HSRP Configuration
Configuring basic HSRP is a multistep process. The following are the steps to configure a basic HSRP configuration on the Cisco Nexus 7000 or 9000 Series switch:
Step 1. Enable the HSRP feature.
Step 2. Configure the HSRP version.
Step 3. Configure the HSRP group.
Step 4. Configure the virtual IP of the HSRP group.
Step 5. Configure the HSRP interface priority and preemption.
Step 6. (Optional) Configure HSRP authentication.
Step 7. (Optional) Configure HSRP object tracking.
First, you must globally enable the HSRP feature. Next, you configure the HSRP version on the interface supporting HSRP configuration. Then, you configure an HSRP group on the same interface and configure the virtual IP address. Next, you configure the HSRP priority on an interface along with preemption feature, if required. Optionally, you can configure HSRP authentication using either a plaintext password or MD5 authentication. Also, you can optionally configure the HSRP group to adjust its priority based on the availability of an interface.
Table 3-2 summarizes the NX-OS CLI commands related to basic HSRP configuration and verification.
Table 3-2 Summary of NX-OS CLI Commands for HSRP Configuration and Verification
| Command | Purpose |
| configure terminal | Enters global configuration mode. |
| [no] feature hsrp | Enables the HSRP feature. Use the no form of this command to disable HSRP for all groups. |
| interface vlan number | Creates a VLAN interface. The number range is from 1 to 4094. |
| hsrp version {1 | 2} | Confirms the HSRP version. Version 1 is the default. |
| hsrp group-number [ipv4 | ipv6] | Creates an HSRP group and enters HSRP configuration mode. |
| ip [ ip-address [secondary]] | Configures the virtual IP address for the HSRP group and enables the group. This address should be in the same subnet as the IPv4 address of the interface. |
| priority [ value ] | Sets the priority level used to select the active router in an HSRP group. The range is from 0 to 255. The default is 100. |
| preempt [delay [minimum seconds ] [reload seconds ] [sync seconds ]] | Configures the router to take over as the active router for an HSRP group if it has a higher priority than the current active router. This command is disabled by default. Optionally, you configure a delay of the HSRP group preemption by the configured time. The range is from 0 to 3600 seconds. |
| show hsrp [group group-number ] [ipv4] | Displays HSRP information. |
| show hsrp brief | Displays a brief summary of the HSRP status for all groups in the device. |
Examples 3-1 to 3-3 show the basic HSRP configuration and verification on the sample topology shown in Figure 3-6. The base IP addresses have already been configured in VLAN 100 on the sample topology. Here, we will focus on HSRP-specific configuration. N7K-A and N7K-B will act as redundant gateways using HSRP.
Figure 3-6 Sample Topology for HSRP Configuration and Verification
In Example 3-1, we will see the basic HSRP configuration on N7K-A and N7K-B.
Example 3-1 HSRP Configuration
! Enabling HSRP feature on N7K-A and N7K-B.
N7K-A
N7K-A#
configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
N7K-A(config)#
feature hsrp
N7K-A(config)#
N7K-B
N7K-B#
configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
N7K-B(config)#
feature hsrp
N7K-B(config)#
! Configuring HSRP version 2 for interface Vlan 100. HSRP version 1 is the default.
N7K-A
N7K-A(config)#
interface vlan 100
N7K-A(config-if)#
hsrp version 2
N7K-B
N7K-B(config)#
interface vlan 100
N7K-B(config-if)#
hsrp version 2
! Configuring the HSRP group 100 for interface vlan 100 with 192.168.100.1 as the
virtual IP.
N7K-A
N7K-A(config-if)#
hsrp 100
N7K-A(config-if-hsrp)#
ip 192.168.100.1
N7K-A(config-if-hsrp)#
N7K-B
N7K-B(config-if)#
hsrp 100
N7K-B(config-if-hsrp)#
ip 192.168.100.1
N7K-B(config-if-hsrp)#
! Setting higher priority for N7K-A with preemption feature. The default priority
is 100. Preempt setting only applies to the router with higher priority if a router
with lower priority is in active state. This usually means that there was a failure
of the router with higher priority. Below configuration will assure that N7K-A
becomes HSRP active router.
N7K-A
N7K-A(config-if-hsrp)#
priority 120
N7K-A(config-if-hsrp)#
preempt
N7K-A(config-if-hsrp)#
end
N7K-A#
In Example 3-2, we see the HSRP verification commands.
Example 3-2 HSRP Verification
! Verifying HSRP group 100 and hsrp configuration in brief format.
N7K-A
N7K-A#
show hsrp group 100
Vlan100-Group 100 (HSRP-V2) (IPv4)
Local state is Active, priority 120
(Cfged 120), may preempt
Forwarding threshold(for vPC), lower: 1 upper: 120
Hellotime 3 sec, holdtime 10 sec
Next hello sent in 0.687000 sec(s)
Virtual IP address is 192.168.100.1 (Cfged)
Active router is local
Standby router is 192.168.100.3 , priority 100
expires in 9.771000 sec(s)
Authentication text “cisco”
Virtual mac address is 0000.0c9f.f064 (Default MAC)
7 state changes, last state change 00:21:48
IP redundancy name is hsrp-Vlan100-100 (default)
N7K-A#
show hsrp brief
*:IPv6 group #:group belongs to a bundle
P indicates configured to preempt.
|
Interface Grp Prio P State Active addr Standby addr Group addr
Vlan100 100 120 P
Active
local 192.168.100.3 192.168.100.1
(conf)
N7K-A#
N7K-B
N7K-B#
show hsrp group 100
Vlan100- Group 100
(HSRP-V2) (IPv4)
Local state is Standby, priority 100
(Cfged 100)
Forwarding threshold(for vPC), lower: 1 upper: 100
Hellotime 3 sec, holdtime 10 sec
Next hello sent in 1.945000 sec(s)
Virtual IP address is 192.168.100.1
(Cfged)
Active router is 192.168.100.2, priority 120
expires in 9.040000 sec(s)
Standby router is local
Authentication text “cisco”
Virtual mac address is 0000.0c9f.f064 (Default MAC)
6 state changes, last state change 00:22:48
IP redundancy name is hsrp-Vlan100-100 (default)
N7K-B#
show hsrp brief
*:IPv6 group #:group belongs to a bundle
P indicates configured to preempt.
|
Interface Grp Prio P State Active addr Standby addr Group addr
Vlan100 100 100
Standby
192.168.100.2 local 192.168.100.1
(conf)
N7K-B#
In Example 3-3, we see the impact of the HSRP preempt configuration on HSRP operation.
Example 3-3 Preempt Feature VerificationClick here to view code image
! Shutting down interface vlan 100 on N7K-A HSRP active router. N7K-B takes over
the active role. HSRP on N7K-A will be stuck in initial state.
N7K-A
N7K-A#
configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
N7K-A(config)#
interface vlan 100
N7K-A(config-if)#
shutdown
N7K-A(config-if)#
show hsrp brief
*:IPv6 group #:group belongs to a bundle
P indicates configured to preempt.
|
Interface Grp Prio P State Active addr Standby addr Group addr
Vlan100 100 120 P
Initial
unknown unknown 192.168.100.1
(conf)
N7K-B
N7K-B#
show hsrp brief
*:IPv6 group #:group belongs to a bundle
P indicates configured to preempt.
|
Interface Grp Prio P State Active addr Standby addr Group addr
Vlan100 100 100
Active
local unknown 192.168.100.1
(conf)
N7K-B#
! Bringing the interface vlan 100 up on N7K-A. Preempt feature kicks in because
N7K-A has higher priority and N7K-A takes over the active role once again.
N7K-A
N7K-A(config-if)#
no shutdown
N7K-A(config-if)#
show hsrp brief
*:IPv6 group #:group belongs to a bundle
P indicates configured to preempt.
|
Interface Grp Prio P State Active addr Standby addr Group addr
Vlan100 100 120 P
Active
local unknown 192.168.100.1
(conf)
N7K-A(config-if)#
N7K-B
N7K-B#
show hsrp brief
*:IPv6 group #:group belongs to a bundle
P indicates configured to preempt.
|
Interface Grp Prio P State Active addr Standby addr Group addr
Vlan100 100 100
Standby
192.168.100.2 local 192.168.100.1
(conf)
N7K-B#