show vrrp through synguard (virtual server)
Available Languages
Table Of Contents
sticky (firewall farm datagram protocol)
sticky (firewall farm TCP protocol)
show vrrp
To display a brief or detailed status of one or all configured Virtual Router Redundancy Protocol (VRRP) groups on the router, use the show vrrp command in privileged EXEC mode.
show vrrp [all | brief]
Syntax Description
all
(Optional) Provides VRRP group information about all VRRP groups, including groups in a disabled state.
brief
(Optional) Provides a summary view of the group information.
Command Modes
Privileged EXEC (#)
Command History
Usage Guidelines
If no group is specified, the status for all groups is displayed.
Examples
The following is sample output from the show vrrp command:
Router# show vrrpEthernet1/0 - Group 1State is MasterVirtual IP address is 10.2.0.10Virtual MAC address is 0000.5e00.0101Advertisement interval is 3.000 secPreemption is enabledmin delay is 0.000 secPriority 100Track object 1 state down decrement 15Master Router is 10.2.0.1 (local), priority is 100Master Advertisement interval is 3.000 secMaster Down interval is 9.609 secEthernet1/0 - Group 2State is MasterVirtual IP address is 10.0.0.20Virtual MAC address is 0000.5e00.0102Advertisement interval is 1.000 secPreemption is enabledmin delay is 0.000 secPriority 95Master Router is 10.0.0.1 (local), priority is 95Master Advertisement interval is 1.000 secMaster Down interval is 3.628 secThe following sample output shows the MD5 authentication for a VRRP group using a key string:
Router# show vrrpEthernet0/1 - Group 1State is MasterVirtual IP address is 10.21.0.10Virtual MAC address is 0000.5e00.0101Advertisement interval is 1.000 secPreemption is enabledmin delay is 0.000 secPriority is 100Authentication MD5, key-stringMaster Router is 10.21.0.1 (local), priority is 100Master Advertisement interval is 1.000 secMaster Down interval is 3.609 secThe following is sample output from the show vrrp command in Cisco IOS Release 12.2(33)SRC or later releases, displaying peer RP state information:
Router# show vrrpEthernet0/0 - Group 1State is Init (standby RP, peer state is Master)Virtual IP address is 172.24.1.1Virtual MAC address is 0000.5e00.0101Advertisement interval is 1.000 secPreemption enabledPriority is 255Master Router is 172.24.1.1 (local), priority is 255Master Advertisement interval is 1.000 secMaster Down interval is 3.003 secThe following sample output displays information about a configured VRRS group name:
Router# show vrrpGige0/0/0 - Group 1State is MasterVirtual IP address is 10.0.0.7Virtual MAC address is 0000.5e00.0101Advertisement interval is 1.000 secPreemption enabledPriority is 100VRRS Group name CLUSTER1 ! Configured VRRS Group NameMaster Router is 10.0.0.1 (local), priority is 100Master Advertisement interval is 1.000 secMaster Down interval is 3.609 secTable 95 describes the significant fields shown in the displays.
The following is sample output from the show vrrp command with the brief keyword:
Router# show vrrp briefInterface Grp Prio Time Own Pre State Master addr Group addrEthernet1/0 1 100 3609 P Master 10.0.0.4 10.0.0.10Ethernet1/0 2 105 3589 P Master 10.0.0.4 10.0.0.20Table 96 describes the fields shown in the display.
Related Commands
vrrp ip
Enables VRRP on an interface and identifies the IP address of the virtual router.
show vrrp interface
To display the Virtual Router Redundancy Protocol (VRRP) groups and their status on a specified interface, use the show vrrp interface command in user EXEC or privileged EXEC mode.
show vrrp interface type number [brief]
Syntax Description
type
Interface type.
number
Interface number.
brief
(Optional) Provides a summary view of the group information.
Command Modes
User EXEC (>)
Privileged EXEC (#)Command History
Examples
The following is sample output from the show vrrp interface command:
Router# show vrrp interface ethernet 1/0Ethernet1/0 - Group 1State is MasterVirtual IP address is 10.2.0.10Virtual MAC address is 0000.5e00.0101Advertisement interval is 3.000 secPreemption enabled, delay min 4 secsPriority is 100Master Router is 10.2.0.1 (local), priority is 100Master Advertisement interval is 3.000 secMaster Down interval is 9.609 secEthernet1/0 - Group 2State is MasterVirtual IP address is 10.0.0.20Virtual MAC address is 0000.5e00.0102Advertisement interval is 1.000 secPreemption enabled, delay min 2 secPriority is 95Authentication MD5, key-stringMaster Router is 10.0.0.1 (local), priority is 95Master Advertisement interval is 1.000 secMaster Down interval is 3.628 secTable 97 describes the significant fields shown in the display.
Related Commands
Related Commands
show vrrs clients
To display a list of Virtual Router Redundancy Service (VRRS) clients, use the show vrrs clients command in user EXEC or privileged EXEC mode.
show vrrs clients
Syntax Description
This command has no arguments or keywords.
Command Modes
Privileged EXEC (#)
User EXEC (>)Command History
Usage Guidelines
Use the show vrrs clients command to display a list of VRRS clients currently active on the router. The display contains the client IDs, client priority, whether the client is interested in all VRRS groups, and the client name.
The client ID is a dynamic integer value assigned to the client when it registers with VRRS. If the client ID for a particular client is different between two versions of a Cisco IOS XE image, it means there is a change in initialization order in the two images.
The client priority is a priority that the client chooses during registration with VRRS. The client priority dictates the order in which clients receive server notifications.
Examples
The following example displays a list VRRS clients:
Router# show vrrs clientsID Priority All-groups Name------------------------------1 High No VRRS-Plugins2 Low Yes VRRS-Accounting3 Normal No PPPOE-VRRS-CLIENTTable 98 describes the significant fields shown in the display.
Related Commands
show vrrs group
To display information about Virtual Router Redundancy Service (VRRS) groups, use the show vrrs group command in user EXEC or privileged EXEC mode.
show vrrs group [group-name]
Syntax Description
Command Default
Information about all VRRS groups is displayed.
Command Modes
Privileged EXEC (#)
User EXEC (>)Command History
Usage Guidelines
Use the show vrrs group command to display details of a VRRS redundancy group, if a group name is specified. If no group name is specified, details of all VRRS groups configured or added by clients on the router are displayed.
Examples
The following example displays information about all currently configured VRRS groups:
Router# show vrrs groupDT-CLUSTER-3Server Not configured, state INIT, old state INIT, reason ProtocolAddress family IPv4, Virtual address 0.0.0.0, Virtual mac 0000.0000.0000Active interface address 0.0.0.0, standby interface address 0.0.0.0Client 5 VRRS TEST CLIENT, priority LowDT-CLUSTER-2Server VRRP, state BACKUP, old state INIT, reason HA SSOAddress family IPv4, Virtual address 10.1.1.1, Virtual mac 0000.5e00.0102Active interface address 10.1.1.3, standby interface address 10.1.1.2Client 1 VRRS-Plugins, priority HighClient 2 VRRS-Accounting, priority LowClient 3 PPPOE-VRRS-CLIENT, priority NormalDT-CLUSTER-1Server VRRP, state ACTIVE, old state INIT, reason HA SSOAddress family IPv4, Virtual address 10.1.1.1, Virtual mac 0000.5e00.0101Active interface address 10.1.1.2, standby interface address 10.0.0.0Client 1 VRRS-Plugins, priority HighClient 2 VRRS-Accounting, priority LowClient 3 PPPOE-VRRS-CLIENT, priority NormalTable 99 describes the significant fields shown in the display.
Related Commands
show vrrs plugin database
To display details about the internal Virtual Router Redundancy Service (VRRS) plug-in database, use the show vrrs plugin database command in user EXEC or privileged EXEC mode.
show vrrs plugin database
Syntax Description
This command has no arguments or keywords.
Command Modes
Privileged EXEC (#)
User EXEC (>)Command History
Usage Guidelines
Use the show vrrs plugin database command to display details of the internal VRRS plug-in database. This command maps an interface-specific configuration with a VRRS redundancy group.
The output display includes; name, server connection status, VRRS State (simple), MAC address, test control indicator, VRRS client handle, and the plug-in interface list.
Examples
The following example displays information about the internal VRRS plug-in database:
Router# show vrrs plugin databaseVRRS Plugin Database------------------------------------------------Name = VRRS_NAME_1Server connection = LiveState = DisabledMAC addr = 0000.5e00.0101Test Control = FalseClient Handle = 3741319170Interface list =gige0/0/0.2gige0/0/0.3------------------------------------------------Name = VRRS_NAME_2Server connection = DiconnectedState = DisabledMAC addr = 0000.0000.0000Test Control = FalseClient Handle = 603979779Interface list =gige0/0/0.4------------------------------------------------Related Commands
show vrrs summary
To display a summary of all Virtual Router Redundancy Service (VRRS) groups, use the show vrrs summary command in user EXEC or privileged EXEC configuration mode.
show vrrs summary
Syntax Description
This command has no arguments or keywords.
Command Modes
Privileged EXEC (#)
User EXEC (>)Command History
Usage Guidelines
Use the show vrrs summary command to display a summary of VRRS groups either configured on a router or added by a client. The display includes the following group information: name, server, state, and virtual address.
Examples
The following example displays a summary of VRRS groups:
Router# show vrrs summaryGroup Server State Virtual-address ------------------------------------------------------------------------------ DT-CLUSTER-3 UNKNOW INIT 0.0.0.0DT-CLUSTER-2 VRRP BACKUP 10.1.1.1DT-CLUSTER-1 VRRP ACTIVE 10.1.1.2Table 100 describes the significant fields shown in the display.
Related Commands
snmp-server enable traps slb
To enable IOS SLB traps for real- and virtual-server state changes, use the snmp-server enable traps slb command in global configuration mode. To disable the traps use the no form of this command.
snmp-server enable traps slb {real | virtual}
no snmp-server enable traps slb {real | virtual}
Syntax Description
real
Enables traps for real server state changes.
virtual
Enables traps for virtual server state changes.
Defaults
IOS SLB traps for real- and virtual-server state changes are not enabled.
Command Modes
Global configuration (config)
Command History
Examples
The following example enables IOS SLB traps for real server state changes:
Router(config)# snmp-server enable traps slb realspecial-vj
To enable the special Van Jacobson (VJ) format of TCP header compression so that context IDs are included in compressed packets, use the special-vj command in IPHC profile configuration mode. To disable the special VJ format and return to the default VJ format, use the no form of this command.
special-vj
no special-vj
Syntax Description
This command has no arguments or keywords.
Command Default
Context IDs are not included in compressed packets.
Command Modes
IPHC profile configuration (config-iphcp)
Command History
12.4(15)T12
This command was introduced.
15.0(1)M2
This command was integrated into Cisco IOS Release 15.0(1)M2.
Usage Guidelines
If the special-vj command is configured on a VJ profile, each compressed packet will include the context ID.
To enable the special VJ format of TCP header compression, use the ip header-compression special-vj command in interface configuration mode.
Examples
The following example shows how to enable the special VJ format of TCP header compression:
Router(config)# iphc-profile p1 van-jacobsonRouter(config-iphcp)# special-vjRouter(config-iphcp)# endRelated Commands
ip header-compression special-vj
Enables the special VJ format of TCP header compression.
show ip tcp header-compression
Displays TCP/IP header compression statistics.
standby arp gratuitous
To configure the number of gratuitous Address Resolution Protocol (ARP) packets sent by a Hot Standby Router Protocol (HSRP) group when it transitions to the active state, and how often the ARP packets are sent, use the standby arp gratuitous command in interface configuration mode. To configure HSRP to send the default number of gratuitous of ARP packets at the default interval when an HSRP group changes to the active state, use the no form of this command.
standby arp gratuitous [count number] [interval seconds]
no standby arp gratuitous
Syntax Description
Command Default
HSRP sends one gratuitous ARP packet when a group becomes active, and then another two and four seconds later.
Command Modes
Interface configuration (config-if)
Command History
Usage Guidelines
You can configure HSRP to send a gratuitous ARP packet from one or more HSRP active groups. By default, HSRP sends one gratuitous ARP packet when a group becomes active, and then another two and four seconds later.
Use the standby arp gratuitous command in interface configuration mode to configure the number of gratuitous ARP packets sent by an Active HSRP group, and how often they are sent. The count and interval keywords can be specified in any order. If both the count and interval keywords are set to their default values, the standby arp gratuitous command does not appear in the running configuration.
Use the standby send arp command in EXEC mode to configure HSRP to send a single gratuitous ARP packet when an HSRP group becomes active.
Examples
The following example shows how to configure HSRP to send three gratuitous ARP packets every 4 seconds:
Router(config-if)# standby arp gratuitous count 3 interval 4Related Commands
standby authentication
To configure an authentication string for the Hot Standby Router Protocol (HSRP), use the standby authentication command in interface configuration mode. To delete an authentication string, use the no form of this command.
standby [group-number] authentication {text string | md5 {key-string [0 | 7] key [timeout seconds] | key-chain name-of-chain}}
no standby [group-number] authentication {text string | md5 {key-string [0 | 7] key [timeout seconds] | key-chain name-of-chain}}
Syntax Description
Command Default
No text authentication string is configured.
Command Modes
Interface configuration (config-if)
Command History
Usage Guidelines
The authentication string is sent unencrypted in all HSRP messages when using the standby authentication text string option. The same authentication string must be configured on all routers and access servers on a cable to ensure interoperation. Authentication mismatch prevents a device from learning the designated Hot Standby IP address and the Hot Standby timer values from other routers configured with HSRP.
When group number 0 is used, no group number is written to NVRAM, providing backward compatibility.
If password encryption is configured with the service password-encryption command, the software saves the key string as encrypted text.
The timeout seconds is the duration that the HSRP group will accept message digests based on both the old and new keys. This allows time for configuration of all routers in a group with the new key. HSRP route flapping can be minimized by changing the keys on all the routers, provided that the active router is changed last. The active router should have its key string changed no later than one holdtime period, specified by the standby timers interface configuration command, after the non-active routers. This procedure ensures that the non-active routers do not time out the active router.
Examples
The following example configures "company1" as the authentication string required to allow Hot Standby routers in group 1 to interoperate:
interface ethernet 0standby 1 authentication text company1The following example configures MD5 authentication using a key string named "345890":
interface Ethernet0/1standby 1 ip 10.21.0.12standby 1 priority 110standby 1 preemptstandby 1 authentication md5 key-string 345890 timeout 30The following example configures MD5 authentication using a key chain. HSRP queries the key chain "hsrp1" to obtain the current live key and key ID for the specified key chain:
key chain hsrp1key 1key-string 543210interface Ethernet0/1standby 1 ip 10.21.0.10standby 1 priority 110standby 1 preemptstandby 1 authentication md5 key-chain hsrp1Related Commands
standby bfd
To reenable Hot Standby Router Protocol (HSRP) Bidirectional Forwarding Detection (BFD) peering if it has been disabled on an interface, use the standby bfd command in interface configuration mode. To disable HSRP support for BFD, use the no form of this command.
standby bfd
no standby bfd
Syntax Description
This command has no arguments or keywords.
Command Default
HSRP support for BFD is enabled.
Command Modes
Interface configuration
Command History
Usage Guidelines
HSRP BFD peering is enabled by default when the router is configured for BFD. Use this command to reenable HSRP BFD peering on the specified interface when it has previously been manually disabled.
To enable HSRP BFD peering globally on the router, use the standby bfd all-interfaces command in global configuration mode.
Examples
The following example shows how to reenable HSRP BFD peering if it has been disabled:
Router(config)# interface ethernet0/0Router(config-if)# standby bfdRelated Commands
standby bfd all-interfaces
To reenable Hot Standby Router Protocol (HSRP) Bidirectional Forwarding Detection (BFD) peering on all interfaces if it has been disabled, use the standby bfd all-interfaces command in global configuration mode. To disable HSRP support for BFD peering, use the no form of this command.
standby bfd all-interfaces
no standby bfd all-interfaces
Syntax Description
This command has no arguments or keywords.
Command Default
HSRP BFD peering is enabled.
Command Modes
Global configuration
Command History
Usage Guidelines
The HSRP BFD peering feature introduces BFD in the HSRP group member health monitoring system. Previously, group member monitoring relied exclusively on HSRP multicast messages, which are relatively large and consume CPU memory to produce and check. In architectures where a single interface hosts a large number of groups, there is a need for a protocol with low CPU memory consumption and processing overhead. BFD addresses this issue and offers subsecond health monitoring (failure detection in milliseconds) with a relatively low CPU impact. This command is enabled by default.
To enable HSRP support for BFD on a per-interface basis, use the standby bfd command in interface configuration mode.
Examples
The following example shows how to reenable HSRP BFD peering if it has been disabled on a router:
Router(config)# standby bfd all-interfacesRelated Commands
standby delay minimum reload
To configure the delay period before the initialization of Hot Standby Router Protocol (HSRP) groups, use the standby delay minimum reload command in interface configuration mode. To disable the delay period, use the no form of this command.
standby delay minimum min-seconds reload reload-seconds
no standby delay minimum min-seconds reload reload-seconds
Syntax Description
Command Default
HSRP group initialization is not delayed.
Command Modes
Interface configuration (config-if)
Command History
Usage Guidelines
If the active router fails or is removed from the network, then the standby router will automatically become the new active router. If the former active router comes back online, you can control whether it takes over as the active router by using the standby preempt command.
However, in some cases, even if the standby preempt command is not configured, the former active router will resume the active role after it reloads and comes back online. Use the standby delay minimum reload command to set a delay period for HSRP group initialization. This command allows time for the packets to get through before the router resumes the active role.
We recommend that all HSRP routers have the standby delay minimum reload configured with a minimum delay time of 30 seconds and a minimum reload time of 60 seconds.
The delay will be cancelled if an HSRP packet is received on an interface.
The standby delay minimum reload interface configuration command delays HSRP groups from initializing for the specified time after the interface comes up.
This command is separate from the standby preempt delay interface configuration command, which enables HSRP preemption delay.
Examples
The following example sets the minimum delay period to 30 seconds and the delay period after the first reload to 120 seconds:
interface ethernet 0ip address 10.20.0.7 255.255.0.0standby delay minimum 30 reload 60standby 3 ip 10.20.0.21standby 3 timers msec 300 msec 700standby 3 priority 100Related Commands
standby follow
To configure a Hot Standby Router Protocol (HSRP) group to become an IP redundancy client of another HSRP group, use the standby follow command in interface configuration mode. To remove the configuration of an HSRP group as a client group, use the no form of this command.
standby group-number follow group-name
no standby group-number follow group-name
Syntax Description
group-number
Group number on the interface for which HSRP is being activated. The default is 0.
group-name
Specifies the name of the master group for the client group to follow.
Command Default
HSRP groups are not configured as client groups.
Command Modes
Interface configuration (config-if)
Command History
Usage Guidelines
The standby follow command configures an HSRP group to become an IP redundancy client of another HSRP group.
Client or slave groups must be on the same physical interface as the master group.
A client group takes its state from the master group it is following. Therefore, the client group does not use its timer, priority, or preemption settings. A warning is displayed if these settings are configured on a client group:
Router(config-if)# standby 1 priority 110%Warning: This setting has no effect while following another group.Router(config-if)# standby 1 timers 5 15% Warning: This setting has no effect while following another group.Router(config-if)# standby 1 preempt delay minimum 300% Warning: This setting has no effect while following another group.HSRP client groups follow the master HSRP with a slight, random delay so that all client groups do not change at the same time.
You cannot configure an HSRP group to follow another HSRP group if that group is itself being followed by another HSRP group.
Use the show standby command to display complete information about an HSRP client group.
Examples
The following example shows how to configure HSRP group 2 as a client to the HSRP1 master group:
standby 2 follow HSRP1Related Commands
standby ip
To activate the Hot Standby Router Protocol (HSRP), use the standby ip command in interface configuration mode. To disable HSRP, use the no form of this command.
standby [group-number] ip [ip-address [secondary]]
no standby [group-number] ip [ip-address]
Syntax Description
Defaults
The default group number is 0.
HSRP is disabled by default.Command Modes
Interface configuration (config-if)
Command History
Usage Guidelines
The standby ip command activates HSRP on the configured interface. If an IP address is specified, that address is used as the designated address for the Hot Standby group. If no IP address is specified, the designated address is learned through the standby function. For HSRP to elect a designated router, at least one router on the cable must have been configured with, or have learned, the designated address. Configuration of the designated address on the active router always overrides a designated address that is currently in use.
When the standby ip command is enabled on an interface, the handling of proxy Address Resolution Protocol (ARP) requests is changed (unless proxy ARP was disabled). If the Hot Standby state of the interface is active, proxy ARP requests are answered using the MAC address of the Hot Standby group. If the interface is in a different state, proxy ARP responses are suppressed.
When group number 0 is used, no group number is written to NVRAM, providing backward compatibility.
HSRP version 2 permits an expanded group number range from 0 to 4095. The increased group number range does not imply that an interface can, or should, support that many HSRP groups. The expanded group number range was changed to allow the group number to match the VLAN number on subinterfaces.
Examples
The following example activates HSRP for group 1 on Ethernet interface 0. The IP address used by the Hot Standby group will be learned using HSRP.
interface ethernet 0standby 1 ipIn the following example, all three virtual IP addresses appear in the ARP table using the same (single) virtual MAC address. All three virtual IP addresses are using the same HSRP group (group 0).
ip address 10.1.1.1. 255.255.255.0ip address 10.2.2.2. 255.255.255.0 secondaryip address 10.3.3.3. 255.255.255.0 secondaryip address 10.4.4.4. 255.255.255.0 secondarystandby ip 10.1.1.254standby ip 10.2.2.254 secondarystandby ip 10.3.3.254 secondarystandby mac-address
To specify a virtual Media Access Control (MAC) address for the Hot Standby Router Protocol (HSRP), use the standby mac-address command in interface configuration mode. To revert to the standard virtual MAC address (000.0C07.ACxy), use the no form of this command.
standby [group-number] mac-address mac-address
no standby [group-number] mac-address
Syntax Description
group-number
(Optional) Group number on the interface for which HSRP is being activated. The default is 0.
mac-address
MAC address.
Command Default
If this command is not configured, and the standby use-bia command is not configured, the standard virtual MAC address is used: 0000.0C07.ACxy, where xy is the group number in hexadecimal. This address is specified in RFC 2281, Cisco Hot Standby Router Protocol (HSRP).
Command Modes
Interface configuration (config-if)
Command History
Usage Guidelines
This command cannot be used on a Token Ring interface.
HSRP is used to help end stations locate the first-hop gateway for IP routing. The end stations are configured with a default gateway. However, HSRP can provide first-hop redundancy for other protocols. Some protocols, such as Advanced Peer-to-Peer Networking (APN), use the MAC address to identify the first hop for outing purposes. In this case, it is often necessary to be able to specify the virtual MAC address; the virtual IP address is unimportant for these protocols. Use the standby mac-address command to specify the virtual MAC address.
The MAC address specified is used as the virtual MAC address when the router is active.
This command is intended for certain APPN configurations. The parallel terms are shown in Table 101.
In an APPN network, an end node is typically configured with the MAC address of the adjacent network node. Use the standby mac-address command in the routers to set the virtual MAC address to the value used in the end nodes.
Examples
If the end nodes are configured to use 4000.1000.1060 as the MAC address of the network node, the following example shows the command used to configure HSRP group 1 with the virtual MAC address:
Router(config-if)# standby 1 mac-address 4000.1000.1060Related Commands
show standby
Displays HSRP information.
standby use-bia
Configures HSRP to use the burned-in address of the interface as its virtual MAC address.
standby mac-refresh
To change the interval at which packets are sent to refresh the Media Access Control (MAC) cache when the Hot Standby Router Protocol (HSRP) is running over FDDI, use the standby mac-refresh command in interface configuration mode. To restore the default value, use the no form of this command.
standby mac-refresh seconds
no standby mac-refresh
Syntax Description
seconds
Number of seconds in the interval at which a packet is sent to refresh the MAC cache. The maximum value is 255 seconds. The default is 10 seconds.
Defaults
seconds: 10 seconds
Command Modes
Interface configuration (config-if)
Command History
Usage Guidelines
This command applies to HSRP running over FDDI only. Packets are sent every 10 seconds to refresh the MAC cache on learning bridges or switches. By default, the MAC cache entries age out in 300 seconds (5 minutes).
All other routers participating in HSRP on the FDDI ring receive the refresh packets, although the packets are intended only for the learning bridge or switch. Use this command to change the interval. Set the interval to 0 if you want to prevent refresh packets (if you have FDDI but do not have a learning bridge or switch).
Examples
The following example changes the MAC refresh interval to 100 seconds. Therefore, a learning bridge would need to miss three packets before the entry ages out.
standby mac-refresh 100standby name
To configure the name of the standby group, use the standby name command in interface configuration mode. To disable the name, use the no form of this command.
standby name group-name
no standby name group-name
Syntax Description
Defaults
The Hot Standby Router Protocol (HSRP) is disabled.
Command Modes
Interface configuration (config-if)
Command History
Usage Guidelines
The name specifies the HSRP group used. The HSRP group name must be unique on the router.
Examples
The following example specifies the standby name as SanJoseHA:
interface ethernet0ip address 10.0.0.1 255.0.0.0standby ip 10.0.0.10standby name SanJoseHAstandby preempt delay sync 100standby priority 110Related Commands
standby preempt
To configure Hot Standby Router Protocol (HSRP) preemption and preemption delay, use the standby preempt command in interface configuration mode. To restore the default values, use the no form of this command.
standby [group-number] preempt [delay {minimum seconds | reload seconds | sync seconds}]
no standby [group-number] preempt [delay {minimum seconds | reload seconds | sync seconds}]
Syntax Description
Defaults
The default group number is 0.
The default delay is 0 seconds; if the router wants to preempt, it will do so immediately.
By default, the router that comes up later becomes the standby.Command Modes
Interface configuration (config-if)
Command History
Usage Guidelines
Note
Cisco IOS 12.2SX software releases earlier than Cisco IOS Release 12.2(33)SXH use the syntax from Cisco IOS Release 12.1, which supports preempt as a keyword for the standby priority command. Cisco IOS Release 12.2(33)SXH and later releases use Cisco IOS Release 12.2 syntax, which requires standby preempt and standby priority to be entered as separate commands.
When the standby preempt command is configured, the router is configured to preempt, which means that when the local router has a Hot Standby priority higher than the current active router, the local router should attempt to assume control as the active router. If preemption is not configured, the local router assumes control as the active router only if it receives information indicating no router is in the active state (acting as the designated router).
This command is separate from the standby delay minimum reload interface configuration command, which delays HSRP groups from initializing for the specified time after the interface comes up.
When a router first comes up, it does not have a complete routing table. If it is configured to preempt, it will become the active router, yet it is unable to provide adequate routing services. Solve this problem by configuring a delay before the preempting router actually preempts the currently active router.
When group number 0 is used, no group number is written to NVRAM, providing backward compatibility.
IP redundancy clients can prevent preemption from taking place. The standby preempt delay sync seconds command specifies a maximum number of seconds to allow IP redundancy clients to prevent preemption. When this expires, then preemption takes place regardless of the state of the IP redundancy clients.
The standby preempt delay reload seconds command allows preemption to occur only after a router reloads. This provides stabilization of the router at startup. After this initial delay at startup, the operation returns to the default behavior.
The no standby preempt delay command will disable the preemption delay but preemption will remain enabled. The no standby preempt delay minimum seconds command will disable the minimum delay but leave any synchronization delay if it was configured.
When the standby follow command is used to configure an HSRP group to become an IP redundancy client of another HSRP group, the client group takes its state from the master group it is following. Therefore, the client group does not use its timer, priority, or preemption settings. A warning is displayed if these settings are configured on a client group:
Router(config-if)# standby 1 preempt delay minimum 300% Warning: This setting has no effect while following another group.Examples
In the following example, the router will wait for 300 seconds (5 minutes) before attempting to become the active router:
interface ethernet 0standby ip 172.19.108.254standby preempt delay minimum 300standby priority
To configure Hot Standby Router Protocol (HSRP) priority, use the standby priority command in interface configuration mode. To restore the default values, use the no form of this command.
standby [group-number] priority priority
no standby [group-number] priority priority
Syntax Description
Defaults
The default group number is 0.
The default priority is 100.Command Modes
Interface configuration (config-if)
Command History
Usage Guidelines
Note
When group number 0 is used, the number 0 is written to NVRAM, providing backward compatibility.
The assigned priority is used to help select the active and standby routers. Assuming that preemption is enabled, the router with the highest priority becomes the designated active router. In case of ties, the primary IP addresses are compared, and the higher IP address has priority.
Note that the priority of the device can change dynamically if an interface is configured with the standby track command and another interface on the router or a tracked object goes down.
When the standby follow command is used to configure an HSRP group to become an IP redundancy client of another HSRP group, the client group takes its state from the master group it is following. Therefore, the client group does not use its timer, priority, or preemption settings. A warning is displayed if these settings are configured on a client group:
Router(config-if)# standby 1 priority 110%Warning: This setting has no effect while following another group.Examples
In the following example, the router has a priority of 120 (higher than the default value):
interface ethernet 0standby ip 172.19.108.254standby priority 120standby preempt delay 300Related Commands
standby track
Configures an interface so that the Hot Standby priority changes based on the availability of other interfaces.
standby redirect
To enable Hot Standby Router Protocol (HSRP) filtering of Internet Control Message Protocol (ICMP) redirect messages, use the standby redirect command in interface configuration mode. To disable the HSRP filtering of ICMP redirect messages, use the no form of this command.
standby redirect [timers advertisement holddown] [unknown]
no standby redirect [unknown]
Syntax Description
Command Default
HSRP filtering of ICMP redirect messages is enabled if HSRP is configured on an interface.
Command Modes
Interface configuration (config-if)
Command History
Usage Guidelines
The standby redirect command can be configured globally or on a per-interface basis. When HSRP is first configured on an interface, the setting for that interface will inherit the global value. If the filtering of ICMP redirects is explicitly disabled on an interface, then the global command cannot reenable this functionality.
With the standby redirect command enabled, the real IP address of a router can be replaced with a virtual IP address in the next hop address or gateway field of the redirect packet. HSRP looks up the next hop IP address in its table of real IP addresses versus virtual IP addresses. If HSRP does not find a match, the HSRP router allows the redirect packet to go out unchanged. The host HSRP router is redirected to a router that is unknown, that is, a router with no active HSRP groups. You can specify the no standby redirect unknown command to stop these redirects from being sent.
Examples
The following example shows how to allow HSRP to filter ICMP redirect messages on interface Ethernet 0:
interface ethernet 0ip address 10.0.0.1 255.0.0.0standby redirectstandby 1 ip 10.0.0.11The following example shows how to change the HSRP router advertisement interval to 90 seconds and the holddown timer to 270 seconds on interface Ethernet 0:
interface ethernet 0ip address 10.0.0.1 255.0.0.0standby redirect timers 90 270standby 1 ip 10.0.0.11Related Commands
show standby
Displays the HSRP information.
show standby redirect
Displays ICMP redirect information on interfaces configured with the HSRP.
standby redirects (global)
To configure Internet Control Message Protocol (ICMP) redirect messages with a Hot Standby Router Protocol (HSRP) virtual IP address as the gateway IP address, use the standby redirects command in global configuration mode. To disable the configuration, use the no form of this command.
standby redirects [disable | enable]
no standby redirects
Syntax Description
disable
(Optional) Disables the gateway address configuration.
enable
(Optional) Enables the gateway address configuration.
Command Default
The HSRP virtual IP address is configured as the gateway IP address.
Command Modes
Global configuration (config)
Command History
Examples
The following example shows how to disable the gateway address configuration:
Router# configure terminalRouter(config)# standby redirects disableRelated Commands
show standby redirect
Displays ICMP redirect information on interfaces configured with the HSRP.
standby send arp
To configure Hot Standby Router Protocol (HSRP) to send a single gratuitous ARP packet for each active HSRP group, use the standby send arp command in user EXEC or privileged EXEC mode.
standby send arp [interface-type interface-number [group-number]]
Syntax Description
Command Default
HSRP sends gratuitous ARP packets from an HSRP group when it changes to the Active state.
Command Modes
User EXEC
Privileged EXEC(#)Command History
Usage Guidelines
Use the standby send arp command to cause a single gratuitous ARP packet to be sent for each active group. HSRP checks that the virtual IP address is entered correctly in the ARP cache prior to sending a gratuitous ARP packet. If the ARP entry is incorrect then HSRP will try to re-add it. This enables you to ensure that a host ARP cache is updated prior to starting heavy CPU-usage processes or configurations.
Static or alias ARP entries cannot be overwritten by HSRP.
You can use the standby arp gratuitous command in interface configuration mode to configure the number of gratuitous ARP packets sent by an active HSRP group, and how often they are sent.
Examples
The following example shows how to configure HSRP to check that an ARP cache is refreshed prior to sending a gratuitous ARP packet:
Router# standby send arp ethernet0/0 1Related Commands
standby sso
To enable the Hot Standby Router Protocol (HSRP) Stateful Switchover (SSO), use the standby sso command in global configuration mode. To disable HSRP SSO, use the no form of this command.
standby sso
no standby sso
Syntax Description
This command has no arguments or keywords.
Command Default
HSRP SSO is enabled when redundancy mode SSO is configured.
Command Modes
Global configuration (config)
Command History
Usage Guidelines
Use the standby sso command to enable HSRP SSO. This is the default when redundancy mode SSO is configured. When standby SSO is enabled, traffic sent using an HSRP virtual IP address continues through the HSRP group member using the current path while a Route Processor (RP) switchover occurs. The HSRP state is maintained and kept synchronized across the redundant RPs within the chassis.
If you want the traffic to switch to a redundant device (another chassis) even though the redundant RP is capable of taking over, then the feature can be disabled by using the no form of the command. If the command is disabled and if the primary HSRP router fails, the HSRP state is not maintained across RP switchover and traffic targeted to the HSRP virtual IP address is handled by the standby HSRP router.
Examples
The following example shows how to reenable standby SSO for HSRP if it has been disabled:
standby ssoRelated Commands
debug standby events
Displays standby events related to HSRP.
show standby
Displays HSRP information.
standby timers
To configure the time between hello packets and the time before other routers declare the active Hot Standby or standby router to be down, use the standby timers command in interface configuration mode. To restore the timers to their default values, use the no form of this command.
standby [group-number] timers [msec] hellotime [msec] holdtime
no standby [group-number] timers [msec] hellotime [msec] holdtime
Syntax Description
Defaults
The default group number is 0.
The default hello interval is 3 seconds.
The default hold time is 10 seconds.Command Modes
Interface configuration (config-if)
Command History
Usage Guidelines
The standby timers command configures the time between standby hello packets and the time before other routers declare the active or standby router to be down. Routers or access servers on which timer values are not configured can learn timer values from the active or standby router. The timers configured on the active router always override any other timer settings. All routers in a Hot Standby group should use the same timer values. Normally, holdtime is greater than or equal to 3 times the value of hellotime. The range of values for holdtime force the holdtime to be greater than the hellotime. If the timer values are specified in milliseconds, the holdtime is required to be at least three times the hellotime value and not less than 50 milliseconds.
Some HSRP state flapping can occasionally occur if the holdtime is set to less than 250 milliseconds, and the processor is busy. It is recommended that holdtime values less than 250 milliseconds be used on Cisco 7200 platforms or better, and on Fast-Ethernet or FDDI interfaces or better. Setting the process-max-time command to a suitable value may also help with flapping.
The value of the standby timer will not be learned through HSRP hellos if it is less than 1 second.
When group number 0 is used, no group number is written to NVRAM, providing backward compatibility.
When the standby follow command is used to configure an HSRP group to become an IP redundancy client of another HSRP group, the client group takes its state from the master group it is following. Therefore, the client group does not use its timer, priority, or preemption settings. A warning is displayed if these settings are configured on a client group:
Router(config-if)# standby 1 timers 5 15% Warning: This setting has no effect while following another group.Examples
The following example sets, for group number 1 on Ethernet interface 0, the time between hello packets to 5 seconds, and the time after which a router is considered to be down to 15 seconds:
interface ethernet 0standby 1 ipstandby 1 timers 5 15The following example sets, for the Hot Router interface located at 172.19.10.1 on Ethernet interface 0, the time between hello packets to 300 milliseconds, and the time after which a router is considered to be down to 900 milliseconds:
interface ethernet 0standby ip 172.19.10.1standby timers msec 300 msec 900The following example sets, for the Hot Router interface located at 172.18.10.1 on Ethernet interface 0, the time between hello packets to 15 milliseconds, and the time after which a router is considered to be down to 50 milliseconds. Note that the holdtime is larger than three times the hellotime because the minimum holdtime value in milliseconds is 50.
interface ethernet 0standby ip 172.18.10.1standby timers msec 15 msec 50standby track
To configure the Hot Standby Router Protocol (HSRP) to track an object and change the Hot Standby priority on the basis of the state of the object, use the standby track command in interface configuration mode. To remove the tracking, use the no form of this command.
Cisco IOS XE Release 2.1 and Later Releases
standby track {object-number | interface-type interface-number [decrement priority-decrement]} [shutdown]
no standby track {object-number | interface-type interface-number}
Cisco IOS Release 12.2(33)SXH, 12.2(33)SRB, and Later Releases
standby track {object-number | interface-type interface-number [decrement priority-decrement]} [shutdown]
no standby track {object-number | interface-type interface-number}
Cisco IOS Release 12.4(9)T and Later Releases
standby track {object-number [priority-decrement] | interface-type interface-number [decrement priority-decrement]} [shutdown]
no standby track {object-number | interface-type interface-number}
Cisco IOS Release 12.2(15)T and Later Releases
standby track {object-number [priority-decrement] | interface-type interface-number [decrement priority-decrement]}
no standby track {object-number | interface-type interface-number}
Cisco IOS Releases 12.2(13)T, 12.2(14)SX, 12.2(17dSXB), 12.2(33)SRA, and Earlier Releases
standby track interface-type interface-number [interface-priority]
no standby track interface-type interface-number [interface-priority]
Syntax Description
Command Default
There is no tracking.
Command Modes
Interface configuration (config-if)
Command History
Usage Guidelines
This command ties the Hot Standby priority of the router to the availability of its tracked objects. Use the track interface command or track ip route command to track an interface object or an IP-route object. The HSRP client can register its interest in the tracking process by using the standby track command and take action when the object changes.
When a tracked object goes down, the Hot Standby priority decreases by 10. If an object is not tracked, its state changes do not affect the Hot Standby priority. For each object configured for Hot Standby, you can configure a separate list of objects to be tracked.
The optional priority-decrement and interface-priority arguments specify how much to decrement the Hot Standby priority when a tracked object goes down. When the tracked object comes back up, the priority is incremented by the same amount.
When multiple tracked objects are down, the decrements are cumulative, whether configured with priority-decrement or interface-priority values or not.
The optional shutdown keyword configures the HSRP group to change to the Init state and become disabled rather than having its priority decremented when a tracked object goes down.
Use the no standby group-number track command to delete all tracking configuration for a group.
When group number 0 is used, no group number is written to NVRAM, providing backward compatibility.
The standby track command syntax prior to Cisco IOS Release 12.2(15)T is still supported. Using the older form of the command syntax will cause a tracked object to be created in the new tracking process. This tracking information can be displayed using the show track command.
Note
If you configure HSRP to track an interface, and that interface is physically removed as in the case of an Online Insertion and Removal (OIR) operation, then HSRP regards the interface as always down. You cannot remove the HSRP interface-tracking configuration. To prevent this situation, use the no standby track command before you physically remove the interface.
If an object is already being tracked by an HSRP group, you cannot change the configuration to use the HSRP Group Shutdown feature that disables the HSRP group. You must first remove the tracking configuration using the no standby track command and then reconfigure it using the standby track command with the shutdown keyword.
As of Cisco IOS Release 15.1(3)T, a maximum of 1000 objects can be tracked. Although 1000 tracked objects can be configured, each tracked object uses CPU resources. The amount of available CPU resources on a router is dependent upon variables such as traffic load and how other protocols are configured and run. The ability to use 1000 tracked objects is dependent upon the available CPU. Testing should be conducted on site to ensure that the service works under the specific site traffic conditions.
Examples
In the following example, the tracking process is configured to track the IP-routing capability of serial interface 1/0. HSRP on Ethernet interface 0/0 then registers with the tracking process to be informed of any changes to the IP-routing state of serial interface 1/0. If the IP state on serial interface 1/0 goes down, the priority of the HSRP group is reduced by 10.
If both serial interfaces are operational, Router A will be the HSRP active router because it has the higher priority. However, if IP routing on serial interface 1/0 in Router A fails, the HSRP group priority will be reduced and Router B will take over as the active router, thus maintaining a default virtual gateway service to hosts on the 10.1.0.0 subnet.
Router A Configuration
Router(config)# track 100 interface serial1/0 ip routingRouter(config-track)# exitRouter(config)# interface Ethernet0/0Router(config-if)# ip address 10.1.0.21 255.255.0.0Router(config-if)# standby 1 ip 10.1.0.1Router(config-if)# standby 1 preemptRouter(config-if)# standby 1 priority 105Router(config-if)# standby 1 track 100 decrement 10Router B Configuration
Router(config)# track 100 interface serial1/0 ip routingRouter(config-track)# exitRouter(config)# interface Ethernet0/0Router(config-if)# ip address 10.1.0.22 255.255.0.0Router(config-if)# standby 1 ip 10.1.0.1Router(config-if)# standby 1 preemptRouter(config-if)# standby 1 priority 11Router(config-if)# standby 1 track 100 decrement 10The following example shows how to change the configuration of a tracked object to include the HSRP Group Shutdown feature:
Router(config-if)# no standby 1 track 101 decrement 10Router(config-if)# standby 1 track 101 shutdownRelated Commands
standby use-bia
To configure the Hot Standby Router Protocol (HSRP) to use the burned-in address of the interface as its virtual MAC address, instead of the preassigned MAC address (on Ethernet and FDDI) or the functional address (on Token Ring), use the standby use-bia command in interface configuration mode. To restore the default virtual MAC address, use the no form of this command.
standby use-bia [scope interface]
no standby use-bia
Syntax Description
scope interface
(Optional) Specifies that this command is configured just for the subinterface on which it was entered, instead of the major interface.
Command Default
HSRP uses the preassigned MAC address on Ethernet and FDDI, or the functional address on Token Ring.
Command Modes
Interface configuration (config-if)
Command History
Usage Guidelines
Note
For an interface with this command configured, multiple standby groups can be configured. Hosts on the interface must have a default gateway configured. We recommend that you set the no ip proxy-arp command on the interface. It is desirable to configure the standby use-bia command on a Token Ring interface if there are devices that reject ARP replies with source hardware addresses set to a functional address.
When HSRP runs on a multiple-ring, source-routed bridging environment and the HRSP routers reside on different rings, configuring the standby use-bia command can prevent confusion about the routing information field.
Without the scope interface keywords, the standby use-bia command applies to all subinterfaces on the major interface. The standby use-bia command may not be configured both with and without the scope interface keywords at the same time.
Note
Examples
In the following example, the burned-in address of Token Ring interface 4/0 will be the virtual MAC address mapped to the virtual IP address:
Router(config)# interface token4/0Router(config-if)# standby use-biastandby version
To change the version of the Hot Standby Router Protocol (HSRP), use the standby version command in interface configuration mode. To change to the default version, use the no form of this command.
standby version {1 | 2}
no standby version
Syntax Description
Defaults
HSRP version 1 is the default HSRP version.
Command Modes
Interface configuration (config-if)
Command History
Usage Guidelines
HSRP version 2 addresses limitations of HSRP version 1 by providing an expanded group number range of 0 to 4095.
HSRP version 2 does not interoperate with HSRP version 1. An interface cannot operate both version 1 and version 2 because both versions are mutually exclusive. However, the different versions can be run on different physical interfaces of the same router. The group number range is from 0 to 255 for HSRP version 1 and from 0 to 4095 for HSRP version 2. You cannot change from version 2 to version 1 if you have configured groups above 255. Use the no standby version command to set the HSRP version to the default version, version 1.
If an HSRP version is changed, each group will reinitialize because it now has a new virtual MAC address.
Examples
The following example shows how to configure HSRP version 2 on an interface with a group number of 500:
!interface vlan500standby version 2standby 500 ip 172.20.100.10standby 500 priority 110standby 500 preemptstandby 500 timers 5 15Related Commands
start-forwarding-agent
To start the forwarding agent, use the start-forwarding-agent command in CASA-port configuration mode.
start-forwarding-agent port-number [password [seconds]]
Syntax Description
Defaults
The default initial number of affinities is 5000.
The default maximum number of affinities is 30,000.Command Modes
CASA-port configuration (config-casa)
Command History
Usage Guidelines
The forwarding agent must be started before you can configure any port information for the forwarding agent.
Examples
The following example specifies that the forwarding agent will listen for wildcard and fixed affinities on port 1637:
start-forwarding-agent 1637Related Commands
forwarding-agent
Specifies the port on which the forwarding agent will listen for wildcard and fixed affinities.
sticky (firewall farm datagram protocol)
To assign all connections from a client to the same firewall, use the sticky command in firewall farm datagram protocol configuration mode. To remove the client/server coupling, use the no form of this command.
sticky seconds[netmask netmask] [source | destination]
no sticky
Syntax Description
Defaults
Virtual servers are not associated with any groups.
Command Modes
Firewall farm datagram protocol configuration (config-slb-fw-udp)
Command History
Examples
The following example specifies that if a client's subsequent request for a firewall farm is made within 60 seconds of the previous request, then the same firewall is used for the connection:
Router(config)# ip slb firewallfarm FIRE1Router(config-slb-fw)# protocol datagramRouter(config-slb-fw-udp)# sticky 60Related Commands
sticky (firewall farm TCP protocol)
To assign all connections from a client to the same firewall, use the sticky command in firewall farm TCP protocol configuration mode. To remove the client/server coupling, use the no form of this command.
sticky seconds [netmask netmask] [source | destination]
no sticky
Syntax Description
Defaults
Virtual servers are not associated with any groups.
Command Modes
Firewall farm TCP protocol configuration (config-slb-fw-tcp)
Command History
Examples
The following example specifies that if a client's subsequent request for a firewall farm is made within 60 seconds of the previous request, then the same firewall is used for the connection:
Router(config)# ip slb firewallfarm FIRE1Router(config-slb-fw)# protocol tcpRouter(config-slb-fw-tcp)# sticky 60Related Commands
sticky (virtual server)
To assign all connections from a client to the same real server, use the sticky command in SLB virtual server configuration mode. To remove the client/server coupling, use the no form of this command.
sticky {duration [group group-id] [netmask netmask] | asn msid [group group-id] | gtp imsi [group group-id] | radius calling-station-id | radius framed-ip [group group-id] | radius username [msid-cisco] [group group-id]}
no sticky {duration [group group-id] [netmask netmask] | asn msid [group group-id] | gtp imsi [group group-id] | radius calling-station-id | radius framed-ip [group group-id] | radius username [msid-cisco] [group group-id]}
Syntax Description
Defaults
Sticky connections are not tracked.
Virtual servers are not associated with any groups.Command Modes
SLB virtual server configuration (config-slb-vserver)
Command History
Usage Guidelines
The last real server that was used for a connection from a client is stored for the set duration seconds. If a new connection from the client to the virtual server is initiated during that time, the same real server that was used for the previous connection is chosen for the new connection. If two virtual servers are placed in the same group, coincident connection requests for those services from the same IP address are handled by the same real server.
In Virtual Private Network (VPN) server load balancing, remember the following requirements:
•
•
•
In general packet radio service (GPRS) load balancing and the Home Agent Director, the sticky command is not supported.
In RADIUS load balancing, remember the following requirements:
•
•
•
•
•
For GTP load balancing:
•
•
For ASN load balancing, if you configure the sticky asn msid command, you must also configure the virtual command with the service asn keywords specified.
Examples
The following example specifies that if a client's subsequent request for a virtual server is made within 60 seconds of the previous request, then the same real server is used for the connection. This example also places the virtual server in group 10.
Router(config)# ip slb vserver VS1Router(config-slb-vserver)# sticky 60 group 10Related Commands
synguard (virtual server)
To limit the rate of TCP SYNchronize sequence numbers (SYNs) handled by a virtual server to prevent a SYN flood denial-of-service attack, use the synguard command in SLB virtual server configuration mode. To remove the threshold, use the no form of this command.
synguard syn-count [interval]
no synguard
Syntax Description
Defaults
The default number of unacknowledged SYNs that are allowed to be outstanding to a virtual server is 0 (off).
The default interval is 100 ms.Command Modes
SLB virtual server configuration (config-slb-vserver)
Command History
Usage Guidelines
In general packet radio service (GPRS) load balancing and the Home Agent Director, the synguard command has no meaning and is not supported.
Examples
The following example sets the threshold of unacknowledged SYNs to 50:
Router(config)# ip slb vserver PUBLIC_HTTPRouter(config-slb-vserver)# synguard 50Related Commands
show ip slb vservers
Displays information about the virtual servers defined to IOS SLB.
virtual
Configures the virtual server attributes.
Feedback