Using HSRP on Token Ring


You want to configure HSRP on a Token Ring.


You can use HSRP on a Token Ring LAN exactly the same as in Recipe 22.1 if the only protocol on the segment is IP. However, if you have any other protocols, and particularly if the ring uses any source-route bridging, you must use a slightly different configuration:

Router1#configure terminal 
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface Tokenring0
Router1(config-if)#ip address
Router1(config-if)#standby ip
Router1(config-if)#standby use-bia
Router1(config-if)#standby priority 120
Router1(config-if)#standby preempt

The second router is configured similarly:

Router2#configure terminal 
Enter configuration commands, one per line. End with CNTL/Z.
Router2(config)#interface Tokenring0
Router2(config-if)#ip address
Router2(config-if)#standby ip
Router2(config-if)#standby use-bia
Router2(config-if)#standby priority 110
Router2(config-if)#standby preempt



The biggest functional difference between a Token Ring LAN and an Ethernet LAN is that Token Ring bridging is usually source-routed, while Ethernet almost always uses transparent bridging. Consequently, Token Ring devices use a Routing Information Field (RIF), which contains MAC address information.

This is particularly important when the two HSRP routers reside on different physical rings connected by a bridge, as in a switched Token Ring environment, for example. In this case, when HSRP changes the active router, the bridges will see the virtual MAC address suddenly jump from one ring to another, which will disrupt the RIF tables in every bridge.

So, when using HSRP in Token Ring environments, it is usually best to just use the router's burned-in address (BIA) instead of a virtual MAC address. Then HSRP will rely on gratuitous ARP packets to update the ARP cache of every device on the ring, and tell it that the default gateway router has changed.

The key command in this configuration is the use-bia command, which appears on both routers:

Router1(config-if)#standby use-bia

In this case, we are using standby group 0 because we didn't specify a group number, so the virtual MAC address would have been C0-00-00-01-00-00 if we had not changed it to the BIA. The output of a show standby command shows the address that the router is actually using:

Router1#show standby
TokenRing0 - Group 0
 Local state is Active, priority 120, may preempt, use bia
 Hellotime 3 holdtime 10
 Next hello sent in 00:00:02.338
 Hot standby IP address is configured
 Active router is local
 Standby router is expires in 00:00:09
 Standby virtual mac address is 0000.300f.2186

We chose to use standby group 0 in this example because, prior to IOS level 12.0(3.4)T, you could only use this feature with group 0. In newer IOS levels, however, this feature is available for all Token Ring HSRP groups. Without this option, there are only three HSRP groups available. With it, you can configure up to 255 groups, all of which will use the same BIA MAC address.

The use-bia option can also be useful in nonToken-Ring environments. Networks that use DECnet or Xerox Network Services (XNS) frequently encounter MAC address problems as well, even on Ethernet LANs. This is because devices that run both protocols will see two different MAC addresses for the same destination device, which causes confusion. So in these types of environments, we recommend using the burned-in address as well.

You should be aware of two important limitations to this command. First, and most importantly, when you use this option, HSRP must rely on gratuitous ARP to tell end devices that the MAC address of the default gateway has changed. However, some devices do not handle gratuitous ARP packets well. In some implementations, a device will only update its ARP cache if it receives an ARP packet in response to a specific ARP request.

The second limitation is that this option completely breaks Proxy ARP. This is because the end devices believe that the remote IP address is associated with the MAC address of the primary HSRP router. However, the backup router has no way of knowing which remote IP addresses the primary router has sent out Proxy ARP messages for. So it can't update these entries to tell the end devices to use the new MAC address instead.

We know of no workarounds for either of these problems. So please use caution when implementing this feature.

See Also

Recipe 22.1; Recipe 22.2

Router Configuration and File Management

Router Management

User Access and Privilege Levels


IP Routing





Frame Relay

Handling Queuing and Congestion

Tunnels and VPNs

Dial Backup

NTP and Time


Router Interfaces and Media

Simple Network Management Protocol





First Hop Redundancy Protocols

IP Multicast

IP Mobility




Appendix 1. External Software Packages

Appendix 2. IP Precedence, TOS, and DSCP Classifications


Cisco IOS Cookbook
Cisco IOS Cookbook (Cookbooks (OReilly))
ISBN: 0596527225
EAN: 2147483647
Year: 2004
Pages: 505 © 2008-2020.
If you may any questions please contact us: