HSRP Commands

standby authentication

To configure an authentication string for the Hot Standby Router Protocol (HSRP), use the standby authentication command in interface configuration mode. To delete an authentication string, use the no form of this command.

standby [group-number] authentication {text string | md5 {key-string [0 | | 7 | | timeout seconds] | key-chain name-of-chain}}

no standby [group-number] authentication {text string | md5 {key-string [0 | | 7 | timeout seconds] | key-chain name-of-chain}}

Syntax Description

group-number

(Optional) Group number on the interface to which this authentication string applies. Range is from 0 to 65535. The default group number is 0.

text string

Specifies an authentication string. It can be up to eight characters long. The default string is cisco.

md5

Specifies Message Digest 5 (MD5) authentication.

key-string key

Specifies the secret key for MD5 authentication. The key can contain up to 64 characters. We recommend that you use at least 16 characters.

0

(Optional) Specifies an unencrypted key. If no prefix is specified, the text is also unencrypted.

7

(Optional) Specifies an encrypted key.

timeout seconds

(Optional) Duration, in seconds, that HSRP accepts message digests based on both the old and new keys.

key-chain name-of-chain

Identifies a group of authentication keys.

Command Default

No text authentication string is configured.

Command Modes

Interface configuration (config-if)

Command History

Release

Modification

Cisco IOS XE Catalyst SD-WAN Release 17.7.1a

This command was introduced.

Usage Guidelines

For usage guidelines, see the Cisco IOS XE standby <group-number> authentication command.

The following example shows how to configure company1 as the authentication string required to allow hot standby routers in group 1 to interoperate: 

interface GigabitEthernet 0/0/1
!
	standby 1 authentication text company1
!

The following example shows how to configure MD5 authentication using a key string named 345890: 


interface GigabitEthernet 0/0/1
!
	standby 1 ip 10.21.0.12
	standby 1 priority 110
	standby 1 preempt
	standby 1 authentication md5 key-string 345890 timeout 30
!

The following example shows how to configure MD5 authentication using a key chain. HSRP queries the key chain “hsrp1” to obtain the current live key and key ID for the specified key chain: 


key chain hsrp1
!
	key 1 
!
	key-string 543210
	exit
!
	interface GigabitEthernet 0/0/1
!
	standby 1 ip 10.21.0.10
	standby 1 priority 110
	standby 1 preempt
	standby 1 authentication md5 key-chain hsrp1
!

standby follow

To configure an Hot Standby Router Protocol (HSRP) group to become an IP redundancy client of another HSRP group, use the standby follow command in interface configuration mode. To remove the configuration of an HSRP group as a client group, use the no form of this command.

standby group-number follow group-name

no standby group-number follow group-name

Syntax Description

group-number

Group number on the interface for which HSRP is being activated. Range is from 0 to 65535. The default is 0.

group-name

Name of the master group for the client group to follow.

Command Default

HSRP groups are not configured as client groups.

Command Modes

Interface configuration (config-if)

Command History

Release

Modification

Cisco IOS XE Catalyst SD-WAN Release 17.7.1a

This command was introduced.

Usage Guidelines

For usage guidelines, see the Cisco IOS XE standby <group-number> follow command.

Use the show standby command to display complete information about an HSRP client group.

The following example shows how to configure HSRP group 2 as a client to the HSRP1 master group: 


interface GigabitEthernet 0/0/1
!
   standby 2 follow HSRP1

standby ip

To activate the Hot Standby Router Protocol (HSRP), use the standby ip command in interface configuration mode. To disable HSRP, use the no form of this command.

standby group-number ip [ ip-address [secondary] ]

no standby [group-number] ip [ip-address]

Syntax Description

group-number

(Optional) Group number on the interface for which HSRP is being activated. The default is 0. The group number range is from 0 to 255 for HSRP version 1 and from 0 to 4095 for HSRP version 2.

ip-address

(Optional) IP address of the hot standby router interface.

secondary

(Optional) Indicates that the IP address is a secondary Hot Standby router interface. Useful on interfaces with primary and secondary addresses; you can configure primary and secondary HSRP addresses.

Command Default

The default group number is 0. HSRP is disabled by default.

Command Modes

Interface configuration (config-if)

Command History

Release

Modification

Cisco IOS XE Catalyst SD-WAN Release 17.7.1a

This command was introduced.

Usage Guidelines

For usage guidelines, see the Cisco IOS XE standby <group-number> ip command.

The following example shows how to activate HSRP for group 1 on GigabitEthernet interface 0/0/1. The IP address used by the hot standby group is learned using HSRP: 


interface GigabitEthernet 0/0/1 
!
	standby 1 ip

The following example shows how all three virtual IP addresses appear in the Address Resolution Protocol (ARP) table using the same (single) virtual MAC address. All three virtual IP addresses are using the same HSRP group (group 1). 


ip address 10.1.1.1 255.255.255.0
ip address 10.2.2.2 255.255.255.0 secondary
ip address 10.3.3.3 255.255.255.0 secondary
ip address 10.4.4.4 255.255.255.0 secondary
standby 1 ip 10.1.1.254
standby 1 ip 10.2.2.254 secondary
standby 1 ip 10.3.3.254 secondary

standby ipv6

To activate the Hot Standby Router Protocol (HSRP) in IPv6, use the standby ipv6 command in interface configuration mode. To disable HSRP, use the no form of this command.

standby group-number ipv6 { link-local-ipv6-address | autoconfig }

no standby group-number ipv6 { link-local-ipv6-address | autoconfig }

Syntax Description

group-number

(Optional) Group number on the interface for which HSRP is being activated. The default is 0. The group number range is from 0 to 255 for HSRP version 1 and from 0 to 4095 for HSRP version 2.

link-local-ipv6-address

Link-local address of the hot standby router interface.

autoconfig

Indicates that a virtual link-local address is generated automatically from the link-local prefix and a modified EUI-64 format interface identifier, where the EUI-64 interface identifier is created from the relevant HSRP virtual MAC address.

Command Default

The default group number is 0. HSRP is disabled by default.

Command Modes

Interface configuration (config-if)

Command History

Release

Modification

Cisco IOS XE Catalyst SD-WAN Release 17.7.1a

This command was introduced.

Usage Guidelines

For usage guidelines, see the Cisco IOS XE standby <group-number> ipv6 command.

The following example shows how to enable an HSRP group for IPv6 operation:


Device(config)# standby version 2
Device(config)# interface GigabitEthernet0/0/1
Device(config-if)# standby ipv6 autoconfig

The following example shows how to configure an HSRP IPv6 address:

Device(config)# interface GigabitEthernet0/0/1
Device(config-if)# no ip address
Device(config-if)# ipv6 address FE80::233:33FF:FE33:3333
Device(config-if)# standby version 2
Device(config-if)# standby 110 ipv6 FE80::233:33FF:FE33:3333

standby mac-address

To specify a virtual MAC address for the Hot Standby Router Protocol (HSRP), use the standby mac-address command in interface configuration mode. To revert to the standard virtual MAC address (000.0C07.ACxy ), use the no form of this command.

standby group-number mac-address mac-address

no standby group-number mac-address

Syntax Description

group-number

Group number on the interface for which HSRP is being activated. Range is from 0 to 65535. The default is 0.

mac-address

MAC address.

Command Default

If this command isn't configured, and the standby use-bia command isn't configured, the standard virtual MAC address—0000.0C07.ACxy, where xy is the group number in hexadecimal. This address is specified in RFC 2281, Cisco Hot Standby Router Protocol (HSRP).

Command Modes

Interface configuration (config-if)

Command History

Release

Modification

Cisco IOS XE Catalyst SD-WAN Release 17.7.1a

This command was introduced.

Usage Guidelines

For usage guidelines, see the Cisco IOS XE standby <group-number> mac-address command.

The following example shows how to configure HSRP group 1 with the virtual MAC address, if the end nodes are configured to use 4000.1000.1060 as the MAC address of the network node: 

Device(config)# interface GigabitEthernet 0/0/1
Device(config-if)# standby 1 ipv6 FE80::233:33FF:FE33:3333 
Device(config-if)#  standby 1 mac-address 4000.1000.1060

standby mac-refresh

To change the interval at which packets are sent to refresh the MAC cache when the HSRP is running over FDDI, use the standby mac-refresh command in interface configuration mode. To restore the default value, use the no form of this command.

standby mac-refresh seconds

no standby mac-refresh

Syntax Description

seconds

Specifies the number of seconds in the interval at which a packet is sent to refresh the MAC cache. The maximum value is 255 seconds. The default is 10 seconds.

Command Default

The standby MAC refresh interval is 10 seconds.

Command Modes

Interface configuration (config-if)

Command History

Release

Modification

Cisco IOS XE Catalyst SD-WAN Release 17.7.1a

This command was introduced.

Usage Guidelines

For usage guidelines, see the Cisco IOS XE standby mac-refresh command.

The following example shows how to change the MAC refresh interval to 100 seconds. Therefore, a learning bridge would have to miss three packets before the entry gets timed out: 

Device(config)# interface GigabitEthernet0/0/1
Device(config-if)# standby mac-refresh 100

standby name

To specify the name of the HSRP standby group, use the standby name command in interface configuration mode. To remove the name, use the no form of this command.

standby group-number name group-name

no standby group-number name group-name

Syntax Description

group-number

Specifies the group number on the interface to which this authentication string applies. Range is 0–65535. The default group number is 0.

group-name

Specifies the name of the standby group.

Command Default

The Hot Standby Router Protocol (HSRP) is disabled.

Command Modes

Interface configuration (config-if)

Command History

Release

Modification

Cisco IOS XE Catalyst SD-WAN Release 17.7.1a

This command was introduced.

Usage Guidelines

For usage guidelines, see the Cisco IOS XE standby <group-number> name command.

Starting from Cisco IOS XE Catalyst SD-WAN Release 17.9.1a, static NAT mapping configurations with HSRP is supported. The redundancy naming conventions doesn't include spaces. We recommend that you do not use redundancy name with spaces while configuring standby group-number name[redundancy-name] command.

The following example shows how to specify the standby name as SanJoseHA: 


Device(config)# interface GigabitEthernet0/0/1
Device(config-if)# ip address 10.0.0.1 255.0.0.0
Device(config-if)# standby 1 ip 10.0.0.10
Device(config-if)# standby 1 name SanJoseHA
Device(config-if)# standby 1 preempt delay sync 100
Device(config-if)# standby 1 priority 110

standby preempt

To configure Hot Standby Router Protocol (HSRP) preemption and preemption delay, use the standby preempt command in interface configuration mode. To restore the default values, use the no form of this command.

standby group-number preempt [ delay [ minimum seconds | | reload seconds | | sync seconds ] ]

no standby group-number preempt delay

Syntax Description

group-number

Group number on the interface to which the other arguments in this command apply.

delay

(Optional) Specifies the delay duration. Required if either the minimum , reload , or sync keywords are specified.

minimum seconds

(Optional) Specifies the minimum delay period, in seconds. The seconds argument causes the local device to postpone taking over the active role for a minimum number of seconds since that device was last restarted. The range is from 0 to 3600 seconds (1 hour). The default is 0 seconds (no delay).

reload seconds

(Optional) Specifies the preemption delay, in seconds, after a reload. This delay period applies only to the first interface-up event after the device has reloaded, if such an event occurs within 360 seconds from reload. The timer starts at the interface-up event.

sync seconds

(Optional) Specifies the maximum synchronization period for IP redundancy clients in seconds.

Command Default

The default group number is 0. The default delay is 0 seconds. If the device wants to preempt, it does so immediately. By default, the device that comes up later becomes the standby.

Command Modes

Interface configuration (config-if)

Command History

Release

Modification

Cisco IOS XE Catalyst SD-WAN Release 17.7.1a

This command was introduced.

Usage Guidelines

For usage guidelines, see the Cisco IOS XE standby <group-number> preempt command.

The following example shows how to configure a minimum delay of 300 seconds (5 minutes). The device waits for 300 seconds (5 minutes) before attempting to become the active device: 

Device(config)# interface GigabitEthernet0/0/1
Device(config-if)# standby 1 ip 172.19.108.254
Device(config-if)# standby 1 preempt delay minimum 300

standby priority

To configure Hot Standby Router Protocol (HSRP) priority, use the standby priority command in interface configuration mode. To restore the default values, use the no form of this command.

standby group-number priority priority

no standby group-number priority priority

Syntax Description

group-number

Group number on the interface to which the other arguments in this command apply. The default group number is 0.

priority

Priority value that prioritizes a potential hot standby router. The range is from 1 to 255, where 1 denotes the lowest priority and 255 denotes the highest priority. The default priority value is 100. The router in the HSRP group with the highest priority value becomes the active router.

Command Default

The default group number is 0. The default priority is 100.

Command Modes

Interface configuration (config-if)

Command History

Release

Modification

Cisco IOS XE Catalyst SD-WAN Release 17.7.1a

This command was introduced.

Usage Guidelines

For usage guidelines, see the Cisco IOS XE standby <group-number> priority command.

The following example shows how to configure a priority of 120 (higher than the default value) to a router: 


Device(config)# interface GigabitEthernet0/0/1
Device(config-if)# standby 1 ip 172.19.108.254
Device(config-if)# standby 1 priority 120
Device(config-if)# standby 1 preempt delay minimum 300

standby timers

To configure the time between hello packets and the time before other routers declare the active hot standby or standby router to be down, use the standby timers command in interface configuration mode. To restore the timers to their default values, use the no form of this command.

standby group-number timers [msec] hellotime [msec] holdtime

no standby group-number timers [msec] hellotime [msec] holdtime

Syntax Description

group-number

Group number on the interface to which the timers apply. The default is 0.

msec

(Optional) Timer interval, in milliseconds. (Millisecond timers allow for faster failover.)

hellotime

Hello interval, in seconds. This is an integer from 1 to 254. The default is 3 seconds. If the msec option is specified, the hello interval is in milliseconds. Valid value is from 15 to 999.

holdtime

Time, in seconds, before the active or standby router is declared to be down. This is an integer from x to 255. The default is 10 seconds. If the msec option is specified, holdtime is in milliseconds. Valid value is from y to 3000.

  • x is hellotime + 50 milliseconds, and then rounded up to the nearest 1 second

  • y is greater than or equal to three times hellotime , and is not less than 50 milliseconds.

Command Default

The default group number is 0. The default hello interval is 3 seconds. The default hold time is 10 seconds.

Command Modes

Interface configuration (config-if)

Command History

Release

Modification

Cisco IOS XE Catalyst SD-WAN Release 17.7.1a

This command was introduced.

Usage Guidelines

For usage guidelines, see the Cisco IOS XE standby <group-number> timers command.

The following example shows how to set the time between hello packets to 5 seconds, and the time after which a router is considered to be down to 15 seconds, for group number 1 on GigabitEthernet interface 0/0/1: 


Device(config)# interface GigabitEthernet0/0/1
Device(config-if)# standby 1 ip
Device(config-if)# standby 1 timers 5 15

The following shows how to set the time between hello packets to 300 milliseconds, and the time after which a router is considered to be down to 900 milliseconds, for the active hot standby router interface located at 172.19.10.1 on GigabitEthernet interface 0/0/1: 


Device(config)# interface GigabitEthernet0/0/1
Device(config-if)# standby 1 ip 172.19.10.1
Device(config-if)# standby 1 timers msec 300 msec 900

The following shows how to sets the time between hello packets to 15 milliseconds, and the time after which a router is considered to be down to 50 milliseconds, for the active hot standby router interface located at 172.18.10.1 on GigabitEthernet interface 0/0/1. The holdtime is larger than three times the hellotime because the minimum holdtime value in milliseconds is 50: 


Device(config)# interface GigabitEthernet0/0/1
Device(config-if)# standby 1 ip 172.18.10.1 
Device(config-if)# standby 1 timers msec 15 msec 50

standby track

To configure Hot Standby Router Protocol (HSRP) to track an object and change the active hot standby or standby router priority on the basis of the state of the object, use the standby track command in interface configuration mode. To remove tracking, use the no form of this command.

standby group-number track { object-number | range object-number | [ decrement priority-decrement ] } [shutdown]

no standby group-number track object-number

Syntax Description

object-number

Object number that represents the object to be tracked. The range is from 1 to 1000. The default is 1.

range object-number

Specifies the range of object number that represents the object to be tracked. The range is from 1 to 1000.

decrement priority-decrement

(Optional) Specifies the amount by which the Hot Standby priority for the router is decremented (or incremented) when the tracked object goes down (or comes back up). The range is from 1 to 255. The default is 10.

shutdown

(Optional) Changes the HSRP group to the initState method on the basis of the state of a tracked object.

Command Default

There is no tracking.

Command Modes

Interface configuration (config-if)

Command History

Release

Modification

Cisco IOS XE Catalyst SD-WAN Release 17.7.1a

This command was introduced.

Usage Guidelines

For usage guidelines, see the Cisco IOS XE standby <group-number> track command.

The following example shows how the tracking process is configured to track the IP-routing capability of serial interface 1/0. HSRP on GigabitEthernet interface 0/0/1 then registers with the tracking process to be informed of any changes to the IP-routing state of the serial interface 1/0. If the IP state on the serial interface 1/0 goes down, the priority of the HSRP group is reduced by 10.

If both the serial interfaces are operational, Router A will be the HSRP active router because it has the higher priority. However, if IP routing on the serial interface 1/0 in Router A fails, the HSRP group priority will be reduced and the Router B will take over as the active router, thus maintaining a default virtual gateway service to the hosts on the 10.1.0.0 subnet.

Device A Configuration


Device(config)# track 100 interface serial1/0 ip routing
Device(config-track)# exit
Device(config)# interface GigabitEthernet0/0/1
Device(config-if)# ip address 10.1.0.21 255.255.0.0
Device(config-if)# standby 1 ip 10.1.0.1
Device(config-if)# standby 1 preempt
Device(config-if)# standby 1 priority 105
Device(config-if)# standby 1 track 100 decrement 10

Device B Configuration


Device(config)# track 100 interface serial1/0 ip routing
Device(config-track)# exit
Device(config)# interface GigabitEthernet0/0/1
Device(config-if)# ip address 10.1.0.22 255.255.0.0
Device(config-if)# standby 1 ip 10.1.0.1
Device(config-if)# standby 1 preempt
Device(config-if)# standby 1 priority 11
Device(config-if)# standby 1 track 100 decrement 10

The following example shows how to change the configuration of a tracked object to include the HSRP Group Shutdown feature:


Device(config-if)# no standby 1 track 101 decrement 10
Device(config-if)# standby 1 track 101 shutdown

standby version

To change the version of the Hot Standby Router Protocol (HSRP), use the standby version command in interface configuration mode. To set the HSRP version to the default version (version 1), use the no form of this command.

standby version { 1 | 2 }

no standby version

Syntax Description

1

Specifies HSRP version 1.

2

Specifies HSRP version 2.

Command Default

HSRP version 1 is the default HSRP version.

Command Modes

Interface configuration (config-if)

Command History

Release

Modification

Cisco IOS XE Catalyst SD-WAN Release 17.7.1a

This command was introduced.

Usage Guidelines

For usage guidelines, see the Cisco IOS XE standby <group-number> version command.

The no standby or no standby version commands resets the version to 1. If standby IPv6 groups are present on the interface, then the no standby command is rejected because v6 groups are not supported with version 1.

The following example shows how to configure HSRP version 2 on an GigabitEthernet interface 0/0/1 with a group number of 500: 


Device(config)# interface GigabitEthernet 0/0/1
Device(config-if)# standby version 2
Device(config-if)# standby 500 ip 172.20.100.10 
Device(config-if)# standby 500 priority 110 
Device(config-if)# standby 500 preempt 
Device(config-if)# standby 500 timers 5 15