8-6. Router Redundancy with HSRP Route processors in the same or another chassis can share redundant gateway addresses on a VLAN by using the Hot Standby Router Protocol (HSRP). Route processors sharing a common HSRP IP address must belong to the same HSRP group number. The HSRP address appears on the network with a special virtual MAC address00-00-0C-07-AC-XX, where XX is the HSRP group number (0 to 255). The hosts on the HSRP VLAN use this MAC address as the default gateway. Although HSRP is enabled on an interface, each route processor still maintains its own unique IP and MAC addresses on the VLAN interface. These addresses are used by other routers for routing protocol traffic. When an HSRP group is enabled, the highest-priority HSRP device at that time becomes the active router, whereas the second-highest-priority stays in the standby state. All other HSRP devices in the group maintain a "listening" state, waiting for the active device to fail. A new active router election occurs only when the active device fails. The previous active router (having the highest priority) may reclaim its active role by preempting the other HSRP routers in the group. HSRP devices communicate by sending a hello message over UDP at multicast address 224.0.0.2. These messages are sent every 3 seconds by default. Devices on a VLAN use the HSRP address as their default gateway. If one of the HSRP devices fails, there will always be another one to take its place as the default gateway address.
Configuration 1. | Specify the HSRP group number and IP address:
COS | N/A | IOS | [View full width] (interface) standby [group-number] ip [ip-address  [secondary]]
|
The VLAN interface participates in HSRP group group-number (0 to 255, default 0) as HSRP IP address ip-address. Use the secondary keyword if this address corresponds to a secondary address on the actual VLAN interface. This allows HSRP addresses to be activated for both primary and secondary interface addresses.
The group number and the IP address should be the same across all Layer 3 devices participating in HSRP on the VLAN. This also makes the HSRP virtual MAC address identical on all the HSRP devices.
TIP It is common practice to use the VLAN number as the HSRP group number, for convenient reference. However, the Catalyst 6000 PFC2/MSFC2 combination supports only up to 16 different HSRP groups (each numbered 1 to 255). You can, however, reuse a group number on several VLAN interfaces as long as no bridging exists between the VLANs. | 2. | (Optional) Set the HSRP priority:
COS | N/A | IOS | [View full width] (interface) standby [group-number] priority priority [preempt [delay minimum delay]]
|
The interface negotiates with other HSRP devices in the group to become the active device. Assign a priority (1 to 255, default 100) value to each HSRP device so that the one with the highest priority (255 is the highest) becomes active. Adjust the priorities of all other devices to achieve expected elections if the active device fails.
If the active device (highest priority) fails, it waits until the new active device (lower priority) fails before becoming active again. Use the preempt keyword to allow the device to immediately take over the active role again. You can add the delay minimum keywords to cause preemption to wait until delay (0 to 3600 seconds, default 0 or no delay) time after the Layer 3 switch has been restarted. This allows a period of time for the routing protocols to converge.
| 3. | (Optional) Use HSRP authentication:
COS | N/A | IOS | [View full width] (interface) standby [group-number] authentication string
|
By default, any device can participate in HSRP communications. You can use the authentication keyword to force HSRP devices to authenticate with one another by using string (text string, up to eight characters) as a clear-text key.
| 4. | (Optional) Tune the HSRP timers:
COS | N/A | IOS | [View full width] (interface) standby [group-number] timers [msec] hellotime [msec] holdtime
|
You can adjust the time between HSRP hello messages to hellotime (1 to 254 seconds, default 3 seconds, or 50 to 999 milliseconds, by using msec.
HSRP devices listen for hellos from the active device until a holdtime period expires. After this, the active device is declared dead and the next-highest-priority device becomes active. You can adjust this to holdtime (up to 255 seconds, default 10 seconds, or up to 3000 milliseconds) by using msec. Make sure the holdtime is set consistently across all HSRP devices in the group.
|
TIP To be notified of HSRP active device changeovers, you can enable SNMP traps from the HSRP MIB. Use the snmp-server enable traps hsrp command. See section "12-2: SNMP" for more information about SNMP configuration.
HSRP Example Two Layer 3 switches have interfaces on VLAN 199. These devices could be two MSFC modules in a single Catalyst 6000 chassis or in two separate chassis, or two Catalyst 3550 switches, and so on. Here, HSRP group 1 is used. In fact, HSRP group 1 can be used on every VLAN interface, provided that no Layer 2 bridging is configured. The HSRP devices will share the 192.168.104.1 IP address so that the hosts on VLAN 199 will always have a default gateway available. Note that IP address 192.168.104.1 will appear as the virtual MAC address 00-00-0C-07-AC-01 (01 signifying HSRP group 1). The devices are set with an HSRP hello time of 3 seconds and a holdtime of 40 seconds. Device A is configured with priority 210, making it the active device over device B's priority of 200. Device A is configured to preempt all other lower-priority HSRP devices that might become active, but only if this is at least 60 seconds after it has been restarted. This will allow it to immediately take over its active role if needed. (This is not necessary in a two-router HSRP scenario because the two devices will always trade off the active role. Preemption can be useful when more than two HSRP devices participate in a group.) Finally, the HSRP devices use the string myhsrpkey in all HSRP communication as a simple form of authentication. If a host attempts to use HSRP messages without the authentication key, none of the other devices will listen to it. Layer 3 Device A configuration: COS | N/A | IOS | (global) interface vlan 199 (interface) standby 1 ip 192.168.104.1 (interface) standby 1 priority 210 preempt delay 60 (interface) standby 1 authentication myhsrpkey (interface) standby 1 timers 3 40
|
Layer 3 Device B configuration: COS | N/A | IOS | (global) interface vlan 199 (interface) standby 1 ip 192.168.104.1 (interface) standby 1 priority 200 preempt (interface) standby 1 authentication myhsrpkey (interface) standby 1 timers 3 40
|
Displaying Information About HSRP You can use the switch commands in Table 8-7 to display helpful information about HSRP on interfaces. Table 8-7. Commands to Display HSRP InformationDisplay Function | Switch OS | Command |
|---|
Concise HSRP status | COS | N/A | IOS | (exec) show standby brief
| HSRP on a specific VLAN interface | COS | N/A | IOS | [View full width] (exec) show standby Vlan vlan-number [hsrp-group] [brief]
|
|
