I’ve added SW3 to the Router Group to fully demonstrate all States and behaviors, starting with an overview of the States and leading into an in depth review of each Router State, along with a Timers section worked into the Active State section!
Preemption is not completely reviewed in this post, but for context to the mentions during the HSRP states, Preemption being enabled on a Router allows it to take over as the Active Router if it has a higher Priority Value than the Active Router at any time when part of the network.
More on Preemption in the following HSRP post!
HSRP States over view and then an in depth review
Below is a high level overview of the Transition States and what they mean:
- Disabled – Technically the first state HSRP is in, as HSRP is disabled on a Cisco switch by default, this state means HSRP is disabled / not running
- Initial (INIT) – This is the initial startup state upon entering the HSRP configuration command, HSRP is not yet running
- Learn – Indicates no Virtual IP is configured or has yet been detected from an Active Router from a Router Group member
- Listen – Router knows of Virtual IP Address but is not yet Active or Standby
- Speak – Router begins sending its own Hellos to participate in the Active / Standby router election
- Standby – The Router is designated to take over as Active Router, only one Standby Router type in any given Router Group, continues to send periodic Hellos
- Active – The Router is designated as the Active Router, handles all traffic forwarded to the Virtual Router IP / MAC, sends out periodic Hellos
For a more detailed look at all these, below will be each state reviewed to the extent needed for exam day, and possibly beyond.
Disabled state is exactly as it sounds, HSRP is disabled, this HSRP State can only be seen when actually removing the member from a Router Group by negating it at interface level:
SW1(config-if)#no standby 10 ip 10.0.10.254
SW1(config-if)#
*Mar 1 00:26:46.913: %HSRP-5-STATECHANGE: Vlan10 Grp 10 state Standby -> Disabled
*Mar 1 00:26:46.913: %HSRP-5-STATECHANGE: Vlan10 Grp 10 state Standby -> Disabled
To verify the disabled state, you can either confirm it with “sh run int vlan #” to verify if any standby configuration is present per interface, or just “sh standby” to see if the HSRP instance in question is running on the Router:
SW3#sh standby
SW3#
This HSRP is globally enabled, whereas on exam day it may be asked in the context of a specific Router Group #, which if it is not enabled / running for the specific Router Group then it is in a Disabled state!
Initial state is the first state that HSRP transitions into once the configuration command is entered, as it is only seen if “sh standby” is issued immediately after entering the configuration on the interface:
SW3(config-if)#standby 10 ip 10.0.10.254
SW3(config-if)#do sh standby
Vlan10 – Group 10
State is Init (if min delay, 0 secs remaining)
Virtual IP address is 10.0.10.254
In researching cases that a Router might become “stuck in init” with HSRP, it is limited to IOS bugs published on Cisco’s website, so there is not a whole lot to test around this state.
This is also seen when the SVI with the HSRP configuration is shutdown from both the console output and in “show standby” output:
SW2(config)#int vlan 10
SW2(config-if)#shut
SW2(config-if)#
*Mar 1 00:07:13.087: %HSRP-5-STATECHANGE: Vlan10 Grp 10 state Standby -> Init
*Mar 1 00:07:13.087: %HSRP-5-STATECHANGE: Vlan10 Grp 10 state Standby -> Init
SW2(config-if)#do sh standby
Vlan10 – Group 10
State is Init (interface down)
This is pretty straight forward as the output tells you exactly what the issue is in “sh standby” output, this can also be seen when the Router is reloaded in console output:
SW2#reload
Proceed with reload? [confirm]
*Mar 1 00:30:15.839: %SYS-5-RELOAD: Reload requested by console. Reload Reason: Reload command.
*Mar 1 00:30:15.907: %HSRP-5-STATECHANGE: Vlan10 Grp 10 state Active -> Init
*Mar 1 00:30:15.907: %HSRP-5-STATECHANGE: Vlan10 Grp 10 state Active -> Init
This can also be an issue if the Layer 3 interface becomes available due to a physical issue with a Layer 3 Routed Interface (no switchport) becomes physically unavailable, or a Layer 3 EtherChannel / Port-Channel interface encounters an error (Misconfig Guard).
Those are all scenarios that should be understood for exam day, again, easy points!
Learn state is a state that will only be seen in “sh standby” output if an HSRP Router Group is configured without a Virtual Router IP Address defined, as seen in my previous post of a basic HSRP configuration with the bare bones config.
In this state the Router is waiting for a Hello specifically from the Active Router, which will provide it with HSRP information such as Virtual Router IP Address / Active and Standby Router information, and if everything is working should immediately transition into the idle or “Listen” state after receiving this information.
Stuck in Learn may be encountered for any of the following reasons:
- There is no Active Router for the specific Router Group
- If the Active Router is not reachable from the local Router
- If Authentication is configured, but is unable to authenticate the Hello
So if a Router is stuck in a Learn state, there is either an Authentication or an Active Router reachability issue, verified with “sh standby” or “sh int” on the SVI / L3 int / etc.
Listen state is the state a Router goes into when it is not an Active or Standby Router, in which it Listens for Hellos from both the Active and Standby Routers, but it does not send Hellos as only the Active and Standby Routers send Hellos in the Router Group.
The “sh standby” output shows the State, along with the Active / Standby Router info:
SW1#sh standby
Vlan10 – Group 10
State is Listen
4 state changes, last state change 00:00:42
Virtual IP address is 10.0.10.254
Active virtual MAC address is 0000.0c07.ac0a
Local virtual MAC address is 0000.0c07.ac0a (v1 default)
Hello time 3 sec, hold time 10 sec
Preemption disabled
Active router is 10.0.10.2, priority 100 (expires in 8.896 sec)
Standby router is 10.0.10.3, priority 100 (expires in 9.936 sec)
Priority 100 (default 100)
Group name is “hsrp-Vl10-10” (default)
SW1#
This state can be summed up with output of “debug hsrp” shown here:
SW1#debug standby
HSRP debugging is on
SW1#
*Mar 1 00:52:34.192: HSRP: Vl10 Grp 10 Hello in 10.0.10.3 Active pri 100 vIP 10.0.10.254
*Mar 1 00:52:34.485: HSRP: Vl10 Grp 10 Hello in 10.0.10.2 Standby pri 100 vIP 10.0.10.254
SW1#
*Mar 1 00:52:36.842: HSRP: Vl10 Grp 10 Hello in 10.0.10.3 Active pri 100 vIP 10.0.10.254
*Mar 1 00:52:36.943: HSRP: Vl10 Grp 10 Hello in 10.0.10.2 Standby pri 100 vIP 10.0.10.254
(ETC)
It receives a Hello every 3 seconds (roughly) from both the Active and Standby Routers, and continues that way, waiting to transition into an Active / Standby state.
Upon the Active Router being reloaded, it triggers the transitions for SW1 into an election state immediately as seen in a partial debug snip shown here:
SW3#reload
Proceed with reload? [confirm]
ASR#1
[Resuming connection 1 to sw1 … ]
*Mar 1 00:53:50.612: HSRP: Vl10 Grp 10 Listen: i/Resign rcvd (100/10.0.10.3)
*Mar 1 00:53:50.612: HSRP: Vl10 Grp 10 Active router is unknown, was 10.0.10.3
*Mar 1 00:53:50.612: HSRP: Vl10 Nbr 10.0.10.3 no longer active for group 10 (Listen)
*Mar 1 00:53:50.612: HSRP: Vl10 Nbr 10.0.10.3 Was active or standby – start passive holddown
SW1#
*Mar 1 00:53:50.612: HSRP: Vl10 Grp 10 Listen -> Speak
It goes on to Elect SW2 as the Active Router because it’s SVI interface has the higher IP of the two, however once SW3 boots up from the reload it automatically takes back over:
SW1#sh standby
Vlan10 – Group 10
State is Listen
24 state changes, last state change 00:14:41
Virtual IP address is 10.0.10.254
Active virtual MAC address is 0000.0c07.ac0a
Local virtual MAC address is 0000.0c07.ac0a (v1 default)
Hello time 3 sec, hold time 10 sec
Preemption disabled
Active router is 10.0.10.2, priority 100 (expires in 10.208 sec)
Standby router is 10.0.10.3, priority 100 (expires in 8.096 sec)
Priority 100 (default 100)
Group name is “hsrp-Vl10-10” (default)
ONE VERY IMPORTANT CONCEPT FROM THE ABOVE OUTPUT:
SW3 did NOT become the Active Router again upon coming back online, but it DID become the Standby Router for Router Group 10!
This is because the Active Router can only be over-thrown by a Router Group member if it leaves the Group and comes back online (like with a reload), or if a member is configured with Preemption and a higher Priority value.
Even with Preemption enabled, a higher IP Address will not over-throw the Active Router, it MUST have a higher Priority value for Preemption to work.
Preemption will be covered in detail as well coming up in its own section.
To summarize the Listen state:
- The local Router has an Active and Standby Router defined / has undergone the election process for the Active / Standby Router
- The local Router only Listens for Hellos, does not send any Hello Traffic unless it transitions into Speak State to participate in a new election
- Cannot become the Active Router unless both the Active and Standby Routers both go offline simultaneously, as the Listen state implies there is already a Standby Router waiting to become the Active Router!
Easy points on exam day!
Speak state is the the state that a Router enters during both the initial election upon booting up, and when an Active / Standby Router goes offline, this state is specific to the election process and will only stay in this state until it is set to either Active / Standby / Listen.
I won’t go into the entire Hello transaction in the election process between Routers, but it is important to note with this HSRP state that a Router MUST have a Virtual IP Address configured for the Standby Group otherwise it will remain in a “Learn” state.
The important detail for exam day on this state, is if there is no Virtual IP assigned for the Router Group, it cannot enter into a Speak state / participate in the Active / Standby Router election process!
Active state is entered when a Router is elected the Active Router first by the Priority value assigned to the Router Group configuration, default value of Priority is 100, if all Priority values among group members are equal then the Router with the highest local IP configured on an interface active in the HSRP Router Group.
For example, all Priority values being equal, SW3 has been elected Active Router each time as the tie breaker because it is assigned with the IP 10.0.10.3 on its SVI interface.
I configured int Lo200 on SW1 with IP Address 200.200.200.200/32, and reloaded all 3 switches, and when they came back online “show standby” confirmed this:
SW1#sh standby
Vlan10 – Group 10
State is Listen
Virtual IP address is 10.0.10.254
Active virtual MAC address is 0000.0c07.ac0a
Local virtual MAC address is 0000.0c07.ac0a (v1 default)
Hello time 3 sec, hold time 10 sec
Preemption enabled
Active router is 10.0.10.2, priority 100 (expires in 9.072 sec)
Standby router is 10.0.10.3, priority 100 (expires in 9.056 sec)
Priority 100 (default 100)
Group name is “hsrp-Vl10-10” (default)
SW1#
Even if the Priority is lowered on the Active Router to be lower than the Priority of the Standby Router while it is Active, it will not cause the Standby Router to take over, unless Preemption is configured on the Standby Router!
Quick Review of HSRP Timers, as the Active Router provides Timer info to group!
As seen here on SW1, I can configure the timers for Router Group 10, but “sh standby” output confirms that though it is configured locally, doesn’t mean it will be used:
SW1(config-if)#standby 10 ?
authentication Authentication
follow Name of HSRP group to follow
ip Enable HSRP IPv4 and set the virtual IP address
name Redundancy name string
preempt Overthrow lower priority Active routers
priority Priority level
timers Hello and hold timers
track Priority tracking
SW1(config-if)#standby 10 timer ?
<1-254> Hello interval in seconds
msec Specify hello interval in milliseconds
SW1(config-if)#standby 10 timers ?
<1-254> Hello interval in seconds
msec Specify hello interval in milliseconds
SW1(config-if)#standby 10 timers 10 ?
<11-255> Hold time in seconds
SW1(config-if)#standby 10 timers 10 30 ?
<cr>
SW1(config-if)#standby 10 timers 10 30
SW1(config-if)#
One thing to note about the Hold Time when configuring is the Minimum value will dynamically adjust to be 1 increment higher in value than the Hello time preceding it:
SW1(config-if)#standby 10 timers 1 ?
<2-255> Hold time in seconds <—- Note that it is different than above!
SW1 is in Listen State, so it is provided the Timer information from the Active Router (which is the timers configured on the Active Router), as seen in “show standby” output:
SW1(config-if)#do sh standby
Vlan10 – Group 10
State is Listen
Virtual IP address is 10.0.10.254
Active virtual MAC address is 0000.0c07.ac0a
Local virtual MAC address is 0000.0c07.ac0a (v1 default)
Hello time 3 sec (cfgd 10 sec), hold time 10 sec (cfgd 30 sec)
Preemption enabled
Active router is 10.0.10.2, priority 100 (expires in 8.032 sec)
Standby router is 10.0.10.3, priority 100 (expires in 8.800 sec)
Priority 100 (default 100)
Group name is “hsrp-Vl10-10” (default)
This can also be used to determine that the local Router is NOT the Active Router for the Router Group, may be useful in a troubleshooting or output question on exam day!
I won’t bother to configure the msec configuration, but so the output can be referenced in these notes at a later time:
SW1(config-if)#standby 10 timers ?
<1-254> Hello interval in seconds
msec Specify hello interval in milliseconds
SW1(config-if)#standby 10 timers msec ?
<15-999> Hello interval in milliseconds
SW1(config-if)#standby 10 timers msec 100 ?
<1-255> Hold time in seconds
msec Specify hold time in milliseconds
SW1(config-if)#standby 10 timers msec 100 msec ?
<50-3000> Hold time in milliseconds
SW1(config-if)#standby 10 timers msec 100 msec 50
The local Router will still have its time provided by the Active Router, but I wanted to note that with msec configuration, the Hello and Hold values can either by seconds or milliseconds independently – The hold time values dynamically change to ensure that it cannot be configured lower than the Hello timer.
The lowest recommended values for HSRP Hello / Hold timers is 1 / 4 seconds.
Back to the HSRP Active state, the only way to over-throw the Active Router as mentioned previously is by enabling Preemption and raising the Priority value of member, or the Router leaves the Router Group (and re-joins without a Higher Priority / Preemption enabled).
Preemption will be covered in a following post, where it will be reviewed in depth!
Standby state does not have too much depth to it beyond what has already been discussed, it is basically the elected Backup Router if the Active becomes unavailable, and is elected again based upon the criteria of highest Priority value and highest IP configured on the Layer 3 interface of the local Router.
As demonstrated in the Listen state section, the Standby Router CAN be overthrown WITHOUT Preemption being enabled, it can be over-thrown by any Router with a higher Priority value or configured IP Address on the HSRP interface.
It also is provided its Hello / Hold timers by the Active router as well, and it holds no sway over the behavior of non-Active/Standby Router Group members.
And that is it for HSRP States!
I wanted to get some other concepts into this post, but HSRP Router states covered a lot of ground with behaviors once I got into labbing, so next post will be some configuration to manipulate the HSRP Group to achieve Load-Balancing and use Preemption to change Active and Standby Routers!
The DEVNET GRIND! 