HSRP — First Hop Redundancy Configuration

End devices — PCs, servers, phones — are configured with a single default gateway. If that gateway router fails, the host loses all connectivity to remote networks regardless of how many redundant paths exist in the network core. HSRP (Hot Standby Router Protocol) solves this by making two physical routers appear as a single virtual router to hosts. The virtual router has its own IP address and MAC address — hosts use this as their default gateway and remain unaware of which physical router is currently active. For an overview of HSRP see HSRP Overview.

HSRP is a Cisco-proprietary First Hop Redundancy Protocol (FHRP). One router is elected Active — it forwards all traffic from hosts. The other is Standby — it monitors the Active router and takes over within seconds if the Active fails. Hosts never need to update their ARP cache or default gateway configuration during a failover. For alternatives see VRRP & GLBP.

Before starting, complete Inter-VLAN Routing — Router-on-a-Stick and Static Route Configuration to understand default gateways and router redundancy context. For Layer 3 switch deployments see Inter-VLAN Routing — Layer 3 Switch. For VLAN segmentation context see VLANs. For DHCP delivery of the HSRP VIP as the default gateway see DHCP Server Configuration and DHCP Relay Agent.

1. HSRP — Core Concepts

The Problem HSRP Solves

Without HSRP, a network with two routers provides no automatic failover for end hosts:

✗ Without HSRP R1 GW: 192.168.10.1 (only router) R2 192.168.10.2 (unused backup) PC1 GW: 192.168.10.1 R1 fails → PC1 loses all connectivity Admin must manually change gateway ✓ With HSRP — Virtual Router R1 — Active 192.168.10.1 Priority: 110 R2 — Standby 192.168.10.2 Priority: 100 Hello Virtual IP: 192.168.10.254 Shared VIP — forwarded by Active (R1) PC1 GW: 192.168.10.254 R1 fails → R2 takes 192.168.10.254 PC1 never changes its gateway ✓ NetsTuts

HSRP Roles and Virtual Addresses

Element Description Notes
Virtual IP (VIP) The shared IP address that hosts use as their default gateway Must be in the same subnet as the real router interfaces. Hosts ARP for this IP.
Virtual MAC A shared MAC address generated from the HSRP group number Format: 0000.0C07.ACxx where xx = HSRP group in hex (group 1 = 0x01)
Active Router The router currently forwarding traffic for the virtual IP Responds to ARPs for the VIP, forwards all host traffic
Standby Router The backup router monitoring the Active via Hello packets Takes over the VIP and virtual MAC if the Active fails
HSRP Group A number (0–255) that identifies the HSRP instance on an interface Both routers must use the same group number on the same subnet

HSRP Election — Priority and Preempt

The Active router is elected based on priority (higher wins, default 100). If priorities are equal, the router with the higher IP address on that interface becomes Active. The preempt option allows a higher-priority router to reclaim the Active role after recovering from a failure — without it, the current Active keeps the role even if a higher-priority router comes back online.

Parameter Default Effect
Priority 100 Higher value wins the Active election. Range: 1–255.
Preempt Disabled When enabled, the higher-priority router forces itself Active as soon as it comes online — even if another router is currently Active
Hello timer 3 seconds How often the Active sends Hello packets to the Standby
Hold timer 10 seconds How long the Standby waits for a Hello before declaring the Active failed and taking over

HSRP States

State Meaning Normal?
Initial HSRP has just started — interface recently came up Transitional
Learn Waiting to hear the virtual IP from the Active router Transitional
Listen Knows the VIP — monitoring but neither Active nor Standby Normal for a third router in the group
Speak Sending Hello packets and participating in Active/Standby election Transitional during election
Standby Backup router — monitoring Active, ready to take over ✅ Normal goal state for the backup router
Active Currently forwarding traffic for the virtual IP ✅ Normal goal state for the primary router

FHRP Comparison — HSRP vs VRRP vs GLBP

Protocol Standard Load Balancing Active Routers Virtual MAC Format
HSRP v1 Cisco proprietary ❌ No (one Active at a time) 1 Active, 1 Standby 0000.0C07.ACxx
HSRP v2 Cisco proprietary ❌ No (one Active at a time) 1 Active, 1 Standby 0000.0C9F.Fxxx
VRRP IEEE 802.1 (open standard) ❌ No (one Master at a time) 1 Master, multiple Backup 0000.5E00.01xx
GLBP Cisco proprietary ✅ Yes — multiple AVFs forward simultaneously 1 AVG + multiple AVFs 0007.B400.xxyy
HSRP version 2 differences: HSRPv2 extends the group number range from 0–255 to 0–4095, uses a different multicast address (224.0.0.102 vs 224.0.0.2 for v1), and uses a different virtual MAC format. Both versions on the same interface must use the same version number — mixing v1 and v2 on the same group prevents the HSRP relationship from forming. For VRRP and GLBP details see VRRP & GLBP.

2. Lab Topology & Scenario

Two routers (R1 and R2) share a LAN segment serving PC1. Both routers connect to the upstream network for internet and inter-site routing. R1 is the intended primary (higher priority). R2 is the standby. Hosts use the virtual IP 192.168.10.254 as their default gateway.

Lab Topology — HSRP Group 10, Virtual IP 192.168.10.254 Upstream Network (10.0.0.0/30 links) Gi0/1 Gi0/1 NetsTuts_R1 HSRP Active Priority: 110 Gi0/0: 192.168.10.1 NetsTuts_R2 HSRP Standby Priority: 100 (default) Gi0/0: 192.168.10.2 Hello (224.0.0.102) 192.168.10.0/24 — LAN Switch Virtual IP: 192.168.10.254 Virtual MAC: 0000.0C07.AC0A (group 10) PC1 — Default Gateway 192.168.10.254 (HSRP VIP — Group 10) R1 preempt enabled — reclaims Active after recovery Failover: Hold timer 10s · Hello timer 3s
Device Interface Real IP HSRP Role Priority
NetsTuts_R1 Gi0/0 192.168.10.1 /24 Active (intended) 110
NetsTuts_R2 Gi0/0 192.168.10.2 /24 Standby 100 (default)
Virtual Router 192.168.10.254 /24 Shared virtual gateway

3. Step 1 — Configure HSRP on NetsTuts_R1 (Active)

HSRP is configured at the interface level — not under a routing process. All HSRP commands are applied directly to the LAN interface that faces the hosts. 

NetsTuts_R1>en
NetsTuts_R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.

NetsTuts_R1(config)#interface GigabitEthernet0/0
NetsTuts_R1(config-if)#description LAN-HSRP-Primary
NetsTuts_R1(config-if)#ip address 192.168.10.1 255.255.255.0
NetsTuts_R1(config-if)#no shutdown

! ── HSRP Group 10 — Virtual IP ───────────────────────────
NetsTuts_R1(config-if)#standby 10 ip 192.168.10.254

! ── Set higher priority to become Active ─────────────────
NetsTuts_R1(config-if)#standby 10 priority 110

! ── Preempt — reclaim Active role after recovering ───────
NetsTuts_R1(config-if)#standby 10 preempt

! ── Optional: Tune Hello and Hold timers ─────────────────
NetsTuts_R1(config-if)#standby 10 timers 3 10

! ── Optional: Use HSRPv2 ─────────────────────────────────
NetsTuts_R1(config-if)#standby version 2

NetsTuts_R1(config-if)#exit
NetsTuts_R1(config)#end
NetsTuts_R1#wr
Building configuration...
[OK]
NetsTuts_R1#
%HSRP-6-STATECHANGE: GigabitEthernet0/0 Grp 10 state Speak -> Active
The syslog message STATECHANGE: state Speak → Active confirms R1 has won the election and is now the Active HSRP router for group 10. Since R2 is not yet configured (or has lower priority), R1 takes Active by default. After completing both routers save the configuration with write memory.

HSRP Command Breakdown

Command What It Does Notes
standby [group] ip [VIP] Defines the HSRP group number and virtual IP address Group must match on both routers. VIP must be in the same subnet as the interface IP.
standby [group] priority [value] Sets the HSRP priority for this router in this group (default 100) Higher priority wins. Range 1–255. Both routers have default 100 if not set — IP address breaks the tie.
standby [group] preempt Allows this router to forcibly reclaim the Active role when it comes online with a higher priority Without preempt, a recovering router stays Standby even if it has higher priority
standby [group] timers [hello] [hold] Customises Hello and Hold timers in seconds (default 3/10) Must match on all routers in the group. Shorter timers = faster failover but more Hello traffic
standby version 2 Enables HSRPv2 on the interface Must match version on both routers. HSRPv1 and v2 cannot coexist on the same group

4. Step 2 — Configure HSRP on NetsTuts_R2 (Standby)

R2 uses the same group number (10) and the same virtual IP (192.168.10.254). Its priority is left at the default (100) — lower than R1's 110 — ensuring R2 becomes Standby. Preempt is also configured on R2 so it can reclaim the Active role if R1 fails and later recovers while R2 is already Active. 

NetsTuts_R2>en
NetsTuts_R2#conf t
Enter configuration commands, one per line.  End with CNTL/Z.

NetsTuts_R2(config)#interface GigabitEthernet0/0
NetsTuts_R2(config-if)#description LAN-HSRP-Secondary
NetsTuts_R2(config-if)#ip address 192.168.10.2 255.255.255.0
NetsTuts_R2(config-if)#no shutdown

! ── Same group number and virtual IP as R1 ───────────────
NetsTuts_R2(config-if)#standby 10 ip 192.168.10.254

! ── Default priority 100 — lower than R1's 110 ───────────
NetsTuts_R2(config-if)#standby 10 priority 100

! ── Preempt so R2 can reclaim Active if R1 fails ─────────
NetsTuts_R2(config-if)#standby 10 preempt

NetsTuts_R2(config-if)#standby 10 timers 3 10
NetsTuts_R2(config-if)#standby version 2

NetsTuts_R2(config-if)#exit
NetsTuts_R2(config)#end
NetsTuts_R2#wr
Building configuration...
[OK]
NetsTuts_R2#
%HSRP-6-STATECHANGE: GigabitEthernet0/0 Grp 10 state Speak -> Standby
R2 transitions to Standby — it hears R1's Hello packets, sees R1's priority of 110 is higher than its own 100, and settles into the backup role. The Standby router monitors the Active's Hellos on multicast 224.0.0.102 (HSRPv2).

5. Step 3 — Interface Tracking (HSRP Object Tracking)

A critical limitation of basic HSRP: R1 may remain Active even if its upstream interface fails — hosts continue sending traffic to R1, which cannot forward it upstream. Interface tracking solves this by automatically decrementing R1's HSRP priority when a tracked interface goes down, triggering a failover to R2: 

! ── Step 1: Define a tracking object for R1's WAN interface
NetsTuts_R1(config)#track 1 interface GigabitEthernet0/1 line-protocol

! ── Step 2: Link the track object to HSRP ────────────────
NetsTuts_R1(config)#interface GigabitEthernet0/0
NetsTuts_R1(config-if)#standby 10 track 1 decrement 20
NetsTuts_R1(config-if)#exit
If Gi0/1 (WAN/uplink) goes down on R1, the tracking object triggers and R1's HSRP priority drops by 20 — from 110 to 90. Since R2's priority (100) is now higher than R1's adjusted priority (90), and R2 has preempt enabled, R2 takes over as Active. When Gi0/1 recovers, R1's priority returns to 110 and preempt on R1 reclaims the Active role. For IP SLA as an alternative tracking mechanism see IP SLA Configuration & Tracking.

Tracking Logic Example

Condition R1 Priority R2 Priority HSRP Active
Normal — all links up 110 100 ✅ R1
R1's Gi0/1 (WAN) goes down 110 − 20 = 90 100 ✅ R2 (preempts R1)
R1's Gi0/1 recovers 90 + 20 = 110 100 ✅ R1 (preempts back)
R1 completely fails (power/crash) 100 ✅ R2 (Hold timer expires)

6. HSRP Load Balancing — Multiple Groups

While HSRP only allows one Active router per group, you can create two HSRP groups on the same interface — making R1 Active for one group and R2 Active for the other. Half the hosts use one VIP and half use the other, effectively distributing load across both routers: 

! ══ R1: Active for Group 10, Standby for Group 20 ════════
NetsTuts_R1(config)#interface GigabitEthernet0/0
NetsTuts_R1(config-if)#standby 10 ip 192.168.10.254
NetsTuts_R1(config-if)#standby 10 priority 110
NetsTuts_R1(config-if)#standby 10 preempt
NetsTuts_R1(config-if)#standby 20 ip 192.168.10.253
NetsTuts_R1(config-if)#standby 20 priority 90
NetsTuts_R1(config-if)#standby 20 preempt

! ══ R2: Standby for Group 10, Active for Group 20 ════════
NetsTuts_R2(config)#interface GigabitEthernet0/0
NetsTuts_R2(config-if)#standby 10 ip 192.168.10.254
NetsTuts_R2(config-if)#standby 10 priority 90
NetsTuts_R2(config-if)#standby 10 preempt
NetsTuts_R2(config-if)#standby 20 ip 192.168.10.253
NetsTuts_R2(config-if)#standby 20 priority 110
NetsTuts_R2(config-if)#standby 20 preempt
PC1 and PC2 use default gateway 192.168.10.254 (Group 10 — Active: R1). PC3 and PC4 use default gateway 192.168.10.253 (Group 20 — Active: R2). Both routers are simultaneously Active for different hosts — providing true load distribution. Each group still provides full redundancy: if R1 fails, R2 takes over Group 10 as well.

7. Verification

show standby — R1 (Active)

NetsTuts_R1#show standby
GigabitEthernet0/0 - Group 10 (version 2)
  State is Active
    6 state changes, last state change 00:03:21
  Virtual IP address is 192.168.10.254
  Active virtual MAC address is 0000.0C9F.F00A
    Local virtual MAC address is 0000.0C9F.F00A (v2 default)
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 1.568 secs
  Preemption enabled
  Active router is local
  Standby router is 192.168.10.2, priority 100 (expires in 8 sec)
  Priority 110 (configured 110)
  Group name is "hsrp-Gi0/0-10" (default)
Key fields: State is Active — R1 is forwarding. Virtual IP address is 192.168.10.254 — confirmed. Active virtual MAC is 0000.0C9F.F00A — HSRPv2 MAC for group 10. Standby router is 192.168.10.2 — R2 is the backup. Priority 110 — matches configured value. Preemption enabled — R1 will reclaim Active after failover.

show standby — R2 (Standby)

NetsTuts_R2#show standby
GigabitEthernet0/0 - Group 10 (version 2)
  State is Standby
    4 state changes, last state change 00:03:15
  Virtual IP address is 192.168.10.254
  Active virtual MAC address is 0000.0C9F.F00A
    Local virtual MAC address is 0000.0C9F.F00A (v2 default)
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 2.312 secs
  Preemption enabled
  Active router is 192.168.10.1, priority 110 (expires in 9 sec)
  Standby router is local
  Priority 100 (configured 100)
  Group name is "hsrp-Gi0/0-10" (default)
State is Standby — R2 is in backup mode. Active router is 192.168.10.1, priority 110 — R2 can see R1 is Active with priority 110 and its Hello expires in 9 seconds. Standby router is local — R2 acknowledges its own Standby role.

show standby brief — Quick Summary

NetsTuts_R1#show standby brief
                     P indicates configured to preempt.
                     |
Interface   Grp  Pri P State    Active          Standby         Virtual IP
Gi0/0       10   110 P Active   local           192.168.10.2    192.168.10.254
show standby brief is the quickest HSRP status check. One line per group per interface. The P in the Pri column confirms preempt is enabled. Active: local means this router is currently forwarding for the VIP.

Simulating a Failover — Shutdown R1's Interface

! ── Simulate R1 failure ───────────────────────────────────
NetsTuts_R1(config)#interface GigabitEthernet0/0
NetsTuts_R1(config-if)#shutdown

! ── On R2: observe state change ──────────────────────────
NetsTuts_R2#
%HSRP-6-STATECHANGE: GigabitEthernet0/0 Grp 10 state Standby -> Active
  
NetsTuts_R2#show standby brief
                     P indicates configured to preempt.
                     |
Interface   Grp  Pri P State    Active          Standby         Virtual IP
Gi0/0       10   100 P Active   local           unknown         192.168.10.254
R2 transitions to Active after R1's Hold timer expires (10 seconds). PC1 continues forwarding traffic to 192.168.10.254 — now answered by R2. Hosts experience a brief outage equal to the Hold timer (10 seconds by default, 3 seconds with tuned timers).

Simulating Recovery — Restore R1

! ── Restore R1's interface ───────────────────────────────
NetsTuts_R1(config-if)#no shutdown

! ── R1 reclaims Active due to preempt + higher priority ──
NetsTuts_R1#
%HSRP-6-STATECHANGE: GigabitEthernet0/0 Grp 10 state Speak -> Active
Because standby 10 preempt is configured on R1, it reclaims the Active role as soon as it comes back online with a higher priority (110 vs R2's 100). Without preempt, R2 would remain Active even after R1 returned.

show track — Verify Interface Tracking

NetsTuts_R1#show track 1
Track 1
  Interface GigabitEthernet0/1 Line Protocol
  Line protocol is Up
  1 change, last change 00:05:12
  Tracked by:
    HSRP GigabitEthernet0/0 10
Track object 1 monitors Gi0/1 (the WAN/uplink). Status shows Line protocol is Up — currently healthy. The "Tracked by" line confirms it is linked to HSRP group 10 on Gi0/0.

Verification Command Summary

Command What It Shows Primary Use
show standby Full HSRP status — state, VIP, virtual MAC, timers, priority, preempt, Active/Standby addresses Primary HSRP verification command
show standby brief One-line summary per group — state, Active IP, Standby IP, VIP, preempt flag Quick health check across multiple groups
show track [number] Status of tracked objects and which HSRP groups are linked to them Verify interface tracking is working correctly
show standby [int] [group] Filtered to a specific interface and group Multi-group environments — check one group at a time
show logging HSRP state change events with timestamps — STATECHANGE syslog messages Post-incident analysis of failover timing
show ip route / show ip route Confirm upstream routing is intact on the Active router Verify the Active router can actually reach upstream networks

8. Troubleshooting HSRP Issues

Problem Symptom Cause Fix
Both routers show Active state show standby on both R1 and R2 says "State is Active" HSRP Hello packets are not reaching between routers — Layer 2 connectivity issue, or different HSRP versions (v1 vs v2 on same group) preventing communication Verify L2 connectivity with ping 192.168.10.2 from R1. Check HSRP version matches on both routers with show standby. See show interfaces for L2 errors and Troubleshooting Layer 2 VLANs & Trunks
Higher-priority router stays Standby R1 has priority 110 but R2 (priority 100) remains Active after R1 comes back preempt is not configured on R1 — it cannot force itself Active even with higher priority Add standby [group] preempt on R1. Verify with show standby — "Preemption enabled" must appear
Failover not occurring when WAN fails R1's Gi0/1 (WAN) is down but R1 remains Active — traffic black hole Interface tracking not configured — HSRP only monitors Hello packets, not upstream reachability Configure tracking: track 1 interface Gi0/1 line-protocol and standby 10 track 1 decrement 20 on R1
VIP not responding to ARP Hosts cannot reach the virtual IP — ARP for 192.168.10.254 gets no reply No HSRP group is in Active state — both routers may be in Speak or Listen state Check show standby brief on both routers — at least one must show Active. Check IP addresses and group numbers match
HSRP version mismatch Both routers configured with correct parameters but neither reaches Active/Standby One router uses standby version 2 and the other uses default (version 1) — they communicate on different multicast addresses Ensure both routers use the same HSRP version: either both use standby version 2 or both leave version at default (v1). Check with show standby — version shown in parentheses
Frequent HSRP flapping STATECHANGE syslog messages cycling rapidly — Active and Standby keep switching Hello packets being dropped — high CPU, congested link, or mismatched timers between routers Verify timer settings match on both routers. Check CPU load with show processes cpu. Consider increasing Hold timer to reduce sensitivity to occasional Hello delays

Key Points & Exam Tips

  • HSRP creates a virtual router with a shared virtual IP and virtual MAC. Hosts use the virtual IP as their default gateway — they never need to know which physical router is currently Active.
  • The Active router forwards all traffic. The Standby router monitors via Hello packets and takes over when the Active's Hold timer expires (default 10 seconds).
  • HSRP priority determines which router becomes Active — higher wins (default 100). Equal priorities cause the router with the higher interface IP to win.
  • Preempt must be explicitly configured to allow a higher-priority router to reclaim the Active role after recovering. Without preempt, the current Active keeps the role regardless of priority.
  • HSRP virtual MAC format for version 1: 0000.0C07.ACxx. For version 2: 0000.0C9F.Fxxx. The last bytes encode the group number in hex.
  • Interface tracking (track + standby track decrement) is essential in production — it triggers a failover when the Active router's uplink fails, not just when the router itself fails.
  • HSRP uses multicast 224.0.0.2 (v1) or 224.0.0.102 (v2) for Hello packets. Both routers must use the same version or communication fails.
  • Multiple HSRP groups on the same interface enable load balancing — R1 is Active for Group 10, R2 is Active for Group 20. Different hosts are configured with different VIPs.
  • show standby brief is the fastest verification — one line per group showing state, Active IP, Standby IP, VIP, and preempt flag (P).
  • On the CCNA exam: know HSRP is Cisco proprietary (VRRP is the open standard), the Active/Standby roles, priority and preempt behaviour, and the O*E2 default route is separate from HSRP — HSRP is Layer 2/3 gateway redundancy, not routing protocol redundancy.
Next Steps: With default gateway redundancy in place, continue to DHCP Server Configuration to ensure hosts receive the HSRP virtual IP as their default gateway automatically, combined with DHCP Relay Agent for multi-subnet deployments. For routing protocol redundancy on the upstream links, revisit OSPF Single-Area Configuration, OSPF Multi-Area Configuration, and Default Route Redistribution into OSPF. For redundant Layer 2 uplinks to complement HSRP see EtherChannel LACP. For open-standard alternatives see VRRP & GLBP.

TEST WHAT YOU LEARNED

R1 and R2 are both configured with HSRP group 10. R1 has priority 120, R2 has priority 100. Neither has preempt configured. R2 came online first and is currently Active. What happens when R1 comes online?

Correct answer is D. HSRP elections only occur when no Active router is present. Once an Active router is elected, it keeps that role until its Hold timer expires or a higher-priority router with preempt configured comes online. Without standby [group] preempt on R1, it sees R2 is already Active and simply becomes Standby — even though R1 has higher priority. Preempt is the key: with it, R1 would send a coup Hello and force R2 to become Standby.

What is the HSRP virtual MAC address for group 10 using HSRPv1?

Correct answer is B. HSRPv1 virtual MAC addresses follow the format 0000.0C07.ACxx where the last byte (xx) is the HSRP group number in hexadecimal. Group 10 decimal = 0x0A, so the virtual MAC is 0000.0C07.AC0A. HSRPv2 uses a different format: 0000.0C9F.Fxxx where the last 12 bits represent the group number. VRRP uses 0000.5E00.01xx and GLBP uses 0007.B400.xxyy — knowing these MAC formats is a common CCNA exam question.

R1 is the HSRP Active router for group 10 on Gi0/0 (facing the LAN). R1's WAN uplink (Gi0/1) goes down. Hosts complain they cannot reach the internet. What configuration would have prevented this?

Correct answer is A. HSRP by default only monitors Hello packets on the LAN interface — it has no awareness of whether the Active router can actually reach upstream networks. If R1's WAN uplink fails, R1 remains Active (its LAN interface is still up) but cannot forward traffic to the internet. Interface tracking with the track command creates a link between the WAN interface health and HSRP priority. When Gi0/1 goes down, the decrement reduces R1's priority below R2's, triggering R2 (which has preempt) to take over as Active.

Both R1 and R2 show "State is Active" in show standby. What is this condition called and what is the most likely cause?

Correct answer is C. When HSRP Hello multicast packets cannot travel between R1 and R2 (due to a switch misconfiguration, VLAN mismatch, or failed link), each router's Hold timer eventually expires without hearing the other's Hello. Without a Standby router's Hellos, each router independently claims the Active role — this is HSRP split-brain. Both routers respond to ARP for the virtual IP, causing MAC address flapping on the switch and unpredictable traffic forwarding. Fix the L2 connectivity issue and both routers will re-elect correctly.

An engineer configures two HSRP groups on the same interface — Group 10 (VIP: .254) and Group 20 (VIP: .253). R1 is Active for Group 10 and R2 is Active for Group 20. PC1 uses .254 and PC2 uses .253 as their gateway. What is the purpose of this design?

Correct answer is D. HSRP only allows one Active router per group — meaning one physical router handles all traffic for that VIP. To use both routers simultaneously, the network admin creates two groups with different VIPs and configures half the hosts to use each VIP. R1 is Active for Group 10 and Standby for Group 20; R2 is Active for Group 20 and Standby for Group 10. This distributes load across both routers. If either fails, the other's preempt kicks in and takes over both groups, providing full redundancy with simultaneous load distribution.

What is the default HSRP Hold timer and what does it determine?

Correct answer is A. HSRP default timers are Hello = 3 seconds and Hold = 10 seconds. The Hold timer is the maximum time the Standby router waits without receiving a Hello from the Active before declaring it dead and transitioning to Active itself. With default timers, worst-case failover is approximately 10 seconds (one Hold timer expiry). Tuning to 1/3 seconds reduces this to 3 seconds. Both timers must match between all routers in the HSRP group.

What is the key difference between HSRP and VRRP?

Correct answer is C. The most fundamental difference is standards compliance: HSRP is a Cisco-proprietary protocol — it only works between Cisco devices. VRRP (RFC 5798, formerly RFC 3768) is an open IEEE standard implemented by virtually all network vendors, making it the choice for multi-vendor environments. Functionally they are similar — both provide virtual IP/MAC redundancy with Active/Master and Standby/Backup roles. Key differences: HSRP uses 224.0.0.2/224.0.0.102, VRRP uses 224.0.0.18. VRRP virtual MAC: 0000.5E00.01xx. VRRP preempts by default (unlike HSRP where it must be explicitly enabled).

R1 (HSRP Active, priority 110) has interface tracking configured with decrement 20. R1's tracked WAN interface goes down. What is R1's new effective priority and what happens next if R2 has priority 100 and preempt enabled?

Correct answer is B. When the tracked interface goes down, R1's HSRP priority is immediately decremented by the configured value (20), dropping from 110 to 90. R1 advertises this new priority in its next Hello packet. R2 receives the Hello, compares priorities (R2: 100 > R1: 90), and since R2 has preempt enabled, it sends a coup Hello claiming the Active role. R1 accepts the coup and transitions to Standby. The entire failover happens within one Hold timer period after the priority change is communicated.

A PC is configured with default gateway 192.168.10.254 (the HSRP VIP). The Active router fails and R2 takes over. Does the PC need to send a new ARP request for 192.168.10.254?

Correct answer is D. This is the core value of HSRP's virtual MAC address. The PC's ARP cache maps 192.168.10.254 to the virtual MAC (e.g., 0000.0C07.AC0A for group 10). When R2 takes over as Active, it immediately begins responding to traffic destined for this same virtual MAC — R2 "owns" the virtual MAC address now. The PC has no awareness that the physical router has changed. It continues sending frames to 0000.0C07.AC0A which are now received and forwarded by R2 instead of R1. No ARP re-request is needed.

Which command provides the fastest single-line-per-group summary of HSRP state, showing Active/Standby IP addresses, VIP, and whether preempt is configured?

Correct answer is C. show standby brief produces a compact table — one row per HSRP group per interface — showing interface, group number, priority, preempt flag (P), current state (Active/Standby/Listen), Active router IP, Standby router IP, and virtual IP. It is the go-to command for a rapid health check, especially on routers with multiple HSRP groups. show standby (without brief) provides much more detail per group but is harder to read quickly across multiple groups.

Related Topics & Step-by-Step Tutorials

Related concepts and next steps:

Back to Home