Base Config: FHRP

First Hop Redundancy Protocol (FHRP) is a computer networking protocol which is designed

to protect the default gateway used on a subnetwork by allowing two or more routers to provide backup for that address; in the event of failure of an active router, the backup router

will take over the address, usually within a few seconds. In practice, such protocols can also be used to protect other services operating on a single IP address, not just routers.

Cisco Hot-Standby Router Protocol (HSRP)
– Cisco proprietary
– Active-Standby (standby groups) one is active the other is standby
One is active other is in standby state
– hello timer – 3 seconds
– hold timer – 10 seconds

Virtual Router Redundancy Protocol (VRRP)
– IETF (multivendor)
– hello timer – 1 second
– hold timer – 3 seconds

Gateway Load Balancing Protocol (GLBP)
– Cisco proprietary
– Allows Active-Active Load-Balancing
One is assigned as active virtual gateway (AVG) that responds to ARP requests (load balanced mac replies)
Others act as active virtual forwarders (AVF)
– hello timer – 3 seconds
– hold timer – 10 seconds

Configure HSRP (base config)

In this configuration we are going to setup redundancy on the outgoing internet line, shown in this topology:

Start on Router1:

Linuxsource-Router1> enable
Linuxsource-Router1# configure terminal
Linuxsource-Router1(config)# interface FastEthernet 0/0
Linuxsource-Router1(config-if)# standby 1 ip 10.0.0.1

When:
% Warning: address is not within a subnet on this interface 
Then you have to give the interface an ip address (or in the same range/subnet as it is configured)

Or:
% address cannot equal interface IP address 
This means that you cannot have the same ip on the interface and the virtual-ip.

So configure the ip and create the standby-group 1:

Linuxsource-Router1(config-if)# ip address 10.0.0.2 255.255.255.0
Linuxsource-Router1(config-if)# standby 1 ip 10.0.0.1

%HSRP-6-STATECHANGE: FastEthernet0/0 Grp 1 state Speak -> Standby
%HSRP-6-STATECHANGE: FastEthernet0/0 Grp 1 state Standby -> Active

Review te config:

Linuxsource-Router1(config)# do show standby
FastEthernet0/0 - Group 1 (version 2)
  State is Active
    14 state changes, last state change 00:35:04
  Virtual IP address is 10.0.0.1
  Active virtual MAC address is 0000.0C9F.F001
    Local virtual MAC address is 0000.0C9F.F001 (v2 default)
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 1.63 secs
  Preemption disabled
  Active router is local
  Standby router is unknown
  Priority 100 (default 100)
  Group name is hsrp-Fa0/0-1 (default)

Go to Router2:

Linuxsource-Router2> enable
Linuxsource-Router2# configure terminal
Linuxsource-Router2(config)# interface FastEthernet 0/0
Linuxsource-Router2(config-if)# ip address 10.0.0.3 255.255.255.0
Linuxsource-Router2(config-if)# standby 1 ip 10.0.0.1
Linuxsource-Router2(config-if)# no shutdown

%HSRP-6-STATECHANGE: FastEthernet0/0 Grp 1 state Speak -> Standby
%HSRP-6-STATECHANGE: FastEthernet0/0 Grp 1 state Standby -> Active

Linuxsource-Router2(config-if)# do show standby
FastEthernet0/0 - Group 1 (version 2)
  State is Active     <--- this router is now the active router!
    7 state changes, last state change 00:43:33
  Virtual IP address is 10.0.0.1
  Active virtual MAC address is 0000.0C9F.F001
    Local virtual MAC address is 0000.0C9F.F001 (v2 default)
  Hello time 3 sec, hold time 10 sec <-- timers are set to
    Next hello sent in 1.22 secs
  Preemption disabled
  Active router is local  <---this router
  Standby router is 10.0.0.2  <--- the backup router1
  Priority 100 (default 100)  <----the priority of this router (100 is default)
  Group name is hsrp-Fa0/0-1 (default)

Features:
– Shutdown the interface and the router is not waiting the 10 seconds (hold timers) to set the other as active. (same with reboot)
– The highest ip is set as active router by default! In this case, router2 has the highest ip and is set as the active-router.

Priority
The router with the highest priority, becomes the active router!
Set the priority of Router2 higher then the default (100) priority of router1 by:

Linuxsource-Router2(config-if)# standby 1 priority 110
Linuxsource-Router2(config-if)# standby 1 preempt

Delay

You can set a delay before the failover is taking place.
This fresh rebooted router hasn’t got any routing table recieved by EIGRP, OSPF or other routing protocol.
You want the failover/fallback is being done, when the router is stable after 300 seconds. (and routing tables are filled)

Linuxsource-Router2(config-if)# standby 1 preempt delay minimum 300

Track (interface)

Now we also want the failover taking place, when serial 0/0 on one of the routers is down (not only the router itself)
Configure router1, to monitor interface serial 0/0. (uses preemt!)

Linuxsource-Router1(config-if)# standby 1 preempt     <-- if not configured before)
Linuxsource-Router1(config-if)# standby 1 track serial 0/0

Timers

You can specify the hold/wait times by doing the following:

Linuxsource-Router2(config-if)# standby 1 timers 1  3      <-- 1 for the hello timers and 3 for hold timers

Authentication

Set authentication so no other (unknown) router is going to join this group. (e.g man in the middle attack) Use MD5 (hash) and not (plain) text, because this can sniffed!
You can also use key-chain, but in this example we use MD5. (not included in the packet trace file !)

Set the string on Router2:

Linuxsource-Router2(config-if)# standby 1 authentication md5 key-string My_Hashed_Key

Set the string on Router1:

Linuxsource-Router1(config-if)# standby 1 authentication md5 key-string My_Hashed_Key

Download the Packet Tracer file here !