higher than all other HSRP-configured routers in
the hot standby group. !--- If you do not use the standby
preempt command in the configuration !--- for a router, that
router does not become the active router, even if !--- the priority
is higher than all other routers.

standby 1 track Serial0

!--- Indicates that HSRP tracks Serial0 interface. !--- The

interface priority can also be configured, which indicates the !---
amount by which the router priority decreases when !--- the
interface goes down. The default is 10.

interface Serial0
ip address 171.16.2.5 255.255.255.0

Router 2 ( Cisco 2503)

interface Ethernet0
ip address 171.16.6.6 255.255.255.0

!--- Assigns an IP address to the interface.

no ip redirects
standby 1 ip

!--- Indicates the hot standby group. Here the IP address of the
virtual router !--- is not configured. See the note after this table.
 standby 1 preempt

!--- Allows the router to become the active router when the
priority !--- is higher than all other HSRP-configured routers in
the hot standby group. !--- If you do not use the standby
preempt command in the configuration !--- for a router, that
router does not become the active router, even if !--- the priority
is higher than all other routers.

standby 1 track Serial1

!--- Indicates that HSRP tracks Serial1 interface. !--- The

interface priority can also be configured, which indicates the !---
amount by which the router priority decreases when !--- the
interface goes down. The default is 10. !--- The priority is also
not configured and hence the default !--- priority value of 100 is
applied.

interface Serial1
ip address 171.16.7.6 255.255.255.0

Note: R2 does not have a standby IP address configured. This is intentional in order to demonstrate
that this is a valid configuration. When R1 and R2 exchange HSRP hellos, R2 learns the standby IP
address from R1. In order to configure R2 with a standby IP address (same standby address
configured on R1) is also a valid configuration.
R1# show standby
Ethernet0 - Group 1
Local state is Active, priority 105, may preempt
Hellotime 3 sec, holdtime 10 sec
Next hello sent in 1.458
Virtual IP address is 171.16.6.100 configured
Active router is local
Standby router is 171.16.6.6 expires in 8.428
Virtual mac address is 0000.0c07.ac01
2 state changes, last state change 02:09:49
IP redundancy name is "hsrp-Et0-1" (default)
Priority tracking 1 interface, 1 up:
Interface Decrement State
Serial0 10 Up

R2# show standby

Ethernet0 - Group 1
Local state is Standby, priority 100, may preempt
Hellotime 3 sec, holdtime 10 sec
Next hello sent in 1.814
Virtual IP address is 171.16.6.100
Active router is 171.16.6.5, priority 105 expires in 9.896
Standby router is local
3 state changes, last state change 00:10:21
IP redundancy name is "hsrp-Et0-1" (default)
Priority tracking 1 interface, 1 up:
Interface Decrement State
Serial1 10 Up
Although R2 does not have an HSRP priority configured, the output shows the R2 priority as the
HSRP default value, 100. The output of both routers indicates that the routers track the state of
serial 0. The state of R1 is active and the state of R2 is standby. Lastly, both routers are configured
with the standby preempt command.
What happens if the serial 0 interface of R1 goes down? The output of the show standby command
looks like this:
R1# show standby
Ethernet0 - Group 1
Local state is Standby, priority 95 (confgd 105), may preempt
Hellotime 3 sec, holdtime 10 sec
Next hello sent in 2.670
Virtual IP address is 171.16.6.100 configured
Active router is 171.16.6.6, priority 100 expires in 8.596
Standby router is local
4 state changes, last state change 00:01:45
IP redundancy name is "hsrp-Et0-1" (default)
Priority tracking 1 interface, 0 up:
Interface Decrement State
Serial0 10 Down

R2# show standby

Ethernet0 - Group 1
Local state is Active, priority 100, may preempt
Hellotime 3 sec, holdtime 10 sec
Next hello sent in 0.810
Virtual IP address is 171.16.6.100
Active router is local
Standby router is 171.16.6.5 expires in 9.028
Virtual mac address is 0000.0c07.ac01
4 state changes, last state change 00:01:38
IP redundancy name is "hsrp-Et0-1" (default)
Priority tracking 1 interface, 1 up:
Interface Decrement State
Serial1 10 Up
Notice in the output that the HSRP priority of R1 is reduced by 10—to 95. This change makes the R2
priority of 100 higher. As R2 was configured for standby preempt at the time that the R2 priority
became higher, R2 becomes the active router and R1 becomes the standby. Now, if the R1 serial 0
interface comes back up, the R1 priority is 105, again. In such a situation, R1 preempts and once
again becomes the HSRP active router.
Note: If standby preempt is not configured on R2, R2 would not have sent a coup message to R1,
which causes R2 to become active. Instead R1 would have remained the active router.
For example, consider this configuration:
standby priority 120
standby track serial 0
standby track serial 1

An HSRP priority of 120 is configured with the standby priority command and HSRP is configured to
track the state of two interfaces, Serial0 and Serial 1. Because no decrement value is specified in
the standby track command, the HSRP priority is decremented by the default value of 10 when the
tracked interface goes down. Initially, both the interfaces are up and the HSRP priority of the
interface is 120, as in the show standby command output:
R1# show standby
Ethernet0 - Group 1
Local state is Active, priority 120, may preempt
Hellotime 3 sec, holdtime 10 sec
Next hello sent in 1.034
Virtual IP address is 10.0.0.5 configured
Active router is local
Standby router is unknown
Virtual mac address is 0000.0c07.ac01
2 state changes, last state change 00:00:04
IP redundancy name is "hsrp-Et0-1" (default)
Priority tracking 2 interfaces, 2 up:
Interface Decrement State
Serial0 10 Up
Serial1 10 Up
R1#
Now, interface Serial 0 is brought down.
R1#
1w0d: %LINK-3-UPDOWN: Interface Serial0, changed state to down
1w0d: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed
state to down
R1#
This reduces the HSRP priority by 10—from 120 to a value of 110. You can use the show
standby command to verify this:
R1# show standby
Ethernet0 - Group 1
Local state is Active, priority 110 (confgd 120), may preempt
Hellotime 3 sec, holdtime 10 sec
Next hello sent in 2.544
Virtual IP address is 10.0.0.5 configured
Active router is local
Standby router is unknown
Virtual mac address is 0000.0c07.ac01
2 state changes, last state change 00:00:48
IP redundancy name is "hsrp-Et0-1" (default)
Priority tracking 2 interfaces, 1 up:
Interface Decrement State
Serial0 10 Down (line protocol down)
Serial1 10 Up
R1#
Next, the second tracked interface—Serial 1—is brought down:
R1#
1w0d: %LINK-3-UPDOWN: Interface Serial1, changed state to down
1w0d: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1, changed
state to down
R1#

This again reduces the HSRP priority by 10—from 110 to a value of 100. You can use the show
standby command to verify this:
R1# show standby
Ethernet0 - Group 1
Local state is Active, priority 100 (confgd 120), may preempt
Hellotime 3 sec, holdtime 10 sec
Next hello sent in 1.846
Virtual IP address is 10.0.0.5 configured
Active router is local
Standby router is unknown
Virtual mac address is 0000.0c07.ac01
2 state changes, last state change 00:01:06
IP redundancy name is "hsrp-Et0-1" (default)
Priority tracking 2 interfaces, 0 up:
Interface Decrement State
Serial0 10 Down (line protocol down)
Serial1 10 Down (line protocol down)
R1#