In order to simplify the specific topology, if I have understood it correctly, we can disregard the etherchannel and subinterface configurations. Let’s assume we have three physical interfaces on each router, each on VLAN 1, VLAN 2 and VLAN 3. The configuration will essentially be the same.
So, if you want to configure HSRP, you would have to configure three instances of it, one for each pair of interfaces on the same VLAN. it would go as follows:
Router 1
Interface 1 IP Address: 10.10.10.2 standby 10.10.10.1 VLAN1
Interface 2 IP Address: 10.10.20.2 standby 10.10.20.1 VLAN2
Interface 3 IP Address: 10.10.30.2 standby 10.10.30.1 VLAN3
Router 2
Interface 1 IP Address: 10.10.10.3 standby 10.10.10.1 VLAN1
Interface 2 IP Address: 10.10.20.3 standby 10.10.20.1 VLAN2
Interface 3 IP Address: 10.10.30.3 standby 10.10.30.1 VLAN3
Now if you’re getting a warning that ”address is not within a subnet on this interface” HSRP will NOT work. For each instance of HSRP, the physical IP addresses of the associated interfaces and the virtual IP MUST be in the same subnet (as well as the same VLAN).
Hi Rene,
Your HSRP networklesson is awesome.
Can you please put some light on gratituous arp process that happens during failover as well as l2 mac id of hsrp routers that sw learns
Glad to hear you like it. When the active router disappears and the standby router takes over, a gratuitous ARP is sent so that all devices can update their MAC and/or ARP tables. Here’s what it looks like:
HSRP timers consist of the hellotimer and the holdown timer. Let’s say we have Router A and Router B functioning in an HSRP group where Router A is the Active router and Router B is the standby router. Timers by default are set to the following: hello = 3 seconds, holdown = 10 seconds. Hellos are sent every 3 seconds. If Router A goes down and stops sending hello timers, Router B will wait 10 seconds (the holdown timer) before becoming Active.
So the purpose of the hello and holdown timers is to essentially define under what conditions a Standby router becomes an Active router.
In order to understand the preemption delay, it is important to understand preemption. Using our example above, Router A is Active and Router B is Standby. If Router A goes down, Router B will become Active (after the holdown timer expires). Let’s say Router A comes back up. Router B remains Active UNLESS preemption has been configured on Router A, and Router A has a higher priority than Router B. If this is the case, Router A will be forced to assume the Active state and Router B goes into passive.
Now the preemption delay is a certain amount of time that must elapse before Router A assumes the Active state once again. So, contrary to the other timers, it is the amount of time a HSRP router with a higher priority waits before assuming the Active state after it comes back up.
Now you may ask, why is that important? When is it used? Well, when a router first comes up, it does not have a complete routing table. You can set a preemption delay that allows preemption to be delayed for a configurable time period, say 60 seconds. (The default is 0 seconds). This delay period allows the router to populate its routing table before becoming the Active router.
Hi Rene,
While tracing from any source to destination there is HSRP configuration in between in a trace result I observe Physical IP instead of Virtual IP.Can you please explain the reason.
Let’s say you have a HSRP configuration where the virutal IP address is 10.1.1.1, the physical address of R1 is 10.1.1.2 and that of R2 is 10.1.1.3. Let’s say that R1 is currently the active router. If you ping 10.1.1.1, the reply message you get indicates that the echo comes from 10.1.1.1. If you traceroute to an IP address beyond the HSRP pair of routers, then, yes, you will get the IP address of the active router, that is, 10.1.1.2.
According to Cisco, traceroute specifically responds using the physical address of the active router. This is how HSRP is designed. Cisco states the following:
Q. Which IP address must be seen when a reply is received for traceroute?
A. When a reply for traceroute is received from a hop that runs HSRP, the reply must contain the active physical IP adddress and not the virtual ip address.
The router has not determined the virtual IP address, and not yet seen an authenticated Hello message from the active router. In this state the router is still waiting to hear from the active router.
Can you update the lesson or explain us why it`s not important to study it?
The Learn state is a special case. Although it is true that it is a state in HSRP, notice what the description says:
“The router has not determined the virtual IP address…”
In most HSRP configurations and curriculum for exams, you have probably always configured HSRP with the virtual IP address explicitly indicated on the interfaces of all of the routers participating in HSRP. It is however possible for a router to not have the virtual IP address configured and have it learn the address via hello message from the active router. So in order for you to see the Learn state, you must configure the virtual IP address only on the active HSRP router. If the virtual IP address is configured on ALL routers participating in HSRP, the Learn state NEVER occurs.
If the exam curriculum covers situations where only one router has the virtual IP configured, then you should know and understand this concept. If not, it won’t be necessary for your exam.
the lesson does this from the config instead of the config-if (which is interface for vlan 100 in the below scenario).
What is the difference here is this just two different ways to do something? from the point of taking the CCNP exam do you need to know both. I am just confused in their being two different command syntax here and was curious about it.
On DSW1, you should issue the following command to configure HSRP group 100 to track the
FastEthernet 0/1 interface:
DSW1(config-if)#standby 100 track fastethernet 0/1 20
Interface tracking enables HSRP to automatically decrement the priority for the HSRP group that is
configured on the router when the tracked interface’s line protocol enters the down state. Because
you want DSW1’s HSRP priority for group 100 to automatically be set to HSRP’s default priority
when the FastEthernet 0/1 interface goes down, you should decrement the priority value of 120 by
20. The default HSRP priority for a given group is 100.
In order to configure HSRP priority, you use the tracking configuration described in the lesson. This will tie the router hot standby priority to the availability of this interface. It will specifically change the value of the priority and thus potentially change the roles of the active/standby routers.
The command SW2(config)track 1 interface GigabitEthernet 0/2 line-protocol is not HSRP specific. It is part of a feature of Cisco devices called Enhanced Object Tracking.
Cisco describes the difference like so:
Before the introduction of the Enhanced Object Tracking feature, the Hot Standby Router Protocol (HSRP) had a simple tracking mechanism that allowed you to track the interface line-protocol state only. If the line-protocol state of the interface went down, the HSRP priority of the router was reduced, allowing another HSRP router with a higher priority to become active.
The Enhanced Object Tracking feature separates the tracking mechanism from HSRP and creates a separate standalone tracking process that can be used by other Cisco IOS XE processes and HSRP. This feature allows tracking of other objects in addition to the interface line-protocol state.
So essentially, the EOT functionality is an enhancement on the simple HSRP specific tracking mechanism that can be used by HSRP and by other functions as well.
We have two PE routers in active/standby mode which send/receive HSRP hellos on a trunk link between the two devices. There is also a link on each router down to the customers LAN.
If our trunk link goes down and both routers go into Active mode, what does this mean for traffic routed from the customers LAN out to the internet? Which virtual address will traffic use as both PEs will be advertising as Active?
The HSRP hellos between the routers will be exchanged between the two interfaces facing the customer LAN and not over the trunk link between them. If Router 1 has an IP address of 10.10.10.2, Router 2 an address of 10.10.10.3 and they share a virtual IP address of 10.10.10.1, then the two customer facing interfaces are on the same subnet and exchange hellos between them. So the scenario you are describing above will never occur.
What if HSRP is configured on both routers but the hellos are blocked by an access-list causing HSRP to never establish. The customer router still has the virtual IP configured as it’s default gateway… which router would it use to reach the internet?
If for whatever reason hellos cannot be exchanged, then both routers will think that they are the active router. Therefore they will both assume the virtual IP address. This will cause an IP address conflict as there will be two same addresses on the same subnet. The network would then behave as it would if you had two gateways with the same IP address. Until the hellos can be exchanged again, this would be the case.
It’s not an ideal situation If you have a L2 switch in between then the virtual MAC address will flap between the two interfaces that connect to your HSRP routers.
I did practice this lesson in a GNS3 lab. Unfortunately ; It did not work as explained by the lesson. Redundancy between SW1 and SW2 worked perfectly. But, I was not able to ping the virtual gateway IP (from the host).
I googled a little bit and found the following link :
This article does teach that the configuration of standby should be done on network interfaces (Gi0/1) and not on Vlan 1 interface. I did what the article says and it worked.
I think also that some other points has to be clarified :
- Gateway Redundancy is definetly an L3 feature.
- The host must have a dual-NIC (or kind-of) , or an L2 switch be placed between the host and the two standby routers.
If you have a L2 switch in between then the virtual MAC address will flap between the two interfaces that connect to your HSRP routers.