HSRP Interface Tracking
Lab Objectives
- Configure HSRP between two routers to provide a virtual gateway for VLAN 10 (192.168.1.0/24).
- Use interface tracking to automatically reduce HSRP priority when the upstream link (to R1) fails, forcing failover.
- Verify HSRP state transitions and test failover by administratively shutting the tracked interface.
Lab Tasks (Try It Yourself First!)
Complete these tasks WITHOUT looking at the solution below. Use
?andshowcommands to figure it out.
Task 1: Configure HSRP for VLAN 10
Configure HSRP group 10 on R2 and R3 for VLAN 10 (192.168.1.0/24). Use virtual IP 192.168.1.1. Make R2 the preferred active router by giving it a higher priority and enable preemption so it becomes active when it is available.
Parameters (do NOT show commands here):
- R2 VLAN 10 address: 192.168.1.2/24
- R3 VLAN 10 address: 192.168.1.3/24
- HSRP group: 10
- Virtual IP: 192.168.1.1
- R2 priority: 110, preempt enabled
- R3 priority: 100, preempt enabled
Task 2: Configure Interface Tracking
On both routers, track the upstream physical interface that connects toward R1 (the Internet). When the tracked interface goes DOWN on the active router, reduce that router's HSRP priority by 50 so the other router becomes active.
Parameters:
- Tracked interface: the Gi0/0 interface on each router (the link to R1)
- Priority decrement when tracked interface fails: 50
Task 3: Test Failover
Simulate an upstream failure by shutting down the tracked interface on the currently active router and verify that HSRP fails over to the other router. Then bring the interface back up and verify that R2 preempts back to active (because it has higher priority).
Think About It: If you set the priority decrement to 20 instead of 50, what could happen when the upstream interface goes down? Why is choosing an appropriate decrement value important in production?
Lab Solution
Topology (exact IPs on every interface)
[Internet]
203.0.113.1
|
R1 (Gateway)
Gi0/0: 10.10.10.1
Gi0/1: 10.10.20.1
Gi0/2: 10.10.30.1
/ | \
R2 R3 R4
Gi0/0: 10.10.10.2 | Gi0/0: 10.10.30.2
Gi0/1: 10.10.40.1 |
/ \ |
S1 S2 S3
/ \ | /
PC1 PC2 PC3 PC4 PC5
Note: For the HSRP VLAN 10 wiring in this lesson we place VLAN 10 subinterfaces on the physical router ports that connect to the switches. We use the physical interface names shown in the base topology (GigabitEthernet0/1 on R2 and GigabitEthernet0/0 on R3) and the exact IP numbers from the base addressing.
Device Table
| Device | Interface | IP Address |
|---|---|---|
| R1 | Gi0/0 | 10.10.10.1 |
| R2 | Gi0/0 | 10.10.10.2 |
| R2 | Gi0/1.10 | 192.168.1.2/24 (VLAN 10 subinterface) |
| R3 | Gi0/0 | 10.10.20.2 |
| R3 | Gi0/0.10 | 192.168.1.3/24 (VLAN 10 subinterface) |
| R4 | Gi0/0 | 10.10.30.2 |
Lab Solution Details
Task 1 Solution: Configure HSRP for VLAN 10
What we are doing: We create VLAN 10 subinterfaces on R2 and R3, assign IPv4 addresses, and enable HSRP group 10 with a shared virtual IP of 192.168.1.1. R2 is configured with a higher priority and preemption so it will be active when available.
R2 configuration:
interface GigabitEthernet0/1.10
encapsulation dot1Q 10
ip address 192.168.1.2 255.255.255.0
!
interface GigabitEthernet0/1
no shutdown
!
standby 10 ip 192.168.1.1
standby 10 priority 110
standby 10 preempt
What each command does and why it matters:
interface GigabitEthernet0/1.10— creates a subinterface for VLAN 10 on the physical port Gi0/1. Using subinterfaces allows one physical link to carry multiple VLANs (common in router-on-a-stick).encapsulation dot1Q 10— tags traffic for VLAN 10. Without this HSRP would not function for this VLAN because frames would lack proper VLAN tagging.ip address 192.168.1.2 255.255.255.0— assigns the router’s IP for VLAN 10; this is used for HSRP state and for actual traffic if this router is active.standby 10 ip 192.168.1.1— configures HSRP group 10 virtual IP that hosts use as their default gateway.standby 10 priority 110— sets R2 to be preferred (higher priority) so it will become active when available.standby 10 preempt— allows R2 to take over as active when it rejoins with higher priority.
R3 configuration:
interface GigabitEthernet0/0.10
encapsulation dot1Q 10
ip address 192.168.1.3 255.255.255.0
!
interface GigabitEthernet0/0
no shutdown
!
standby 10 ip 192.168.1.1
standby 10 priority 100
standby 10 preempt
Verify:
show ip interface brief
Expected (relevant lines shown):
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/1.10 192.168.1.2 YES manual up up
GigabitEthernet0/0.10 192.168.1.3 YES manual up up
show standby
Expected (sample):
Ethernet0/1.10 - Group 10
State is Active
2 state changes, last state change 00:05:12
Virtual IP address is 192.168.1.1
Active router is local
Standby router is 192.168.1.3
Priority 110 (expires in 141 sec)
Preempt enabled
Active timer is 3 sec, hold time is 10 sec
Explaination: The show output demonstrates R2 is Active (expected since it has higher priority). The virtual IP is shown and the standby peer is 192.168.1.3.
Task 2 Solution: Configure Interface Tracking
What we are doing: We will track the routers’ upstream interfaces to R1 (Gi0/0). If the upstream interface on the active router goes down, HSRP will automatically decrement that router’s priority — causing failover to the other router. This models the common production need: if the path to the Internet fails on the active gateway, clients should switch to the other router that still has Internet access.
R2 commands to track its upstream link:
configure terminal
interface GigabitEthernet0/1.10
standby 10 track GigabitEthernet0/0 decrement 50
end
What these commands do and why they matter:
standby 10 track GigabitEthernet0/0 decrement 50— tells HSRP group 10 to reduce the router’s priority by 50 when the local interface Gi0/0 goes down. This large decrement ensures the priority falls below the peer’s so failover occurs. Tracking the upstream interface is essential in production because an active router that loses Internet reachability should not remain active for client traffic.
R3 commands:
configure terminal
interface GigabitEthernet0/0.10
standby 10 track GigabitEthernet0/0 decrement 50
end
Verify:
show standby
Expected (before failure):
Ethernet0/1.10 - Group 10
State is Active
Virtual IP address is 192.168.1.1
Active router is local
Standby router is 192.168.1.3
Priority 110
Track 1 (Interface GigabitEthernet0/0) down? no decrement 50
Tip: Tracking any local interface or object will only take effect when the router can detect the DOWN state. In real networks you may track IP SLA objects for reachability to an Internet IP instead of just the local interface.
Task 3 Solution: Test Failover
What we are doing: Simulate upstream failure by administratively shutting down Gi0/0 on the active router (R2). This should cause R2’s HSRP priority to drop by 50 (from 110 to 60), making R3 (priority 100) the new active router. Then bring Gi0/0 back up and observe R2 preempt back to active.
On the active router (R2):
configure terminal
interface GigabitEthernet0/0
shutdown
end
Verify HSRP changed state on the peer (R3):
show standby
Expected (after shutdown):
Ethernet0/0.10 - Group 10
State is Active
Virtual IP address is 192.168.1.1
Active router is 192.168.1.3
Standby router is 192.168.1.2 (priority reduced)
Priority 100
Track 1 (Interface GigabitEthernet0/0) down? yes decrement 50
Now bring the interface back up on R2:
configure terminal
interface GigabitEthernet0/0
no shutdown
end
Verify preemption:
show standby
Expected (R2 preempts back to Active):
Ethernet0/1.10 - Group 10
State is Active
Virtual IP address is 192.168.1.1
Active router is local
Standby router is 192.168.1.3
Priority 110
Preempt enabled
What just happened: Shutting Gi0/0 on R2 caused its HSRP priority to be decremented by 50, dropping below R3’s priority and forcing R3 to become Active. When Gi0/0 returned, R2 regained its higher priority and preempted back to Active.
Troubleshooting Scenario
Scenario: R2 does not relinquish Active state when its upstream interface goes down
Symptom: After shutting Gi0/0 on R2 you still see R2 as Active and clients cannot reach the Internet.
Your task: Find and fix the issue.
Hint: Check whether the track command references the correct interface and whether the decrement value is large enough.
Solution:
- Show HSRP tracking configuration:
show running-config | include standby|track
- If the
standby ... trackline is missing or referencing the wrong interface (e.g.,GigabitEthernet0/1instead ofGigabitEthernet0/0), reconfigure:
configure terminal
interface GigabitEthernet0/1.10
standby 10 track GigabitEthernet0/0 decrement 50
end
- If the decrement is too small (e.g., 10) and R2’s adjusted priority remains higher than R3, increase the decrement to a value that ensures failover (e.g., 50).
Verification Checklist
- HSRP virtual IP 192.168.1.1 is configured on both routers for group 10.
- R2 shows Priority 110 and preempt enabled; R3 shows Priority 100.
- Both routers track their Gi0/0 interfaces with decrement 50.
- Shutting Gi0/0 on active router causes failover to peer.
- Bringing Gi0/0 back up causes R2 to preempt back to Active.
Common Mistakes
| Symptom | Cause | Fix |
|---|---|---|
| No HSRP virtual IP responds on VLAN 10 | HSRP not configured on both peers or wrong group number | Ensure standby <group> ip <virtual-ip> on both routers with same group and IP |
| Active router stays active after upstream failure | Track configured on wrong interface or decrement too small | Verify standby ... track <interface> decrement <value> references correct interface and uses sufficient decrement |
| Clients still use old gateway after failover | Clients cached ARP for old MAC | Wait for ARP timeout or clear ARP on clients/switches; HSRP uses virtual MAC—ensure switches propagate MAC change |
| HSRP never preempts back | Preempt not enabled on preferred router | Configure standby <group> preempt on the preferred router |
Challenge Task
Extend the design to protect two VLANs (VLAN 10 and VLAN 20). Configure HSRP group 10 for VLAN 10 and group 20 for VLAN 20 using the same two routers. Track two upstream conditions: if either Gi0/0 on the local router goes down OR a simulated IP SLA probe to 203.0.113.1 fails, decrement the HSRP priority so failover occurs. Do this without step-by-step guidance — your goal is to make HSRP switch over when either an interface or reachability to the Internet is lost.
Real-world insight: In production data centers, tracking upstream reachability (IP SLA) is often preferred over simply tracking a local interface because an interface can be up but the path beyond it may be broken. Tracking both the interface and remote reachability avoids “split brain” situations where an active gateway cannot actually forward traffic.