This tutorial explains the terminology and basic concepts of HSRP. Learn what the HSRP protocol is and how it works through a practical example on Packet Tracer.
What is the HSRP?
A default gateway router connects a network's local subnet to a remote subnet of the same network or another network. For backup, if an administrator wants to configure more than one default gateway router, the administrator needs to configure an FHRP protocol. FHRP is a family of protocols that provide a default gateway router redundancy.
To learn more about FHRP, you can check the following tutorial.
HSRP (Hot Standby Router Protocol) is a member of the FHRP family. It is a Cisco proprietary protocol. It works only on Cisco routers. It allows one router to automatically takes over if another fails. In other words, it provides a gateway router redundancy by automatically replacing a failed gateway router with a functional gateway router.
Basic concepts of HSRP
HSRP uses a simple and straightforward concept. This concept is known as an active/passive (standby) concept. The following steps describe this concept.
- Form a group of all available devices.
- Select a device as the main device.
- Keep only the main device in the active state.
- Put all other devices in the passive state or standby state.
- If the main device fails, select a passive device from the available passive devices and make it an active device by changing its state to active.
Before we explore this concept in more detail, let's briefly discuss HSRP terminology.
HSRP Terminology
HSRP uses the following terminology.
HSRP group / Standby group
HSRP is a group of all gateway routers. It includes all routers that are connected to the local subnet and willing to provide default gateway service to the local subnet. A router can't provide the gateway service if it is not part of this group.
Virtual IP address
A virtual IP address is the group address of the HSRP group. This address is assigned to all member routers of the HSRP group. The virtual IP address belongs to the same IP subnet that is used to connect the local subnet to the physical interface of the gateway router.
The same virtual IP address is configured on all member routers. Each member router needs this IP address along with its physical IP address. In other words, each member router has two IP addresses: the physical IP address and the virtual IP address.
The physical IP address is the IP address of the interface that is connected to the local subnet. Each physical interface uses a unique IP address. The virtual IP address is an additional IP address of the interface that is connected to the local subnet. All physical interfaces of the HSRP group use the same virtual IP address.
Virtual MAC address
A MAC address is the physical address of an interface. An interface needs this address to communicate with other interfaces. To communicate with the default gateway interface, the interfaces of the local subnet need the MAC address of the default gateway interface. When you configure the virtual IP address on the member interfaces of the HSRP group, HSRP automatically creates a virtual MAC address and associates it with the virtual IP address.
Virtual Router
A virtual router connects the local subnet to the main gateway router. The hosts of the local subnet forward data packets to the virtual router, and the virtual router forwards them to the destination. A virtual router is not a physical router. It is a role that is held by one member router of the HSRP group. In simple words, a virtual router is the currently active default router.
The following image shows the role of the virtual router in HSRP implementation.
Active router
An active router is the main router. An active router is a physical router that plays the role of a virtual router. It receives the traffic from the local subnet and forwards that traffic to the destination.
Standby router
A standby router is the backup router of the main router. If the main router fails, the standby router quickly takes over the responsibilities of the main router. In other words, if the main router fails, HSRP automatically transfers the role of the virtual router to the standby router.
Other routers
The other router is a backup router of the standby router. You can add up to 255 routers in an HSRP group. If the main router fails, the standby router takes over the responsibilities of the main router, and the other router takes over the responsibilities of the standby router. In simple words, if an HSRP group router is not an active or standby router, then it is the other router.
The following image shows the role of the virtual router, active router, standby router, and other routers.
Let's take a practical example on Packet Tracer to understand how it works.
HSRP Packet Tracer Example
Create a packet tracer lab as shown in the following image.
This lab has three components: a local network, a WAN link, and a remote network. The local network is connected to the remote network through the WAN link. The local network has only one path to reach the remote network, and that path goes through the Router0. The Router0 is the default gateway of the local network. If Router0 fails, the local network can't access the remote network. To avoid this failure, let's add one backup router as shown in the following image.
Now, we will do the initial configuration on the devices to make this network active.
If you are interested only in the HSRP configuration, you can download the following preconfigured and skip the following initial configuration section.
Initial configuration
Configure Router0, Router1, Router2, and Server0 as shown in the following image.
Router0 (main gateway router) configuration
Router>enable Router# Router#configure terminal Router(config)#interface GigabitEthernet0/0 Router(config-if)#ip address 10.0.0.1 255.0.0.0 Router(config-if)#no shutdown Router(config-if)# Router(config-if)#exit Router(config)#interface Serial0/0/1 Router(config-if)#ip address 20.0.0.1 255.0.0.0 Router(config-if)#no shutdown Router(config-if)#exit Router(config)#router rip Router(config-router)#network 10.0.0.0 Router(config-router)#network 20.0.0.0 Router(config-router)# exit Router(config)#
Router1 (backup gateway router) configuration
Router>enable Router#configure terminal Router(config)#interface GigabitEthernet0/0 Router(config-if)#ip address 10.0.0.2 255.0.0.0 Router(config-if)#no shutdown Router(config-if)#exit Router(config)#interface Serial0/0/0 Router(config-if)#ip address 30.0.0.1 255.0.0.0 Router(config-if)#no shutdown Router(config-if)#exit Router(config)#router rip Router(config-router)#network 10.0.0.0 Router(config-router)#network 30.0.0.0 Router(config-router)#
Router2 configuration
Router>enable Router# Router#configure terminal Router(config)#interface GigabitEthernet0/0 Router(config-if)#ip address 40.0.0.1 255.0.0.0 Router(config-if)#no shutdown Router(config-if)#exit Router(config)#interface Serial0/0/0 Router(config-if)#ip address 30.0.0.2 255.0.0.0 Router(config-if)#no shutdown Router(config-if)#exit Router(config)#interface Serial0/0/1 Router(config-if)# ip address 20.0.0.2 255.0.0.0 Router(config-if)#no shutdown Router(config-if)#exit Router(config)#router rip Router(config-router)# network 20.0.0.0 Router(config-router)#network 30.0.0.0 Router(config-router)#network 40.0.0.0 Router(config-router)# exit Router(config)#
Static IP configuration on the Server system
Now, this lab is ready for the practice of the HSRP configuration.
HSRP configuration
HSRP configuration is also simple. You only need one command to configure the initial HSRP, and that command is the following.
Router(config-if)#standby group-id ip ip-address
You need to execute this command from the sub-configuration mode of the interface that provides the default gateway functionality. This command requires two parameters: group-id and ip-address. The group-id is the group number of HSRP. The ip-address is a virtual IP address that you want to use as the default gateway IP address.
You need to execute the same command on all interfaces (main interface and backup interfaces) that you want to use as a default gateway for the local subnet. In our example network, Router0's GigabitEthernet0/0 is the main gateway interface, and we will use Router1's GigabitEthernet0/0 as the backup gateway interface.
To configure HSRP on both interfaces, we will use the following command.
Router(config-if)#standby 1 ip 10.0.0.10
This command will set the HSRP group number to 1 and the virtual default gateway IP address to 10.0.0.10. You can select any group number from the range 0 - 4095. But after selecting the group number, use the same group number on both the main interface and backup interfaces.
You should select the virtual IP address that belongs to the IP subnet of the main physical gateway interface. The IP subnet of our main gateway interface is 10.0.0.0/24. Like group number, once the virtual IP address is selected, we need to use the same virtual IP address on all interfaces that participate in HSRP.
HSRP configuration of Router0 (main gateway router)
Router>enable Router#configure terminal Router(config)#interface gigabitEthernet 0/0 Router(config-if)#standby 1 ip 10.0.0.10 Router(config-if)#exit Router(config)#
HSRP configuration of Router1 (backup gateway router)
Router>enable Router#configure terminal Router(config)#interface gigabitEthernet 0/0 Router(config-if)#standby 1 ip 10.0.0.10 Router(config-if)#exit Router(config)#
We also need to configure the hosts of the local network to use the virtual gateway IP address instead of the physical gateway IP address.
Assign IP configuration on both PCs.
Verifying HSRP configuration
To verify the HSRP configuration, first, test the connectivity between the local subnet and the remote subnet and note down the path that the hosts of the local subnet use to access the remote subnet.
To test connectivity, you can use the 'ping' command. To print the path, you can use the 'tracert' command. The following image shows the output of both commands.
The above output verifies that the local subnet is connected to the remote host via the default gateway. Now suppose, the main gateway router fails. To simulate this failure, either remove the link connecting Router0 to the Switch or turn off the interface of the Switch that connects the Switch to Router0.
Now check the connectivity between the local subnet and remote subnet again.
If HRSP is configured, HRSP automatically replaces the failed gateway router with an available standby router. As you can see in the above output, the local subnet is still connected to the remote network but via a different (backup) path. This verifies that the failed gateway has been replaced.
If you want to download the lab used in this tutorial, you can download it from the following link.
Packet Tracer LAB with HSRP configuration
This lab contains all the configurations explained in this tutorial.
You can also use the 'show standby' command to view the current state of the router or know the HRSP group number and virtual IP address.
This is a basic configuration of HSRP. This configuration does not allow you to select the main gateway router. With this configuration, HSRP will make a router the active router (main router) if it comes up first. Furthermore, with this configuration, a backup (standby) router does nothing but wait for the main router to fail. These issues can be fixed by using the advanced HSRP configuration.
That's all for this tutorial. In the next part of this tutorial, we will learn the advanced HSRP configuration. If you like this tutorial, please don't forget to share it with friends through your favorite social network.