Hot Standby Router Protocol (HSRP)

1. What Is HSRP in Networking?

In the previous course, you learned the importance of First Hop Redundancy Protocols (FHRPs) in ensuring network reliability and availability. Now, we’ll explore what is HSRP in networking and why it’s one of the most widely used FHRPs developed by Cisco.

HSRP provides redundancy for your network's default gateway, ensuring continuous connectivity even if a router fails.

By the end of this course, you’ll understand how HSRP works, its roles, and how to configure it effectively in a network.

2. HSRP Group

HSRP organizes routers into logical units called HSRP groups, identified by a unique group number. These groups work together to share a virtual gateway address that devices on the network can use.

HSRP Group Example

In our example, we’ll group Router R1 and Router R2 into HSRP Group 1.

what is HSRP in networking diagram showing HSRP Group 1 with R1 and R2 sharing a virtual IP for default gateway redundancy

Figure 1 – HSRP Group Topology

Once you decide which routers belong to the same HSRP group, you assign a Virtual IP Address (VIP) that acts as the gateway address.

3. HSRP VIP

The VIP is the IP address shared by the HSRP group and it serves as the default gateway for devices in the network. End devices use this VIP to communicate with devices outside their subnet.

Assigning the VIP

In our network (192.168.10.0/24), we assign the VIP 192.168.10.3 for HSRP Group 1. Hosts in this network will use 192.168.10.3 as their default gateway.

Network diagram showing HSRP group with an active and standby router sharing a virtual IP (VIP) for default gateway redundancy.

Figure 2 – HSRP Virtual IP (VIP) Assigned as Default Gateway

Configuration Example

Here’s how to configure the VIP for HSRP Group 1 on R1 and R2:

R1 Configuration:

R1(config)# interface g0/0
R1(config-if)# ip address 192.168.10.1 255.255.255.0
R1(config-if)# standby 1 ip 192.168.10.3

R2 Configuration:

R2(config)# interface g0/0
R2(config-if)# ip address 192.168.10.2 255.255.255.0
R2(config-if)# standby 1 ip 192.168.10.3

Key Notes:

  • standby initiates HSRP.

  • 1 represents the HSRP group number.

  • The ip command sets the Virtual IP Address (VIP).

4. HSRP Roles

In every HSRP group, routers are assigned specific roles to ensure network redundancy and reliability.

Active Router

The Active Router is responsible for managing traffic destined for the Virtual IP Address (VIP).

It:

  • Responds to ARP requests for the VIP.

  • Handles all traffic from devices using the VIP as their default gateway.

Standby Router

The Standby Router acts as a backup.

It:

  • Monitors the Active Router by exchanging Hello packets.

  • Takes over as the Active Router if the current Active Router fails.

Network diagram showing HSRP active and standby routers exchanging hello packets for gateway redundancy and failover protection.

Figure 3 – HSRP Roles: Active and Standby Routers

Assigning Roles

For this course, we will configure:

  • R1 as the Active Router: R1 will handle the network traffic under normal conditions.

  • R2 as the Standby Router: R2 will monitor R1 and take over in case of failure.

In the next section, we will explore how to configure these roles effectively.

5. HSRP Election Process

As you learn about HSRP, a common question might come to mind:

Illustration introducing the HSRP election process, explaining how active and standby router roles are determined.

Figure 4 – How Active and Standby are elected ?

This is an excellent question and the answer is straightforward.

The election of Active and Standby routers in HSRP is determined by two key parameters:

Diagram explaining the HSRP election process based on router priority and highest IP address in case of a tie.

Figure 5 – HSRP Election Criteria: Priority and IP Address

1. Priority

The router with the highest priority is elected as the Active Router.

  • By default, all routers have a priority of 100, but this can be manually adjusted to influence the election.

  • The priority value ranges from 0 to 255, with 255 being the highest possible priority.

Configuring priority allows you to designate specific routers for the Active and Standby roles

2. Highest IP Address

  • If two or more routers have the same priority, the router with the highest IP address on the HSRP interface is elected as the Active Router.

This acts as a tiebreaker when priority values are identical.

Configuring Active and Standby Roles

To designate R1 as the Active Router and R2 as the Standby Router, you need to adjust their priority values. This ensures R1 takes the Active role while R2 remains on standby, ready to take over in case of a failure.

Network diagram showing HSRP group with active and standby routers based on priority configuration for default gateway redundancy

Figure 6 – Manual Configuration of Active and Standby Roles in HSRP

R1 Configuration (Active Router)

R1(config)# interface g0/0
R1(config-if)# ip address 192.168.10.1 255.255.255.0
R1(config-if)# standby 1 ip 192.168.10.3
R1(config-if)# standby 1 priority 110

  1. interface g0/0: Specifies the interface to configure.

  2. ip address 192.168.10.1 255.255.255.0: Assigns an IP address and subnet mask to the interface.

  3. standby 1 ip 192.168.10.3: Configures the HSRP group (1) and assigns the Virtual IP (VIP) 192.168.10.3.

  4. standby 1 priority 110: Sets the HSRP priority to 110, ensuring R1 becomes the Active Router.

R2 Configuration (Standby Router)

R2(config)# interface g0/0
R2(config-if)# ip address 192.168.10.2 255.255.255.0
R2(config-if)# standby 1 ip 192.168.10.3
R2(config-if)# standby 1 priority 100

  1. interface g0/0: Specifies the interface to configure.

  2. ip address 192.168.10.2 255.255.255.0: Assigns an IP address and subnet mask to the interface.

  3. standby 1 ip 192.168.10.3: Configures the HSRP group (1) and assigns the Virtual IP (VIP) 192.168.10.3.

  4. standby 1 priority 100: Sets the HSRP priority to 100, ensuring R2 becomes the Standby Router.

6. HSRP States

HSRP routers transition through several states to determine their roles within the group, ultimately deciding which router will become the Active Router and which will become the Standby Router.

Diagram illustrating the different HSRP states from Initial to Active, showing the router role transition process.

Figure 7 – HSRP Router State Transitions

In this setup with two routers:

  • R1 will transition to the Active State, becoming the primary router responsible for forwarding traffic.

  • R2 will move to the Standby State, ready to take over if R1 becomes unavailable.

7. HSRP Versions

HSRP has two main versions: HSRPv1 and HSRPv2.

Each version has distinct characteristics in terms of addresses, compatibility, and scalability.

HSRP Version 1 (HSRPv1)

  • Virtual MAC Address: 0000.0C07.ACxx

    • xx represents the group number in hexadecimal (AC0A for group 10).

  • Multicast Address: 224.0.0.2 (used for hello packets).

  • Group Limit: Supports up to 256 groups (0–255).

Diagram explaining the structure of the HSRPv1 virtual MAC address, highlighting vendor code, HSRP identifier, and group number.

Figure 8 – HSRP Version 1 Virtual MAC Address Format

HSRP Version 2 (HSRPv2)

  • 1Virtual MAC Address: 0000.0C9F.Fxxx

    • xxx represents the group number in hexadecimal (F1F4 for group 500).

  • Multicast Address: 224.0.0.102 (less prone to conflicts).

  • Group Limit: Supports up to 4096 groups.

  • IPv6 Support: Fully supported, ideal for modern dual-stack networks.

Diagram explaining the HSRPv2 virtual MAC address structure, detailing vendor code, HSRP identifier, and group number.

Figure 9 – HSRP Version 2 Virtual MAC Address Format

Changing HSRP Version

To configure or change the HSRP version on an interface, use the following command in global configuration mode:

Router(config)# interface 
Router(config-if)# standby version <1 | 2>

  • Replace with the interface you are configuring (GigabitEthernet0/1).

  • Replace <1 | 2> with the desired HSRP version.

Version Compatibility

All routers within the same HSRP group must use the same HSRP version. A version mismatch will prevent communication and disable group functionality. Always verify version settings to ensure proper operation.

8. HSRP Hello and Hold Timers

HSRP routers use Hello packets to maintain communication and monitor the status of peers within the group. These timers play a vital role in detecting failures !

Network diagram showing HSRP hello and hold timers between active and standby routers for peer monitoring and failover detection.

Figure 10 – HSRP Hello and Hold Timers Between Active and Standby Routers

Hello Timer

  • Determines how often Hello packets are sent.

  • Default value: 3 seconds.

Hold Timer

  • Specifies the duration a router waits without receiving Hello packets before declaring the peer as failed.

  • Default value: 10 seconds.

Customizing the Timers

For networks requiring faster failover, you can configure shorter Hello and Hold timers. Here's how you can do it on R1:

R1(config)# interface g0/0
R1(config-if)# standby 1 timers 1 3

  • Hello Timer: 1 second.

  • Hold Timer: 3 seconds.

Verifying Timer Configuration

After setting the timers, use the show standby command to verify:

R1# show standby
GigabitEthernet0/0 - Group 1
  State is Active
  Hello time 1 sec, hold time 3 sec
  Virtual IP address is 192.168.10.3
  Active router is local
  Standby router is 192.168.10.2

These timers ensure quicker detection and failover in the event of a router failure.

9. HSRP Failover

Failover occurs when the Active Router becomes unavailable. The Standby Router then transitions into the active state.

Failover Process

  1. The Active Router fails and stops sending Hello packets (due to an power failure).

Network diagram showing HSRP failover process when the active router fails and the standby router detects the failure and takes over.

Figure 11 – HSRP Failover Process

2. The Standby Router detects the absence of Hello packets and wait until the Hold Timer expires.

Network diagram showing HSRP standby router transitioning to active router and sending gratuitous ARP after failover.

Figure 12 – Standby Router Becomes Active

  1. The Standby Router transitions into the Active Router role.

  2. The new Active Router sends a Gratuitous ARP (GARP) to update the ARP caches of connected devices, ensuring traffic continues to the VIP.

Network diagram showing HSRP failover with gratuitous ARP updating hosts to maintain seamless default gateway access.

Figure 13 – Gratuitous ARP After HSRP Failover

Failover is completely transparent to hosts on the network, as they continue using the same VIP (192.168.10.3) as their default gateway.

Logs During Failover

When a router transitions to the Active role, the following log entry appears on R2:

%HSRP-5-STATECHANGE: GigabitEthernet0/0 Grp 1 Standby -> Active

Failover is transparent to network hosts, as they continue using the same VIP as their gateway.

Network diagram showing HSRP failover process with new active router and seamless gateway access during failover logs.

Figure 14 – HSRP Failover Logs and Transparent Gateway

10. HSRP Preemption

Preemption is a feature that ensures the router with the highest priority always becomes the Active Router when it’s available.

Imagine this situation:

You have two routers:

  • R1 with a priority of 150 (currently the Active Router)

  • R2 with a priority of 100 (currently the Standby Router)

If R1 fails, R2 will take over as the Active Router after the hold timer expires.

Now, here’s something important: by default, when R1 comes back online, it will not automatically reclaim its role as the Active Router even though it has a higher priority.

This default behavior occurs because Preemption is not enabled.

Here you can see the process:

Diagram showing HSRP failover and role transition from active to standby router based on priority values.

Figure 15 – HSRP Preemption Behavior

What Happens When Preemption is Enabled?

When we enable Preemption on R1, things change:

  • As soon as R1 recovers, it will automatically reclaim its role as the Active Router because it has a higher priority than R2.

You can see the process below:

Diagram showing HSRP preemption process where the router with higher priority reclaims the active role after recovery.

Figure 16 – HSRP Preemption Enabled on R1

Enabling Preemption

Here’s how you can configure Preemption:

R1(config)# interface g0/0
R1(config-if)# standby 1 preempt

With Preemption enabled, you can ensure that the router with the highest priority is always the active router when the router comes back online.

📢 Preemption is enabled on a router basis!

11. HSRP Load Balancing

HSRP, or Hot Standby Router Protocol, is typically used to ensure network redundancy. One router actively forwards traffic, while the other is on standby, ready to take over if the active router fails. However, HSRP can also be configured to perform load balancing, where traffic is distributed between routers for better resource utilization.

Understanding HSRP Load Balancing

Let’s explore how this works: instead of having one router always active and the other on standby, you can assign different routers as active for specific parts of the network.

For example, one router might handle traffic for VLAN 10, while another manages traffic for VLAN 20. This way, both routers are actively used, reducing the load on each.

Network diagram showing HSRP load balancing with multiple HSRP groups managing different VLANs for optimized traffic distribution.

Figure 17 – HSRP Load Balancing Between VLANs

For your CCNA, it’s important to understand that HSRP can be used for load balancing by creating multiple HSRP groups. Each group is responsible for specific traffic, ensuring both routers contribute to the network.

You don’t need to configure this in detail for the exam just focus on the concept!

12. HSRP Interface Tracking

HSRP Interface Tracking ensures high availability by dynamically adjusting router priorities when a critical interface fails. This feature allows HSRP to transfer the role of Active Router to the Standby Router, maintaining uninterrupted connectivity.

Step 1 : Traffic Flow Through R1 (Active Router)

Network diagram showing HSRP interface tracking with traffic flowing through the active router before a failure event.

Figure 18 – HSRP Interface Tracking: Normal Operation

Imagine this scenario:

  • R1 is the Active Router in the HSRP group, responsible for forwarding all traffic to the internet.

  • Devices in the network use the Virtual IP Address (VIP) assigned to the HSRP group as their default gateway.

  • The link between R1 and the internet is operational, ensuring smooth and uninterrupted traffic flow.

Step 2: R1 WAN Link Failure

Network diagram showing HSRP interface tracking reacting to WAN link failure on the active router R1.

Figure 19 – HSRP Interface Tracking: WAN Link Failure

⚠️ When the link between R1 and the internet fails:

  • R1 remains the Active Router, but it can no longer forward traffic because its WAN link is down.

  • Devices continue sending traffic to the VIP, but this traffic is blocked at R1, causing a network outage.

  • Without Interface Tracking, this failure creates a Single Point of Failure in the network.

Step 3: Traffic Redirected to R2 with Interface Tracking

Network diagram showing HSRP interface tracking redirecting traffic to standby router R2 after WAN link failure on R1.

Figure 20 – HSRP Interface Tracking: R2 Takes Over After WAN Failure

R1 Configuration:

R1(config)# interface GigabitEthernet0/0
R1(config-if)# ip address 192.168.10.1 255.255.255.0
R1(config-if)# standby 1 ip 192.168.10.3
R1(config-if)# standby 1 priority 110
R1(config-if)# standby 1 track GigabitEthernet0/1 decrement 20

R2 Configuration:

R1(config)# interface GigabitEthernet0/0
R1(config-if)# ip address 192.168.10.2 255.255.255.0
R1(config-if)# standby 1 ip 192.168.10.3
R1(config-if)# standby 1 priority 100

Now, consider the same scenario with Interface Tracking enabled:

How it works:

  • HSRP detects the failure on R1’s critical interface.

  • R1’s priority is automatically reduced (from 110 to 90).

  • The reduction in priority allows R2 to take over as the Active Router.

  • Devices continue using the VIP as their default gateway, but traffic is now forwarded through R2, ensuring uninterrupted connectivity.

Now that you’ve seen how HSRP handles failover, load balancing, and interface tracking, you should have a clear understanding of what is HSRP in networking and why it's critical in enterprise environments.

13. Conclusion

HSRP ensures gateway redundancy by electing an Active Router and a Standby Router, providing seamless failover in case of failure. Key points to remember:

  • VIP for redundancy – Devices always use the same gateway.

  • Priority-based election – Highest priority (or IP) determines the Active Router.

  • Automatic failover – The Standby Router takes over instantly.

  • Preemption – The highest-priority router reclaims its role when back online.

  • Interface Tracking – Adjusts priority dynamically to prevent traffic black holes.