As you see in the article “Implementing High Availability with HSRP“, it is quite simple configure Hot Standby Router Protocol.

Some cases require a custom configuration, using priority, track, preempt etc…and these are:

The standby preempt interface configuration command allows the router to become the active router when its priority is higher than all other HSRP-configured routers in this Hot Standby group. The configurations of both routers include this command so that each router can be the standby router for the other router. If you do not use the standby preempt command in the configuration for a router, that router cannot become the active router.

interface configuration command allows the router to become the active router when its priority is higher than all other HSRP-configured routers in this Hot Standby group. The configurations of both routers include this command so that each router can be the standby router for the other router. If you do not use the standby preempt command in the configuration for a router, that router cannot become the active router. The standby priority interface configuration command sets the router’s HSRP priority (the default priority is 100).

interface configuration command sets the router’s HSRP priority (the default priority is 100). The standby timers interface configuration command sets the interval in seconds between hello messages (called the hello time) to five seconds and sets the duration in seconds that a router waits before it declares the active router to be down (called the hold time) to eight seconds. (The defaults are three and 10 seconds, respectively.) If you decide to modify the default values, you must configure each router to use the same hello time and hold time.

interface configuration command sets the interval in seconds between hello messages (called the hello time) to five seconds and sets the duration in seconds that a router waits before it declares the active router to be down (called the hold time) to eight seconds. (The defaults are three and 10 seconds, respectively.) If you decide to modify the default values, you must configure each router to use the same hello time and hold time. The standby track command allows you to specify another interface on the router for the HSRP process to monitor in order to alter the HSRP priority for a given group. If the line protocol of the specified interface goes down, the HSRP priority is reduced. This means that another HSRP router with higher priority can become the active router if that router has standby preempt enabled.

command allows you to specify another interface on the router for the HSRP process to monitor in order to alter the HSRP priority for a given group. If the line protocol of the specified interface goes down, the HSRP priority is reduced. This means that another HSRP router with higher priority can become the active router if that router has standby preempt enabled. The standby authentication interface configuration command establishes an authentication string whose value is an unencrypted eight-character string that is incorporated in each HSRP multicast message. This command is optional. If you choose to use it, each HSRP-configured router in the group should use the same string so that each router can authenticate the source of the HSRP messages that it receives.

Suppose to have this physical configuration:

Partial configuration of Ciscozine_1 layer3 switch:

Ciscozine_1# ip routing interface FastEthernet0/0 switchport trunk encapsulation dot1q switchport mode trunk interface FastEthernet0/1 switchport trunk encapsulation dot1q switchport mode trunk interface FastEthernet0/2 switchport trunk encapsulation dot1q switchport mode trunk interface FastEthernet0/3 switchport trunk encapsulation dot1q switchport mode trunk interface Vlan101 ip address 172.16.101.2 255.255.255.0 standby 1 ip 172.16.101.1 standby 1 priority 150 standby 1 preempt standby 1 track FastEthernet0/3 55 standby 1 authentication C3s_101 no shutdown interface Vlan102 ip address 172.16.102.2 255.255.255.0 standby 2 ip 172.16.102.1 standby 2 preempt standby 2 track FastEthernet0/3 standby 2 authentication C3s_102 no shutdown interface Vlan103 ip address 172.16.103.2 255.255.255.0 standby 3 ip 172.16.103.1 standby 3 priority 150 standby 3 preempt standby 3 track FastEthernet0/3 50 standby 3 authentication C3s_103 no shutdown



Partial configuration of Ciscozine_2 layer3 switch:

Ciscozine_2# ip routing interface FastEthernet0/0 switchport trunk encapsulation dot1q switchport mode trunk interface FastEthernet0/1 switchport trunk encapsulation dot1q switchport mode trunk interface FastEthernet0/2 switchport trunk encapsulation dot1q switchport mode trunk interface FastEthernet0/3 switchport trunk encapsulation dot1q switchport mode trunk interface Vlan101 ip address 172.16.101.3 255.255.255.0 standby 1 ip 172.16.101.1 standby 1 preempt standby 1 track FastEthernet0/3 standby 1 authentication C3s_101 no shutdown interface Vlan102 ip address 172.16.102.3 255.255.255.0 standby 2 ip 172.16.102.1 standby 2 priority 150 standby 2 preempt standby 2 track FastEthernet0/3 60 standby 2 authentication C3s_102 no shutdown interface Vlan103 ip address 172.16.103.3 255.255.255.0 standby 3 ip 172.16.103.1 standby 3 preempt standby 3 track FastEthernet0/3 standby 3 authentication C3s_103 no shutdown

The commands

switchport trunk encapsulation dot1q switchport mode trunk enable the dot1q trunk between the switches.

The command

ip routing enable the routing on the layer3 switches.

Ciscozine_1 layer3 switch is the primary device for VLAN 101 and VLAN 103 and the backup device for VLAN 102; Ciscozine_2 layer3 switch is the primary device for VLAN 102 and the backup device for VLAN101 and VLAN 103. This type of configuration permits to balance the network load.

If there is a failure of FastEthernet 0/3 on the primary device, the backup device will be the new primary device, unless FastEthernet 0/3 on the backup device has also failed or the FastEthernet0/3 on the primary device will active again. This behaviour is drawn below.

If Ciscozine_1 FastEthernet0/3 is down, the Ciscozine_2 will be the active router for VLAN 101 and VLAN 103.

If the Ciscozine_1 FastEthernet0/3 and Ciscozine_2 FastEthernet0/3 are down, the active router for VLAN 101 and VLAN 103 will be Ciscozine_1.

Now look at this configuration:

Ciscozine_1 Ciscozine_2 interface Vlan103 interface Vlan103 ip address 172.16.103.2 255.255.255.0 ip address 172.16.103.3 255.255.255.0 standby 3 ip 172.16.103.1 1 standby 3 ip 172.16.103.1 standby 3 priority 150 2 standby 3 preempt 3 standby 3 preempt standby 3 track FastEthernet0/3 50 4 standby 3 track FastEthernet0/3 standby 3 authentication Cés_103 5 standby 3 authentication Cés_103

In this instance:

the standby ip address is 172.16.103.1

the HSRP prefers the router with higher priority and, if it is equal, it prefers the highter IP address. Ciscozine_1 is the active router because it has a priority of 150 while Ciscozine_2 has default priority of 100.

bofh switches have preempt to become the active router when its priority is higher than all other HSRP-configured routers in this Hot Standby group.

Interface tracking enables the priority of a standby group router to be automatically adjusted based on the availability of that router’s interfaces. When a tracked interface becomes unavailable, the HSRP priority of the router is decreased. When properly configured, the HSRP tracking feature ensures that a router with an unavailable key interface relinquishes the active router role. If the Ciscozine_1 FastEthernet0/3 is down, the HSRP priority is decremented of 50 and so the priority will be 100 (150-50). Bofh router will be a HSRP priority of 100 and then the Ciscozine_2 will be the active router because it has the higher ip address. If the Ciscozine_2 FastEthernet 0/3 will be down, the priority of Ciscozine_2 will be decremented of 10 (default value) and so the priority will be 90 (100-10). Then the active router will be Ciscozine_1 again!

the authentication key is C3s_103 and it is sent in clear text. Remember that from the IOS release 12.3(2)T it is possible send the hashed key using MD5.

Similar behavior is applied to VLAN 101 and VLAN 102.