Hot Standby Routing Protocol (HSRP)


Scenario:

Internet traffic is becoming more and more important since the company you are working for is focused on e-commerce. Every minute that their webservers running webshops are unavailable is causing profit loss. The company decided need a scalable solution and get rid of the single router (NewJersey), so there is no single point of failure anymore. Up to you to start configuring!

Goal:

  • All IP addresses have been preconfigured as following:

    NewYork: F0/0: 192.168.1.1 /24
    NewYork: F1/0: 192.168.2.1 /24

    NewJersey: F0/0: 192.168.1.2 /24
    NewJersey F1/0: 192.168.2.2 /24

    L.A.: F0/0: 192.168.1.3 /24
    L.A.: F1/0: 192.168.2.3 /24

    HOST: F0/0: 192.168.1.200 /24

    IPS: F0/0: 192.168.2.254 /24
     

  • The ISP router has the following loopback interfaces, these are used to simulate the Internet.

    Loopback0: 172.16.1.1 /24
    Loopback1: 172.16.2.1 /24
    Loopback2: 172.16.3.1 /24
     

  • The host router has been configured with “no ip routing” which will turn it into an ordinary host.
  • OSPF has been configured on all routers except the host router for full connectivity.
  • Configure NewYork, Newjersey and L.A. for HSRP, use the standby group number “1”.
  • The virtual IP Address should be 192.168.1.254 /24 . The virtual mac address should be 1234.5678.9abc.
  • Newjersey should be the Active router, when it fails L.A. should take over.
  • Hello packets should be sent every 7 seconds.
  • Make sure the router with highest priority will always be the active router.
  • Configure authentication for HSRP, use password “vault”.
  • When the HSRP active router’s F1/0 interface goes down, make sure it’s no longer the active HSRP router.
  • Configure the virtual IP address of HSRP as default gateway on the Host Router.
  • Ensure you can ping the loopbacks of the ISP router from the Host router.
  • Ensure that whenever 2 out of 3 routers are down, the Host router still has connectivity to the ISP.

It took me 1000s of hours reading books and doing labs, making mistakes over and over again until I mastered all the routing protocols for CCNP.

Would you like to be a master of routing too? In a short time without having to read 900 page books or google the answers to your questions and browsing through forums?

I collected all my knowledge and created a single ebook for you that has everything you need to know to become a master of routing.

You will learn all the secrets about HSRP, gateway redundancy and more.

Does this sound interesting to you? Take a look here and let me show you how to Master CCNP ROUTE

IOS:

c3640-jk9s-mz.124-16.bin

Topology:

Hot Standby Routing Protocol

Video Solution:

Configuration Files

You need to register to download the GNS3 topology file. (Registration is free!)

Once you are logged in you will find the configuration files right here.

Opt In Image
Do you want your CCNA or CCNP Certificate?

The How to Master series helps you to understand complex topics like spanning-tree, VLANs, trunks, OSPF, EIGRP, BGP and more.

Written by René Molenaar - CCIE #41726

You May Also Like

About the Author: Rene Molenaar

René - CCIE #41726 is the creator of GNS3Vault.com where he shares CCNA, CCNP and CCIE R&S labs. He also blogs about networking on http://networklessons.com

25 Comments

  1. I would but i didn’t create them so far…i’ll do so when i have more time. What part are you having trouble with? if you post it here i’ll answer your question.

    Rene

  2. Ok, I don`t understand what to mean when you say “The virtual mac address should be 111:2222:3333.” Can you explain me how it’s work?. I never had read anything about this address.

    To do this: “Newjersey should be the Active router, when it fails L.A. should take over”, I guess that I must configure the maximum priority in NewJersey (200) and another low in L.A. (190) Right?

    To do this: “Make sure the router with highest priority will always be the active router” I think that I need the “preemt” command but I`m not sure.

    I don`t know how to do this: “When the HSRP active router’s F1/0 interface goes down, make sure it’s no longer the active HSRP router”. What’t the point?

    Thanks for your help. I apologize for my English 🙁

    1. [url=http://www.cisco.com/en/US/docs/ios/12_3/ipaddr/command/reference/ip1_s2g.html#wp1083868]here[/url]

      You need the following command

      [b]standby 1 mac-address 1234.5678.9abc[/b]

  3. No worries Emilio.

    HSRP uses a virtual IP address for the ‘virtual gateway’ that the clients will use. It makes sense that if you have a virtual IP it’ll also use a virtual mac address. You can change this if you want.

    You are correct about the priority.

    You are also correct about preempt. Preempt means that the higher priority router will always take over. If you don’t configure this then you need to reset HSRP to make the highest priority router take over again.

    HSRP supports ‘interface tracking’. This is very cool…when an interface goes down the router gets a penalty and the priority becomes worse. When this happens the router with the next best priority will take over 8)

    Good luck!

  4. I`m going to test it and will comment the results. I hope no problems with the OSPF configuration….

    Thanks

  5. Ok, I think I got the goals. When interface f1/0 in NewJersey router is down, L.A. router becomes the Active router. If f1/0 interface in L.A. router is also down, NewYork router is the Active. Add the configs. Tell me if you think is working right. Thanks

  6. hostname NewJersey
    interface FastEthernet0/0
    ip address 192.168.1.2 255.255.255.0
    duplex auto
    speed auto
    standby 1 ip 192.168.1.254
    standby 1 timers 7 21
    standby 1 priority 110
    standby 1 preempt
    standby 1 authentication vault
    standby 1 track FastEthernet1/0 25
    !
    interface FastEthernet1/0
    ip address 192.168.2.2 255.255.255.0
    duplex auto
    speed auto
    !
    router ospf 1
    log-adjacency-changes
    network 192.168.1.0 0.0.0.255 area 0
    network 192.168.2.0 0.0.0.255 area 0

    —————————————————–
    hostname L.A.
    interface FastEthernet0/0
    ip address 192.168.1.3 255.255.255.0
    duplex auto
    speed auto
    standby 1 ip 192.168.1.254
    standby 1 timers 7 21
    standby 1 preempt
    standby 1 authentication vault
    standby 1 track FastEthernet1/0 15
    !
    interface FastEthernet1/0
    ip address 192.168.2.3 255.255.255.0
    duplex auto
    speed auto
    !
    router ospf 1
    log-adjacency-changes
    network 192.168.1.0 0.0.0.255 area 0
    network 192.168.2.0 0.0.0.255 area 0

    ———————————————————————-

    hostname NewYork
    interface FastEthernet0/0
    ip address 192.168.1.1 255.255.255.0
    duplex auto
    speed auto
    standby 1 ip 192.168.1.254
    standby 1 timers 7 21
    standby 1 priority 90
    standby 1 preempt
    standby 1 authentication vault
    standby 1 track FastEthernet1/0
    !
    interface FastEthernet1/0
    ip address 192.168.2.1 255.255.255.0
    duplex auto
    speed auto
    !
    router ospf 1
    log-adjacency-changes
    network 192.168.1.0 0.0.0.255 area 0
    network 192.168.2.0 0.0.0.255 area 0

    1. You have forgotten the no shut on the interfaces, otherwise you can apply the ospf without any interface up:

      [b]00:32:56: %OSPF-4-NORTRID: OSPF process 1 cannot start. There must be at least one "up" IP interface, for OSPF to use as router ID

      [/b]

    1. HSRP is a L3 feature so is independent fro, L2 VLAN.
      You can have several HSRP groups in the same interface or even in subinterfaces

    2. Normally we configure an HSRP group for each VLAN so that each VAN has a redundant default gateway.

  7. Hi Renee,

    That’s a nice lab… the only thing I don’t get is that I can ping the ISP interfaces from the host but there’s no default route configured in the host router. I totally understand later when the default router is configured but how the router can ping the ISP before the default gateway is configured ?

  8. Very nice would be awesome if you could add
    line con 0
    no exec-time
    logg syn

    Without no exec-time my cpu spikes like crazy (laptop) and logg syn is just nice. But i liked the lab thanks again.

  9. I would like to add this tidbit for testing from the host. when you do the ping from the host repeat it 1000 times so you when you do the shut on the interface fa1/0 you can see where it times out and than comes alive again and how long that delay is. here’s what it looks like.

    ping 172.16.2.1 [b]repeat 1000[/b]

    Type escape sequence to abort.
    Sending 1000, 100-byte ICMP Echos to 172.16.2.1, timeout is 2 seconds:
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!U.U.U…………………!!!!!!!!!!
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
    !!!!!!!!!!!!!!!!!!!!
    Success rate is 97 percent (974/1000), round-trip min/avg/max = 12/29/44 ms

  10. When i ping the Loopback address from the Host to the ISP i receive U.U.U responseThere is any idea how to solve this issue.Thanks

  11. Hey USBAH71,

    I just barely had the exact same issue that you’re talking about. I tried pinging from all of my routers to see if any of them could see the ISP or the Loopbacks. I realized that he was completely isolated. I solved the issue by enabling OSPF on the ISP router and then adding all 4 networks. After this everything worked perfectly.

    Hope this helps,

    mcarter.tx

  12. Thank you for the lab.
    Can i please ask why when we trace from the host to 172.16.3.1 is not “obeying” and its passing from other routers than the hsrp active one ?
    Regards.

  13. Hi Rene,

    This was a pretty good lab. I never used that track command. I appreciate you showing us advanced stuff even in CCNA labs. This is great preparation!

  14. hello René

    I have a question regarding authentication, on page 240 of your book you write in a table: VRRP does not support authentication in RFC 3738 but later you configure VRRP and configure the authentication with md5 encryption; I’m confused on the above, could you help me?

    Your attention is appreciated. With regard to the practice of HSRP I seemed very good and instructive.

  15. Hi. Can someone help me. I am receiving this error i and i dont know what to do

    Connected to Dynamips VM “NewYork” (ID 6, type c3600) – Console port
    Press ENTER to get the prompt.
    ROMMON emulation microcode.

    Launching IOS image at 0x80008000…

    Smart Init is disabled. IOMEM set to: 5

    Using iomem percentage: 5

    !!! WARNING – VM is n

Comments are closed.