Scribd
Upload
41 views26 pages

15.1.3 Lab - Implement HSRP - ILM

This document describes the topology, objectives, and configuration steps for a lab to implement HSRP (Hot Standby Router Protocol) on two devices (D1 and D2) to provide redundancy. The lab will configure basic settings, interface addressing, and HSRP for IPv4 and IPv6. It will also configure HSRP authentication and object tracking.

Uploaded by

Andrei Petru Pârv
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
41 views26 pages

15.1.3 Lab - Implement HSRP - ILM

This document describes the topology, objectives, and configuration steps for a lab to implement HSRP (Hot Standby Router Protocol) on two devices (D1 and D2) to provide redundancy. The lab will configure basic settings, interface addressing, and HSRP for IPv4 and IPv6. It will also configure HSRP authentication and object tracking.

Uploaded by

Andrei Petru Pârv
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 26

Lab - Implement HSRP (Instructor Version)

Instructor Note: Red font color or gray highlights indicate text that appears in the instructor copy only.

Topology

Addressing Table
Device Interface IP Address Default Gateway

D1 Lo 0 192.168.1.1/24 N/A

D1 Lo 0 2001:db8:acad:1000::1/64 N/A
D1 VLAN 11 10.11.0.1/24 N/A
D1 VLAN 11 2001:db8:acad:11::1/64 N/A
D1 VLAN 21 10.21.0.1/24 N/A
D1 VLAN 21 2001:db8:acad:21::1/64 N/A
D2 Lo 0 192.168.1.1/24 N/A

D2 Lo 0 2001:db8:acad:1000::1/64 N/A
D2 VLAN 11 10.11.0.2/24 N/A
D2 VLAN 11 2001:db8:acad:11::1/64 N/A
D2 VLAN 21 10.21.0.2/24 N/A
D2 VLAN 21 2001:db8:acad:21::2/64 N/A

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 1 of 26 www.netacad.com
Lab - Implement HSRP

Device Interface IP Address Default Gateway

PC1 NIC 10.11.0.50/24 10.11.0.254

PC1 NIC IPv6 SLAAC


PC2 NIC 10.21.0.50/24 10.21.0.254

PC2 NIC IPv6 SLAAC

Objectives
Part 1: Build the Network and Configure Basic Device Settings and Interface Addressing
Part 2: Configure and Observe HSRP for IPv4 and IPv6
Part 3: Configure and Observe HSRP Authentication
Part 4: Configure and Observe HSRP Object Tracking

Background / Scenario
Hot Standby Router Protocol (HSRP) is a Cisco-proprietary redundancy protocol for establishing a fault-
tolerant default gateway. It is described in RFC 2281. HSRP provides a transparent failover mechanism to the
end stations on the network. This provides users at the access layer with uninterrupted service to the network
if the primary gateway becomes inaccessible.
Note: This lab is an exercise in deploying and verifying HSRP and does not necessarily reflect networking
best practices.
Note: The switches used with CCNP hands-on labs are Cisco 3650 with Cisco IOS XE release 16.9.4
(universalk9 image) and Cisco 2960 with IOS release 15.2 (lanbase image). Other routers and Cisco IOS
versions can be used. Depending on the model and Cisco IOS version, the commands available and the
output produced might vary from what is shown in the labs.
Note: Ensure that the switches have been erased and have no startup configurations. If you are unsure
contact your instructor.
Instructor Note: Refer to the Instructor Lab Manual for the procedures to initialize and reload devices.
Note: The default Switch Database Manager (SDM) template on a Catalyst 3650 running IOS XE supports
dual-stacked operations and requires no additional configuration for our purposes.
If you are using a device, such as Cisco 2960, running Cisco IOS, check the SDM template with the privileged
EXEC command show sdm prefer.
S1# show sdm prefer
The default bias template used by the Switch Database Manager (SDM) does not provide IPv6 address
capabilities. Verify that SDM is using either the dual-ipv4-and-ipv6 template or the lanbase-routing
template. The new template will be used after reboot even if the configuration is not saved.
Use the following commands to assign the dual-ipv4-and-ipv6 template as the default SDM template.
S1# configure terminal
S1(config)# sdm prefer dual-ipv4-and-ipv6 default
S1(config)# end
S1# reload

Required Resources
 2 Switches (Cisco 3650 with Cisco IOS XE release 16.9.4 universal image or comparable)

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 2 of 26 www.netacad.com
Lab - Implement HSRP

 1 Switch (Cisco 2960 with Cisco IOS Release 15.2(2) lanbasek9 image or comparable)
 1 PC (Choice of operating system with a terminal emulation program installed)
 Console cables to configure the Cisco IOS devices via the console ports
 Ethernet cables as shown in the topology

Instructions

Part 1: Build the Network and Configure Basic Device Settings and Interface
Addressing
In Part 1, you will set up the network topology and configure basic settings and interface addressing.

a. Cable the network as shown in the topology.


Attach the devices as shown in the topology diagram, and cable as necessary.

b. Configure basic settings for each switch.


a. Console into each switch, enter global configuration mode, and apply the basic settings. A command list
for each switch is provided below for initial configurations.
Open configuration window
Switch D1
hostname D1
ip routing
ipv6 unicast-routing
no ip domain lookup
banner motd # D1, Implement HSRP #
line con 0
exec-timeout 0 0
logging synchronous
exit
line vty 0 4
privilege level 15
password cisco123
exec-timeout 0 0
logging synchronous
login
exit
interface range g1/0/1-24, g1/1/1-4, g0/0
shutdown
exit
interface range g1/0/1-6
switchport mode trunk
no shutdown
exit
interface range g1/0/1-4
channel-group 12 mode active

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 3 of 26 www.netacad.com
Lab - Implement HSRP

exit
interface range g1/0/5-6
channel-group 1 mode active
exit
vlan 11
name FIRST_VLAN
exit
vlan 21
name SECOND_VLAN
exit
interface vlan 11
ip address 10.11.0.1 255.255.255.0
ipv6 address fe80::d1:1 link-local
ipv6 address 2001:db8:acad:11::1/64
no shutdown
exit
interface vlan 21
ip address 10.21.0.1 255.255.255.0
ipv6 address fe80::d1:2 link-local
ipv6 address 2001:db8:acad:21::1/64
no shutdown
exit
interface loopback 0
ip address 192.168.1.1 255.255.255.0
ipv6 address fe80::d1:3 link-local
ipv6 address 2001:db8:acad:1000::1/64
no shutdown
exit
Switch D2
hostname D2
ip routing
ipv6 unicast-routing
no ip domain lookup
banner motd # D2, Implement HSRP #
line con 0
exec-timeout 0 0
logging synchronous
exit
line vty 0 4
privilege level 15
password cisco123
exec-timeout 0 0
logging synchronous
login
exit

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 4 of 26 www.netacad.com
Lab - Implement HSRP

interface range g1/0/1-24, g1/1/1-4, g0/0


shutdown
exit
interface range g1/0/1-6
switchport mode trunk
no shutdown
exit
interface range g1/0/1-4
channel-group 12 mode active
exit
interface range g1/0/5-6
channel-group 2 mode active
exit
vlan 11
name FIRST_VLAN
exit
vlan 21
name SECOND_VLAN
exit
interface vlan 11
ip address 10.11.0.2 255.255.255.0
ipv6 address fe80::d2:1 link-local
ipv6 address 2001:db8:acad:11::2/64
no shutdown
exit
interface vlan 21
ip address 10.21.0.2 255.255.255.0
ipv6 address fe80::d2:2 link-local
ipv6 address 2001:db8:acad:21::2/64
no shutdown
exit
interface loopback 0
ip address 192.168.1.1 255.255.255.0
ipv6 address fe80::d2:3 link-local
ipv6 address 2001:db8:acad:1000::1/64
no shutdown
exit
Switch A1
hostname A1
banner motd # A1, Implement HSRP #
line con 0
exec-timeout 0 0
logging synchronous
exit
line vty 0 4

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 5 of 26 www.netacad.com
Lab - Implement HSRP

privilege level 15
password cisco123
exec-timeout 0 0
logging synchronous
login
exit
interface range f0/1-24, g0/1-2
shutdown
exit
interface range f0/1-4
switchport mode trunk
no shutdown
exit
interface range f0/1-2
channel-group 1 mode active
exit
interface range f0/3-4
channel-group 2 mode active
exit
vlan 11
name FIRST_VLAN
exit
vlan 21
name SECOND_VLAN
exit
interface f0/23
switchport mode access
switchport access vlan 11
spanning-tree portfast
no shutdown
exit
interface f0/24
switchport mode access
switchport access vlan 21
spanning-tree portfast
no shutdown
exit
interface vlan 11
ip address 10.11.0.3 255.255.255.0
ipv6 address fe80::a1:1 link-local
ipv6 address 2001:db8:acad:11::3/64
no shutdown
exit
ip default-gateway 10.11.0.254
b. Set the clock on each switch to UTC time.

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 6 of 26 www.netacad.com
Lab - Implement HSRP

c. Save the running configuration to startup-config.


Close configuration window
c. Configure the PCs for network connectivity.
Configure PC1 and PC2 with the IPv4 address, subnet mask, and default gateway specified in the topology
diagram. The IPv6 address and default gateway information for each PC will come from SLAAC.

Part 2: Configure and Observe HSRP for IPv4 and IPv6.


In Part 2, you will configure and test HSRPv2 in support of IPv4 and IPv6.
HSRP provides redundancy in the network. The traffic can be load-balanced by using the standby group
priority priority command.
IP routing is enabled on D1 and D2. Each route processor can route between the SVIs configured on its
switch. In addition to the real IP address assigned to each switch SVI, assign a third IP address in each
subnet to be used as a virtual gateway address. HSRP negotiates and determines which switch accepts
information forwarded to the virtual gateway IP address.
The standby command configures the IP address of the virtual gateway, sets the priority for each group, and
configures the router for preemption. Preemption allows the router with the higher priority to become the
active router after a network failure has been resolved. Notice that the abbreviation HSRP is not used in the
command syntax to implement HSRP. HSRP version 2 must be implemented to support IPv6. This is
accomplished by using the standby version 2 command on every interface required.
The standby x ipv6 autoconfig command, where x is the assigned HSRP group number, is used to assign
the group an automatically generated virtual ipv6 address. Note that the group number used for IPv6 on an
interface must be different than the group used for IPv4.
In this lab, the group numbers will be 11 and 21 for IPv4, and 116 and 216 for IPv6.
In the following configurations, the priority for VLAN 11 on D1 is set to 150, making it the active router for
VLAN 11. VLAN 21 has the default priority of 100 on D1, making D1 the standby router for VLAN 21. D2 is
configured to be the active router for VLAN 21 with a priority of 150, and the standby router for VLAN 11 with
a default priority of 100.
Note: It is recommended that the HSRP group number be mapped to VLAN number.

a. Configure HSRPv2 on Switch D1.


a. Configure standby group 11 on interface VLAN 11 for HSRP version 2, a standby IP address of
10.11.0.254, a priority of 150, and preemption.
Open configuration window
D1(config)# interface vlan 11
D1(config-if)# standby version 2
D1(config-if)# standby 11 ip 10.11.0.254
D1(config-if)# standby 11 priority 150
D1(config-if)# standby 11 preempt
b. Configure standby group 116 on interface vlan 11 for ipv6 autoconfig command, a priority of 150, and
preemption.
D1(config-if)# standby 116 ipv6 autoconfig
D1(config-if)# standby 116 priority 150
D1(config-if)# standby 116 preempt
c. Configure standby group 21 on interface VLAN 21 for HSRP version 2, a standby IP address of
10.21.0.254, and preemption.

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 7 of 26 www.netacad.com
Lab - Implement HSRP

D1(config)# interface vlan 21


D1(config-if)# standby version 2
D1(config-if)# standby 21 ip 10.21.0.254
D1(config-if)# standby 21 preempt
d. Configure standby group 216 on interface vlan 21 for ipv6 autoconfig command and preemption.
D1(config-if)# standby 216 ipv6 autoconfig
D1(config-if)# standby 216 preempt

b. Verify HSRPv2 is operational on Switch D1.


a. Verify that HSRP is active and operating on Switch D1 with the show standby brief command.
D1# show standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Vl11 11 150 P Active local unknown 10.11.0.254
Vl11 116 150 P Active local unknown FE80::5:73FF:FEA0:74
Vl21 21 100 P Active local unknown 10.21.0.254
Vl21 216 100 P Active local unknown FE80::5:73FF:FEA0:D8
Close configuration window
b. Interface Loopback0 on D1 and D2 represent a destination on the internet. From PC1 and PC2, ping the
IPv4 and IPv6 address of interface Loopack0 on D1. A successful ping verifies that the gateway router is
working.

c. Configure HSRPv2 on Switch D2.


a. Configure standby group 11 on interface VLAN 11 for HSRP version 2, a standby IP address of
10.11.0.254, and preemption.
Open configuration window
D2(config)# interface vlan 11
D2(config-if)# standby version 2
D2(config-if)# standby 11 ip 10.11.0.254
D2(config-if)# standby 11 preempt
b. Configure standby group 116 on interface vlan 11 for ipv6 autoconfig command, and preemption.
D2(config-if)# standby 116 ipv6 autoconfig
D2(config-if)# standby 116 preempt
c. Configure standby group 21 on interface VLAN 21 for HSRP version 2, a standby IP address of
10.21.0.254, a priority of 150, and preemption.
D2(config)# interface vlan 21
D2(config-if)# standby version 2
D2(config-if)# standby 21 ip 10.21.0.254
D2(config-if)# standby 21 priority 150
D2(config-if)# standby 21 preempt
d. Configure standby group 216 on interface vlan 21 for ipv6 autoconfig command, a priority of 150, and
preemption.
D2(config-if)# standby 216 ipv6 autoconfig
D2(config-if)# standby 216 priority 150

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 8 of 26 www.netacad.com
Lab - Implement HSRP

D2(config-if)# standby 216 preempt

d. Verify HSRPv2 is operational on Switch D2.


a. Verify that HSRP is active and operating on Switch D2 with the show standby brief command. Based on
the configuration, D2 should be the active switch for VLAN 21 only.
D2# show standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Vl11 11 100 P Standby 10.11.0.1 local 10.11.0.254
Vl11 116 100 P Standby FE80::D1:1 local FE80::5:73FF:FEA0:74
Vl21 21 150 P Active local 10.21.0.1 10.21.0.254
Vl21 216 150 P Active local FE80::D1:2 FE80::5:73FF:FEA0:D8
Close configuration window
b. Interface Loopback0 on D1 and D2 represent a destination on the internet. From PC1 and PC2, ping the
IPv4 and IPv6 address of interface Loopack0 on D1. A successful ping verifies that the gateway router is
working.

e. Observe and validate HSRPv2 operation.


The whole point of HSRP is to help maintain gateway reachability in case of an outage. In this step, we will
simulate an outage to show how HSRP achieves this objective.
a. On PC1, start a continuous ping to 192.168.1.1 and 2001:db8:acad:1000::1.
b. On Switch D1, issue the shutdown command on interface VLAN 11. Note that D2 takes over the active
role, and there is very little traffic loss in the running pings.
c. On Switch D1, issue the no shutdown command on interface VLAN 11. Note that D1 takes back over as
the active router, and once again there is very little traffic loss experienced.
d. Stop the continuous ping running on PC1.

f. Tune HSRPv2 operation.


We have validated the operation of HSRP for both IPv4 and IPv6, and our gateways are now redundant. But
in some cases, the default amount of time taken to detect and react to an outage is too slow. By default,
HSRP uses a 3-second hello timer and a 10-second hold timer. If 10 seconds is too slow for your organization
or traffic scenario, you can tune the HSRP timers to speed things up. This should only be done on a stable
network, and this will cause more HSRP traffic to be sent between the configured switches, so you should
take those factors into account before changing the timers on a production network.
a. On both switches, issue the shutdown command on interface VLAN 11 and VLAN 21.
b. On both switches, configure the timers for standby group 11 and standby group 21 so that the hello time
is 250 milliseconds and the hold time is 750 milliseconds.
Open configuration window
D1(config)# interface vlan 11
D1(config-if)# standby 11 timers msec 250 msec 750
D1(config-if)# exit
D1(config)# interface vlan 21
D1(config-if)# standby 21 timers msec 250 msec 750
D1(config-if)# exit

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 9 of 26 www.netacad.com
Lab - Implement HSRP

c. On both switches, issue the no shutdown command on interface VLAN 11 and VLAN 21 and let HSRP
initialize. Verify that it is operating as designed by issuing the show standby brief command on switch
D1. You should see D1 as active for VLAN 11 and standby for VLAN 21.
d. On PC1, start a continuous ping to 192.168.1.1 and 2001:db8:acad:1000::1
e. On Switch D1, issue the shutdown command on interface VLAN 11. Note that that D2 takes over the
active role almost immediately, and there is almost no traffic loss in the running pings.
f. On Switch D1, issue the no shutdown command on interface VLAN 11. Note that D1 takes back over as
the active router, and once again there is almost no traffic loss experienced.
g. Stop the continuous ping running on PC1.
Close configuration window

Part 3: Configure and Observe HSRP Authentication


In this part of the lab, you will secure the HSRP communication between member devices. HSRP
authentication prevents rogue routers on the network from joining the HSRP group. Without authentication, a
rogue router could join the group and claim the active role. The attacker would then be able to capture all the
traffic forwarded to attacker’s device. HSRP authentication can be configured using plaintext, an MD5-hashed
key-string, or an MD5-hashed key chain. Using key chains offers more options and security because you can
have lifetime parameters associated with the different keys. For simplicity, we will configure HSRP
authentication using the key string option.
a. On D1, configure authentication for group 11 and group 21 using the key-string Super53cret.
Open configuration window
D1(config)# interface vlan 11
D1(config-if)# standby 11 authentication md5 key-string Super53cret
D1(config-if)# exit
D1(config)# interface vlan 21
D1(config-if)# standby 21 authentication md5 key-string Super53cret
D1(config-if)# exit
D1(config)# end
b. Notice as soon as this command was entered on D1 that we received a “bad authentication” message
display to the console screen. HSRP authentication is not yet configured on D2 therefore we expect for
the HSRP process to be disrupted. The output of the show standby brief command below confirms that
D2 is no longer the standby router for group 11. The standby router shows unknown.
*Jan 19 01:10:13.167: %HSRP-4-BADAUTH2: Bad authentication from 10.11.0.2
D1# show standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Vl11 11 150 P Active local unknown 10.11.0.254
Vl11 116 150 P Active local FE80::D2:1 FE80::5:73FF:FEA0:74
Vl21 21 100 P Active local unknown 10.21.0.254
Vl21 216 100 P Standby FE80::D2:2 local FE80::5:73FF:FEA0:D8

c. On D2, configure authentication for group 11 and group 21 using the key-string Super53cret.
D2(config)# interface vlan 11
D2(config-if)# standby 11 authentication md5 key-string Super53cret
D2(config-if)# exit
D2(config)# interface vlan 21
D2(config-if)# standby 21 authentication md5 key-string Super53cret

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 10 of 26 www.netacad.com
Lab - Implement HSRP

D2(config-if)# exit
D2(config)# end
d. As soon as the key string was entered, HSRP started working again. Verify this by examining the output
of show standby brief on D1 and you will see that D2 is now listed as the standby router for group 11.
D1# show standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Vl11 11 150 P Active local 10.11.0.2 10.11.0.254
Vl11 116 150 P Active local FE80::D2:1 FE80::5:73FF:FEA0:74
Vl21 21 100 P Standby 10.21.0.2 local 10.21.0.254
Vl21 216 100 P Standby FE80::D2:2 local FE80::5:73FF:FEA0:D8
Close configuration window

Part 4: Configure and Observe HSRP Object Tracking


HSRP can perform object and interface tracking. Either of these tracking methods enables the priority of a
standby group router to be automatically adjusted, based on the status of the tracked entity. When a tracked
entity becomes unavailable, the HSRP priority of the router is decreased. With preemption configured on the
HSRP group, this might cause another router to take over as the active router for a group based on its higher
priority value. When properly configured, the HSRP tracking feature ensures that a router with an unavailable
key interface will relinquish the active router role.

a. Create a tracked object.


Create an object on Switch D1 and D2 that tracks the line-protocol of interface Loopback 0.
Open configuration window
D1(config)# track 4 interface loopback 0 line-protocol
D1(config-track)# exit

D2(config)# track 4 interface loopback 0 line-protocol


D2(config-track)# exit

b. Configure HSRP to track the object status.


On D1, configure standby groups 11 and 116 to track the status of track 4. On D2, configure standby groups
21 and 216 to track the status of track 4. When the tracked object has failed, decrement the system priority by
60.
D1(config)# interface vlan 11
D1(config-if)# standby 11 track 4 decrement 60
D1(config-if)# standby 116 track 4 decrement 60
D1(config-if)# exit

D2(config)# interface vlan 21


D2(config-if)# standby 21 track 4 decrement 60
D2(config-if)# standby 216 track 4 decrement 60
D2(config-if)# exit

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 11 of 26 www.netacad.com
Lab - Implement HSRP

c. Verify the HSRP configuration.


Issue the command show standby on Switch D1. This is the full version of the command, and in the output,
you can see all the adjustments that have been made to this point.
D1# show standby
Vlan11 - Group 11 (version 2)
State is Active
5 state changes, last state change 00:07:30
Virtual IP address is 10.11.0.254
Active virtual MAC address is 0000.0c9f.f00b (MAC In Use)
Local virtual MAC address is 0000.0c9f.f00b (v2 default)
Hello time 250 msec, hold time 750 msec
Next hello sent in 0.240 secs
Authentication MD5, key-string
Preemption enabled
Active router is local
Standby router is 10.11.0.2, priority 100 (expires in 0.816 sec)
Priority 150 (configured 150)
Track object 4 state Up decrement 60
Group name is "hsrp-Vl11-11" (default)
Vlan11 - Group 116 (version 2)
State is Active
1 state change, last state change 00:04:53
Link-Local Virtual IPv6 address is FE80::5:73FF:FEA0:74 (conf auto EUI64)
Active virtual MAC address is 0005.73a0.0074 (MAC In Use)
Local virtual MAC address is 0005.73a0.0074 (v2 IPv6 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.216 secs
Preemption enabled
Active router is local
Standby router is FE80::D2:1, priority 100 (expires in 11.024 sec)
Priority 150 (configured 150)
Track object 4 state Up decrement 60
Group name is "hsrp-Vl11-116" (default)
<output omitted>

d. Verify HSRP complies with the configuration.


a. On D1, shut down interface Loopback 1. Switch D2 should take over as active for group 11. Verify D1’s
current priority value and D2’s status with the show standby brief command.
D1(config)# interface loopback 0
D1(config-if)# shutdown
D1(config-if)#
*Jan 19 16:10:52.041: %TRACK-6-STATE: 4 interface Lo0 line-protocol Up -> Down
D1(config-if)#
*Jan 19 16:10:52.168: %HSRP-5-STATECHANGE: Vlan11 Grp 11 state Active -> Speak
*Jan 19 16:10:53.035: %HSRP-5-STATECHANGE: Vlan11 Grp 11 state Speak -> Standby
D1(config-if)#
*Jan 19 16:10:53.037: %HSRP-5-STATECHANGE: Vlan11 Grp 116 state Active -> Speak
D1(config-if)#

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 12 of 26 www.netacad.com
Lab - Implement HSRP

*Jan 19 16:10:54.040: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0,


changed state to down
D1(config-if)#
*Jan 19 16:10:54.041: %LINK-5-CHANGED: Interface Loopback0, changed state to
administratively down
*Jan 19 16:10:59.047: %HSRP-5-STATECHANGE: Vlan11 Grp 116 state Speak -> Standby
D1(config-if)# end
D1#
D1# show standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Vl11 11 90 P Standby 10.11.0.2 local 10.11.0.254
Vl11 116 90 P Standby FE80::D2:1 local FE80::5:73FF:FEA0:74
Vl21 21 100 P Standby 10.21.0.2 local 10.21.0.254
Vl21 216 100 P Standby FE80::D2:2 local FE80::5:73FF:FEA0:D8

b. Examine the priority information in detail in the output of the show standby command.
D1# show standby
Vlan11 - Group 11 (version 2)
State is Standby
<output omitted>
Active router is 10.11.0.2, priority 100 (expires in 0.720 sec)
MAC address is 7069.5a9f.5654
Standby router is local
Priority 90 (configured 150)
Track object 4 state Down decrement 60
Group name is "hsrp-Vl11-11" (default)
Close configuration window
End of document
Device Configs - Final

Switch D1
D1# show run
Building configuration...

Current configuration : 5434 bytes


!
version 16.9
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
!
hostname D1
!
vrf definition Mgmt-vrf
!
address-family ipv4

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 13 of 26 www.netacad.com
Lab - Implement HSRP

exit-address-family
!
address-family ipv6
exit-address-family
!
no aaa new-model
switch 1 provision ws-c3650-24ps
!
ip routing
!
no ip domain lookup
!
login on-success log
ipv6 unicast-routing
!
license boot level ipservicesk9
!
diagnostic bootup level minimal
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
redundancy
mode sso
!
transceiver type all
monitoring
!
track 4 interface Loopback0 line-protocol
!
class-map match-any system-cpp-police-topology-control
description Topology control
class-map match-any system-cpp-police-sw-forward
description Sw forwarding, L2 LVX data, LOGGING
class-map match-any system-cpp-default
description Inter FED, EWLC control, EWLC data
class-map match-any system-cpp-police-sys-data
description Learning cache ovfl, High Rate App, Exception, EGR Exception,
NFLSAMPLED DATA, RPF Failed
class-map match-any system-cpp-police-punt-webauth
description Punt Webauth
class-map match-any system-cpp-police-l2lvx-control
description L2 LVX control packets
class-map match-any system-cpp-police-forus
description Forus Address resolution and Forus traffic
class-map match-any system-cpp-police-multicast-end-station
description MCAST END STATION
class-map match-any system-cpp-police-multicast
description Transit Traffic and MCAST Data
class-map match-any system-cpp-police-l2-control

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 14 of 26 www.netacad.com
Lab - Implement HSRP

description L2 control
class-map match-any system-cpp-police-dot1x-auth
description DOT1X Auth
class-map match-any system-cpp-police-data
description ICMP redirect, ICMP_GEN and BROADCAST
class-map match-any system-cpp-police-stackwise-virt-control
description Stackwise Virtual
class-map match-any non-client-nrt-class
class-map match-any system-cpp-police-routing-control
description Routing control and Low Latency
class-map match-any system-cpp-police-protocol-snooping
description Protocol snooping
class-map match-any system-cpp-police-dhcp-snooping
description DHCP snooping
class-map match-any system-cpp-police-system-critical
description System Critical and Gold Pkt
!
policy-map system-cpp-policy
!
interface Loopback0
ip address 192.168.1.1 255.255.255.0
shutdown
ipv6 address FE80::D1:3 link-local
ipv6 address 2001:DB8:ACAD:1000::1/64
!
interface Port-channel1
switchport mode trunk
!
interface Port-channel12
switchport mode trunk
!
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet1/0/1
switchport mode trunk
channel-group 12 mode active
!
interface GigabitEthernet1/0/2
switchport mode trunk
channel-group 12 mode active
!
interface GigabitEthernet1/0/3
switchport mode trunk
channel-group 12 mode active
!
interface GigabitEthernet1/0/4

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 15 of 26 www.netacad.com
Lab - Implement HSRP

switchport mode trunk


channel-group 12 mode active
!
interface GigabitEthernet1/0/5
switchport mode trunk
channel-group 1 mode active
!
interface GigabitEthernet1/0/6
switchport mode trunk
channel-group 1 mode active
!
interface GigabitEthernet1/0/7
shutdown
!
interface GigabitEthernet1/0/8
shutdown
!
interface GigabitEthernet1/0/9
shutdown
!
interface GigabitEthernet1/0/10
shutdown
!
interface GigabitEthernet1/0/11
shutdown
!
interface GigabitEthernet1/0/12
shutdown
!
interface GigabitEthernet1/0/13
shutdown
!
interface GigabitEthernet1/0/14
shutdown
!
interface GigabitEthernet1/0/15
shutdown
!
interface GigabitEthernet1/0/16
shutdown
!
interface GigabitEthernet1/0/17
shutdown
!
interface GigabitEthernet1/0/18
shutdown
!
interface GigabitEthernet1/0/19
shutdown
!

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 16 of 26 www.netacad.com
Lab - Implement HSRP

interface GigabitEthernet1/0/20
shutdown
!
interface GigabitEthernet1/0/21
shutdown
!
interface GigabitEthernet1/0/22
shutdown
!
interface GigabitEthernet1/0/23
shutdown
!
interface GigabitEthernet1/0/24
shutdown
!
interface GigabitEthernet1/1/1
shutdown
!
interface GigabitEthernet1/1/2
shutdown
!
interface GigabitEthernet1/1/3
shutdown
!
interface GigabitEthernet1/1/4
shutdown
!
interface Vlan1
no ip address
!
interface Vlan11
ip address 10.11.0.1 255.255.255.0
standby version 2
standby 11 ip 10.11.0.254
standby 11 timers msec 250 msec 750
standby 11 priority 150
standby 11 preempt
standby 11 authentication md5 key-string Super53cret
standby 11 track 4 decrement 60
standby 116 ipv6 autoconfig
standby 116 priority 150
standby 116 preempt
standby 116 track 4 decrement 60
ipv6 address FE80::D1:1 link-local
ipv6 address 2001:DB8:ACAD:11::1/64
!
interface Vlan21
ip address 10.21.0.1 255.255.255.0
standby version 2
standby 21 ip 10.21.0.254

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 17 of 26 www.netacad.com
Lab - Implement HSRP

standby 21 timers msec 250 msec 750


standby 21 preempt
standby 21 authentication md5 key-string Super53cret
standby 216 ipv6 autoconfig
standby 216 preempt
ipv6 address FE80::D1:2 link-local
ipv6 address 2001:DB8:ACAD:21::1/64
!
ip forward-protocol nd
ip http server
ip http secure-server
!
control-plane
service-policy input system-cpp-policy
!
banner motd ^C D1, Implement HSRP ^C
!
line con 0
exec-timeout 0 0
logging synchronous
stopbits 1
line aux 0
stopbits 1
line vty 0 4
exec-timeout 0 0
privilege level 15
password cisco123
logging synchronous
login
line vty 5 15
login
!
end

Switch D2
D2# show run
Building configuration...

Current configuration : 10167 bytes


!
version 16.9
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
! Call-home is enabled by Smart-Licensing.
service call-home
no platform punt-keepalive disable-kernel-core
!
hostname D2

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 18 of 26 www.netacad.com
Lab - Implement HSRP

!
vrf definition Mgmt-vrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
no aaa new-model
switch 1 provision ws-c3650-24ps
!
ip routing
!
no ip domain lookup
!
login on-success log
ipv6 unicast-routing
!
license boot level ipservicesk9
!
diagnostic bootup level minimal
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
redundancy
mode sso
!
transceiver type all
monitoring
!
track 4 interface Loopback0 line-protocol
!
class-map match-any system-cpp-police-topology-control
description Topology control
class-map match-any system-cpp-police-sw-forward
description Sw forwarding, L2 LVX data, LOGGING
class-map match-any system-cpp-default
description Inter FED, EWLC control, EWLC data
class-map match-any system-cpp-police-sys-data
description Learning cache ovfl, High Rate App, Exception, EGR Exception,
NFLSAMPLED DATA, RPF Failed
class-map match-any system-cpp-police-punt-webauth
description Punt Webauth
class-map match-any system-cpp-police-l2lvx-control
description L2 LVX control packets
class-map match-any system-cpp-police-forus
description Forus Address resolution and Forus traffic
class-map match-any system-cpp-police-multicast-end-station

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 19 of 26 www.netacad.com
Lab - Implement HSRP

description MCAST END STATION


class-map match-any system-cpp-police-multicast
description Transit Traffic and MCAST Data
class-map match-any system-cpp-police-l2-control
description L2 control
class-map match-any system-cpp-police-dot1x-auth
description DOT1X Auth
class-map match-any system-cpp-police-data
description ICMP redirect, ICMP_GEN and BROADCAST
class-map match-any system-cpp-police-stackwise-virt-control
description Stackwise Virtual
class-map match-any non-client-nrt-class
class-map match-any system-cpp-police-routing-control
description Routing control and Low Latency
class-map match-any system-cpp-police-protocol-snooping
description Protocol snooping
class-map match-any system-cpp-police-dhcp-snooping
description DHCP snooping
class-map match-any system-cpp-police-system-critical
description System Critical and Gold Pkt
!
policy-map system-cpp-policy
!
interface Loopback0
ip address 192.168.1.1 255.255.255.0
ipv6 address FE80::D2:3 link-local
ipv6 address 2001:DB8:ACAD:1000::1/64
!
interface Port-channel2
switchport mode trunk
!
interface Port-channel12
switchport mode trunk
!
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet1/0/1
switchport mode trunk
channel-group 12 mode active
!
interface GigabitEthernet1/0/2
switchport mode trunk
channel-group 12 mode active
!
interface GigabitEthernet1/0/3
switchport mode trunk

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 20 of 26 www.netacad.com
Lab - Implement HSRP

channel-group 12 mode active


!
interface GigabitEthernet1/0/4
switchport mode trunk
channel-group 12 mode active
!
interface GigabitEthernet1/0/5
switchport mode trunk
channel-group 2 mode active
!
interface GigabitEthernet1/0/6
switchport mode trunk
channel-group 2 mode active
!
interface GigabitEthernet1/0/7
shutdown
!
interface GigabitEthernet1/0/8
shutdown
!
interface GigabitEthernet1/0/9
shutdown
!
interface GigabitEthernet1/0/10
shutdown
!
interface GigabitEthernet1/0/11
shutdown
!
interface GigabitEthernet1/0/12
shutdown
!
interface GigabitEthernet1/0/13
shutdown
!
interface GigabitEthernet1/0/14
shutdown
!
interface GigabitEthernet1/0/15
shutdown
!
interface GigabitEthernet1/0/16
shutdown
!
interface GigabitEthernet1/0/17
shutdown
!
interface GigabitEthernet1/0/18
shutdown
!

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 21 of 26 www.netacad.com
Lab - Implement HSRP

interface GigabitEthernet1/0/19
shutdown
!
interface GigabitEthernet1/0/20
shutdown
!
interface GigabitEthernet1/0/21
shutdown
!
interface GigabitEthernet1/0/22
shutdown
!
interface GigabitEthernet1/0/23
shutdown
!
interface GigabitEthernet1/0/24
shutdown
!
interface GigabitEthernet1/1/1
shutdown
!
interface GigabitEthernet1/1/2
shutdown
!
interface GigabitEthernet1/1/3
shutdown
!
interface GigabitEthernet1/1/4
shutdown
!
interface Vlan1
no ip address
shutdown
!
interface Vlan11
ip address 10.11.0.2 255.255.255.0
standby version 2
standby 11 ip 10.11.0.254
standby 11 timers msec 250 msec 750
standby 11 preempt
standby 11 authentication md5 key-string Super53cret
standby 116 ipv6 autoconfig
standby 116 preempt
ipv6 address FE80::D2:1 link-local
ipv6 address 2001:DB8:ACAD:11::2/64
!
interface Vlan21
ip address 10.21.0.2 255.255.255.0
standby version 2
standby 21 ip 10.21.0.254

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 22 of 26 www.netacad.com
Lab - Implement HSRP

standby 21 timers msec 250 msec 750


standby 21 priority 150
standby 21 preempt
standby 21 authentication md5 key-string Super53cret
standby 21 track 4 decrement 60
standby 216 ipv6 autoconfig
standby 216 priority 150
standby 216 preempt
standby 216 track 4 decrement 60
ipv6 address FE80::D2:2 link-local
ipv6 address 2001:DB8:ACAD:21::2/64
!
ip forward-protocol nd
ip http serverip http secure-server
!
control-plane
service-policy input system-cpp-policy
!
banner motd ^C D2, Implement HSRP ^C
!
line con 0
exec-timeout 0 0
logging synchronous
stopbits 1
line aux 0
stopbits 1
line vty 0 4
exec-timeout 0 0
privilege level 15
password cisco123
logging synchronous
login
line vty 5 15
login
!
end

Switch A1
A1# show run
Building configuration...

Current configuration : 2319 bytes


!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 23 of 26 www.netacad.com
Lab - Implement HSRP

hostname A1
!
boot-start-marker
boot-end-marker
!
no aaa new-model
system mtu routing 1500
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface Port-channel1
switchport mode trunk
!
interface Port-channel2
switchport mode trunk
!
interface FastEthernet0/1
switchport mode trunk
channel-group 1 mode active
!
interface FastEthernet0/2
switchport mode trunk
channel-group 1 mode active
!
interface FastEthernet0/3
switchport mode trunk
channel-group 2 mode active
!
interface FastEthernet0/4
switchport mode trunk
channel-group 2 mode active
!
interface FastEthernet0/5
shutdown
!
interface FastEthernet0/6
shutdown
!
interface FastEthernet0/7
shutdown
!
interface FastEthernet0/8
shutdown
!
interface FastEthernet0/9
shutdown
!

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 24 of 26 www.netacad.com
Lab - Implement HSRP

interface FastEthernet0/10
shutdown
!
interface FastEthernet0/11
shutdown
!
interface FastEthernet0/12
shutdown
!
interface FastEthernet0/13
shutdown
!
interface FastEthernet0/14
shutdown
!
interface FastEthernet0/15
shutdown
!
interface FastEthernet0/16
shutdown
!
interface FastEthernet0/17
shutdown
!
interface FastEthernet0/18
shutdown
!
interface FastEthernet0/19
shutdown
!
interface FastEthernet0/20
shutdown
!
interface FastEthernet0/21
shutdown
!
interface FastEthernet0/22
shutdown
!
interface FastEthernet0/23
switchport access vlan 11
switchport mode access
spanning-tree portfast edge
!
interface FastEthernet0/24
switchport access vlan 21
switchport mode access
spanning-tree portfast edge
!
interface GigabitEthernet0/1

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 25 of 26 www.netacad.com
Lab - Implement HSRP

shutdown
!
interface GigabitEthernet0/2
shutdown
!
interface Vlan1
no ip address
!
interface Vlan11
ip address 10.11.0.3 255.255.255.0
!
ip default-gateway 10.11.0.254
ip http server
ip http secure-server
!
banner motd ^C A1, Implement HSRP ^C
!
line con 0
exec-timeout 0 0
logging synchronous
line vty 0 4
exec-timeout 0 0
privilege level 15
password cisco123
logging synchronous
login
line vty 5 15
login
!
end

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 26 of 26 www.netacad.com

You might also like