FHRP - HSRP Group Shutdown

Information About FHRP - HSRP Group Shutdown

How Object Tracking Affects the Priority of an HSRP Device

The priority of a device can change dynamically if it has been configured for object tracking and the object that is being tracked goes down. The tracking process periodically polls the tracked objects and notes any change of value. The changes in the tracked object are communicated to HSRP, either immediately or after a specified delay. The object values are reported as either up or down. Examples of objects that can be tracked are the line protocol state of an interface or the reachability of an IP route. If the specified object goes down, the HSRP priority is reduced. The HSRP device with the higher priority can become the active device if it has the standby preempt command configured.

HSRP Object Tracking

Object tracking separates the tracking mechanism from HSRP and creates a separate standalone tracking process that can be used by any other process as well as HSRP. The priority of a device can change dynamically when it has been configured for object tracking and the object that is being tracked goes down. Examples of objects that can be tracked are the line protocol state of an interface or the reachability of an IP route. If the specified object goes down, the HSRP priority is reduced.

A client process such as HSRP, Virtual Router Redundancy Protocol (VRRP), or Gateway Load Balancing Protocol (GLBP) can register its interest in tracking objects and then be notified when the tracked object changes state.

For more information about object tracking, see the "Configuring Enhanced Object Tracking" document.

HSRP Group Shutdown

The FHRP—HSRP Group Shutdown feature enables you to configure an HSRP group to become disabled (its state changed to Init) instead of having its priority decremented when a tracked object goes down. Use the standby track command with the shutdown keyword to configure HSRP group shutdown.

If an object is already being tracked by an HSRP group, you cannot change the configuration to use the HSRP Group Shutdown feature. You must first remove the tracking configuration using the no standby track command and then reconfigure it using the standby track command with the shutdown keyword.

How to Configure FHRP - HSRP Group Shutdown

Configuring HSRP Object Tracking

Perform this task to configure HSRP to track an object and change the HSRP priority based on the state of the object.

Each tracked object is identified by a unique number that is specified on the tracking CLI. Client processes use this number to track a specific object.

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. track object-number interface type number {line-protocol | ip routing}
  4. exit
  5. interface type number
  6. standby [group-number] track object-number [decrement priority-decrement] [shutdown]
  7. standby [group-number] ip [ip-address [secondary]]
  8. end
  9. show track [object-number | brief] [interface [brief] | ip route [brief] | resolution | timers]

DETAILED STEPS

  Command or Action Purpose

Step 1

enable

Example:


Device> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:


Device# configure terminal

Enters global configuration mode.

Step 3

track object-number interface type number {line-protocol | ip routing}

Example:


Device(config)# track 100 interface GigabitEthernet 0/0/0 line-protocol

Configures an interface to be tracked and enters tracking configuration mode.

Step 4

exit

Example:


Device(config-track)# exit

Returns to global configuration mode.

Step 5

interface type number

Example:


Device(config)# interface GigabitEthernet 0/0/0

Configures an interface type and enters interface configuration mode.

Step 6

standby [group-number] track object-number [decrement priority-decrement] [shutdown]

Example:


Device(config-if)# standby 1 track 100 decrement 20

Configures HSRP to track an object and change the Hot Standby priority on the basis of the state of the object.

  • By default, the priority of the device is decreased by 10 if a tracked object goes down. Use the decrement priority-decrement keyword and argument combination to change the default behavior.

  • When multiple tracked objects are down and priority-decrement values have been configured, these configured priority decrements are cumulative. If tracked objects are down, but none of them were configured with priority decrements, the default decrement is 10 and it is cumulative.

  • Use the shutdown keyword to disable the HRSP group on the device when the tracked object goes down.

Note

 

If an object is already being tracked by an HSRP group, you cannot change the configuration to use the HSRP Group Shutdown feature. You must first remove the tracking configuration using the no standby track command and then reconfigure it using the standby track command with the shutdown keyword.

Step 7

standby [group-number] ip [ip-address [secondary]]

Example:


Device(config-if)# standby 1 ip 10.10.10.0
Activates HSRP.

  • The default group number is 0. The group number range is from 0 to 255 for HSRP version 1 and from 0 to 4095 for HSRP version 2.

Step 8

end

Example:


Device(config-if)# end

Returns to privileged EXEC mode.

Step 9

show track [object-number | brief] [interface [brief] | ip route [brief] | resolution | timers]

Example:


Device# show track 100 interface

Displays tracking information.

Configuring HSRP MD5 Authentication Using a Key String


Note

Text authentication cannot be combined with MD5 authentication for an HSRP group at any one time. When MD5 authentication is configured, the text authentication field in HSRP hello messages is set to all zeroes on transmit and ignored on receipt, provided the receiving device also has MD5 authentication enabled.


Note

If you are changing a key string in a group of devices, change the active device last to prevent any HSRP state change. The active device should have its key string changed no later than one hold-time period, specified by the standy timers interface configuration command, after the nonactive devices. This procedure ensures that the nonactive devices do not time out the active device.

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. terminal interface type number
  4. ip address ip-address mask [secondary]
  5. standby [group-number] priority priority
  6. standby [group-number] preempt [delay {minimum | reload | sync} seconds]
  7. standby [group-number] authentication md5 key-string [0 | 7] key [timeout seconds]
  8. standby [group-number] ip [ip-address] [secondary]]
  9. Repeat Steps 1 through 8 on each device that will communicate.
  10. end
  11. show standby

DETAILED STEPS

  Command or Action Purpose

Step 1

enable

Example:


Device> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:


Device# configure terminal

Enters global configuration mode.

Step 3

terminal interface type number

Example:


Device(config)# interface GigabitEthernet 0/0/0

Configures an interface type and enters interface configuration mode.

Step 4

ip address ip-address mask [secondary]

Example:


Device(config-if)# ip address 10.0.0.1 255.255.255.0

Specifies a primary or secondary IP address for an interface.

Step 5

standby [group-number] priority priority

Example:


Device(config-if)# standby 1 priority 110

Configures HSRP priority.

Step 6

standby [group-number] preempt [delay {minimum | reload | sync} seconds]

Example:


Device(config-if)# standby 1 preempt

Configures HSRP preemption.

Step 7

standby [group-number] authentication md5 key-string [0 | 7] key [timeout seconds]

Example:


Device(config-if)# standby 1 authentication md5 key-string d00b4r987654321a timeout 30

Configures an authentication string for HSRP MD5 authentication.

  • The key argument can be up to 64 characters in length. We recommended that at least 16 characters be used.

  • No prefix to the key argument or specifying 0 means the key will be unencrypted.

  • Specifying 7 means the key will be encrypted. The key-string authentication key will automatically be encrypted if the service password-encryption global configuration command is enabled.

  • The timeout value is the period of time that the old key string will be accepted to allow configuration of all routers in a group with a new key.

Step 8

standby [group-number] ip [ip-address] [secondary]]

Example:


Device(config-if)# standby 1 ip 10.0.0.3

Activates HSRP.

Step 9

Repeat Steps 1 through 8 on each device that will communicate.

Step 10

end

Example:


Device(config-if)# end

Returns to privileged EXEC mode.

Step 11

show standby

Example:


Device# show standby

(Optional) Displays HSRP information.

  • Use this command to verify your configuration. The key string or key chain will be displayed if configured.

Configuration Examples for FHRP - HSRP Group Shutdown

Example: Configuring HSRP Object Tracking

In the following example, the tracking process is configured to track the IP-routing capability of serial interface 1/0. HSRP on Gigabit Ethernet interface 0/0/0 then registers with the tracking process to be informed of any changes to the IP-routing state of serial interface 1/0. If the IP state on serial interface 1/0 goes down, the priority of the HSRP group is reduced by 10.

If both serial interfaces are operational, Device A will be the HSRP active device because it has the higher priority. However, if IP routing on serial interface 1/0 in Device A fails, the HSRP group priority will be reduced and Device B will take over as the active device, thus maintaining a default virtual gateway service to hosts on the 10.1.0.0 subnet.

Device A Configuration


Device(config)# track 100 interface serial 1/0/0 ip routing
!
Device(config)# interface GigabitEthernet 0/0/0
Device(config-if)# ip address 10.1.0.21 255.255.0.0
Device(config-if)# standby 1 preempt
Device(config-if)# standby 1 priority 110
Device(config-if)# standby 1 track 100 decrement 10
Device(config-if)# standby 1 ip 10.1.0.1

Device B Configuration


Device(config)# track 100 interface serial 1/0/0 ip routing
!
Device(config)# interface GigabitEthernet 0/0/0
Device(config-if)# ip address 10.1.0.22 255.255.0.0
Device(config-if)# standby 1 preempt
Device(config-if)# standby 1 priority 105
Device(config-if)# standby 1 track 100 decrement 10
Device(config-if)# standby 1 ip 10.1.0.1

Example: Configuring HSRP Group Shutdown

In the following example, the tracking process is configured to track the IP-routing capability of Gigabit Ethernet interface 0/0/0. HSRP on Gigabit Ethernet interface 0/0/1 then registers with the tracking process to be informed of any changes to the IP-routing state of Gigabit Ethernet interface 0/0/0. If the IP state on Gigabit Ethernet interface 0/0/0 goes down, the HSRP group is disabled.

If both Gigabit Ethernet interfaces are operational, Device A will be the HSRP active device because it has the higher priority. However, if IP routing on Gigabit Ethernet interface 0/0/0 in Device A fails, the HSRP group will be disabled and Device B will take over as the active device, thus maintaining a default virtual gateway service to hosts on the 10.1.0.0 subnet.

Device A Configuration


Device(config)# track 100 interface GigabitEthernet 0/0/0 ip routing 
!
Device(config)# interface GigabitEthernet 0/0/1
Device(config-if)# ip address 10.1.0.21 255.255.0.0
Device(config-if)# standby 1 ip 10.1.0.1
Device(config-if)# standby 1 preempt
Device(config-if)# standby 1 priority 110
Device(config-if)# standby 1 track 100 shutdown

Device B Configuration


Device(config)# track 100 interface GigabitEthernet 0/0/0 ip routing 
!
Device(config)# interface GigabitEthernet 0/0/1
Device(config-if)# ip address 10.1.0.22 255.255.0.0
Device(config-if)# standby 1 ip 10.1.0.1
Device(config-if)# standby 1 preempt
Device(config-if)# standby 1 priority 105
Device(config-if)# standby 1 track 100 shutdown

If an object is already being tracked by an HSRP group, you cannot change the configuration to use the HSRP Group Shutdown feature. You must first remove the tracking configuration using the no standby track command and then reconfigure it using the standby track command with the shutdown keyword.

The following example shows how to change the configuration of a tracked object to include the HSRP Group Shutdown feature: 


Device(config)# no standby 1 track 100 decrement 10
Device(config)# standby 1 track 100 shutdown

Additional References

Related Documents

Related Topic

Document Title

Cisco IOS commands

Cisco IOS Master Commands List, All Releases

HSRP commands: complete command syntax, command mode, command history, defaults, usage guidelines, and examples

Cisco IOS First Hop redundancy Protocols Command Reference

HSRP for IPv6

“HSRP for IPv6” module

Troubleshooting HSRP

Hot Standby Router Protocol: Frequently Asked Questions

Standards

Standards

Title

No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.

--

MIBs

MIBs

MIBs Link

CISCO-HSRP-MIB CISCO-HSRP-EXT-MIB

To locate and download MIBs for selected platforms, Cisco software releases, and feature sets, use Cisco MIB Locator found at the following URL:

http://www.cisco.com/go/mibs

RFCs

RFCs

Title

RFC 792

Internet Control Message Protocol

RFC 1828

IP Authentication Using Keyed MD5

RFC 2281

Cisco Hot Standby Router Protocol

Technical Assistance

Description

Link

The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.

http://www.cisco.com/cisco/web/support/index.html

Feature Information for FHRP - HSRP Group Shutdown

The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.