Basic HSRP Configuration
Lab Objectives
- Configure a basic HSRP group with a virtual IP on the R1–R2 link.
- Verify HSRP status using
show standby. - Test failover by taking the primary router offline and observe the backup take over.
Lab Tasks (Try It Yourself First!)
Complete these tasks WITHOUT looking at the solution below. Use
?andshowcommands to figure it out.
Task 1: Configure HSRP on R1 and R2
On the R1–R2 link (10.10.10.0/24), configure an HSRP group that provides the virtual gateway IP of 10.10.10.254. Make R1 the preferred active router by increasing its HSRP priority and enabling preemption; leave R2 with the default priority.
Task 2: Verify HSRP status
On both R1 and R2, verify the HSRP group state, the virtual IP, the active and standby routers, and whether preemption is enabled.
Task 3: Test failover
Simulate a failure of the active router (R1) by administratively shutting down its Gi0/0, confirm R2 becomes active. Bring R1 back up and confirm it regains active status due to preemption.
Think About It: If both routers have identical priority and preemption is disabled, how is the active HSRP router chosen? What real-world risk does relying on default priorities create in a production gateway redundancy design?
Lab Solution
Base Topology (exact IPs on interfaces)
[Internet]
203.0.113.1
|
R1 (Gateway)
Gi0/0: 10.10.10.1
Gi0/1: 10.10.20.1
Gi0/2: 10.10.30.1
/ | \
R2 R3 R4
Gi0/0: 10.10.10.2 | Gi0/0: 10.10.30.2
Gi0/1: 10.10.40.1 |
/ \ |
S1 S2 S3
/ \ | /
PC1 PC2 PC3 PC4 PC5
IP SCHEME (relevant):
- R1 Gi0/0 = 10.10.10.1/24
- R2 Gi0/0 = 10.10.10.2/24
- HSRP virtual IP = 10.10.10.254
Task 1 Solution: Configure HSRP on R1 and R2
What we are doing: We create an HSRP group on the R1–R2 interface so hosts on the 10.10.10.0/24 network can use a single virtual gateway address (10.10.10.254). R1 will be configured with a higher priority and preemption so it becomes active and will re-take the role when it recovers.
! On R1
interface GigabitEthernet0/0
ip address 10.10.10.1 255.255.255.0
standby 1 ip 10.10.10.254
standby 1 priority 110
standby 1 preempt
! On R2
interface GigabitEthernet0/0
ip address 10.10.10.2 255.255.255.0
standby 1 ip 10.10.10.254
What just happened:
interface GigabitEthernet0/0— selects the physical interface connecting R1 and R2.ip address ...— assigns the router's real interface IP in the 10.10.10.0/24 network.standby 1 ip 10.10.10.254— defines HSRP group 1 and sets the virtual gateway IP that hosts will use.standby 1 priority 110— raises R1’s HSRP priority above the default (100). HSRP uses priority to choose the active router.standby 1 preempt— enables preemption so that when R1 returns after a failure, it will resume the active role if it has the higher priority.
These commands allow two routers to present a single gateway IP to hosts. In production, this provides a seamless gateway for hosts when one router fails.
Verify:
! On R1
show standby
Expected output (R1 - Active):
GigabitEthernet0/0 - Group 1
State is Active
1 state change, last state change 00:02:15
Virtual IP address is 10.10.10.254
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.976 secs
Preemption enabled
Priority 110 (configured 110)
Active router is local
Standby router is 10.10.10.2
! On R2
show standby
Expected output (R2 - Standby):
GigabitEthernet0/0 - Group 1
State is Standby
1 state change, last state change 00:02:15
Virtual IP address is 10.10.10.254
Active virtual MAC address is 0000.0c07.ac01
Hello time 3 sec, hold time 10 sec
Next hello due in 1.843 secs
Preemption disabled
Priority 100 (default)
Active router is 10.10.10.1
Standby router is local
Task 2 Solution: Verify HSRP status
What we are doing: We confirm HSRP is functioning and that R1 is active and R2 is standby.
Commands and why they matter:
! On both routers
show standby
show ip interface brief
show standby: displays HSRP state, virtual IP, timers, priorities, and which router is active/standby — essential for HSRP verification.show ip interface brief: quick check that the physical interfaces are up and IPs are correct.
Expected outputs were shown above for show standby. show ip interface brief should show Gi0/0 up/up on both routers with correct IPs.
Task 3 Solution: Test Failover
What we are doing: Force R1 off the active role to verify R2 takes over; then bring R1 back to verify preemption.
Step A — simulate R1 failure:
! On R1
interface GigabitEthernet0/0
shutdown
shutdownadministratively disables the interface. This simulates a failure of the primary router so HSRP failover can be observed.
Verify on R2:
! On R2
show standby
Expected output after failover (R2 becomes Active):
GigabitEthernet0/0 - Group 1
State is Active
1 state change, last state change 00:00:30
Virtual IP address is 10.10.10.254
Active virtual MAC address is 0000.0c07.ac01
Hello time 3 sec, hold time 10 sec
Preemption disabled
Priority 100 (default)
Active router is local
Standby router is 10.10.10.1 (interface down)
Step B — bring R1 back up and confirm preemption:
! On R1
interface GigabitEthernet0/0
no shutdown
Verify on both routers:
! On R1 and R2
show standby
Expected result: R1 returns to Active due to higher priority and preemption enabled; R2 returns to Standby.
Tip: In a production network, use preemption carefully and ensure the router that will preempt is stable and monitored. Preemption prevents a lower-priority router from remaining active after the preferred router comes back, which is usually desired for predictable routing.
Troubleshooting Scenario
Scenario: Hosts cannot reach the default gateway 10.10.10.254
Symptom: PCs using 10.10.10.254 as gateway show no connectivity; show standby on R1 shows "State is Listen" on both routers.
Your task: Find and fix the issue.
Hint: Check that both routers have the same HSRP virtual IP and the interface IPs are in the same subnet.
Solution:
- Likely there is a mismatch in the configured virtual IP or wrong subnet mask on one interface.
- Fix by verifying and reconfiguring the virtual IP on both routers to the same value and ensuring the interface IPs are in 10.10.10.0/24.
Example fix:
! On the router with incorrect HSRP config
interface GigabitEthernet0/0
ip address 10.10.10.2 255.255.255.0
standby 1 ip 10.10.10.254
Explanation: HSRP peers must share the same virtual IP and be in the same IP subnet; mismatches prevent proper neighbor formation.
Verification Checklist
- R1 Gi0/0 configured with 10.10.10.1/24 and HSRP group 1, virtual IP 10.10.10.254.
- R2 Gi0/0 configured with 10.10.10.2/24 and HSRP group 1, virtual IP 10.10.10.254.
-
show standbyon R1 shows State = Active, Priority = 110, Preemption = enabled. -
show standbyon R2 shows State = Standby (then Active after R1 shutdown). - Failover test: R2 becomes active when R1 Gi0/0 is shut, and R1 preempts when it returns.
Common Mistakes
| Symptom | Cause | Fix |
|---|---|---|
| Hosts cannot reach 10.10.10.254 | Virtual IP configured only on one router or mismatched virtual IP | Configure same standby <group> ip <virtual-ip> on both routers |
| HSRP never forms (both routers in Listen) | Interface IPs not in same subnet or no layer-2 connectivity | Fix IP addressing and verify interface link/up |
| Preferred router does not regain Active after recovery | standby <group> preempt not configured | Enable standby <group> preempt on preferred router |
| Both routers active | Duplicate group numbers with mismatched settings or MAC conflicts | Ensure single group per redundancy pair and consistent configuration |
Challenge Task
Configure a second HSRP group between R1 and R4 on the 10.10.30.0/24 link with virtual IP 10.10.30.254. Make R4 the preferred active router. Verify failover and recovery without step-by-step guidance.
Important real-world note: HSRP provides gateway redundancy at Layer 3. In production data centers and campus networks, HSRP is commonly used on distribution/edge routers to avoid single points of failure for host default gateways. When designing, align HSRP priorities with interface costs, routing policies, and operational expectations so failover behavior is predictable.