Help:Contents

From Networking-forum.com/wiki

Jump to: navigation, search

HSRP is a Cisco only protocol that basically lets multiple routers share the same IP. So if a router that acts as a default gateway dies another router can pick up that IP and the clients (computers/phones/ect) will stay up.

HSRP has 2 states that it uses often Active and Standby. Active is the router that's currently using the shared IP address, Standby is the IP that's waiting to see if it needs to take over that IP

The GroupID is referenced by standby # with the # being the group ID

HSRP's shared IP address uses the mac address 0000.0C07.ACXX where XX is the group ID in hex.

The HSRP routers send out hello messages to 224.0.0.2 on UDP port 1985.

Lets look at a configured HSRP port. 

interface Vlan10
ip address 10.10.10.2 255.255.255.0
standby 0 ip 10.10.10.1
standby 0 priority 250
standby track GigabitEthernet1/1 25
standby 0 preempt
standby 0 authentication md5 key-chain HSRP-key
end

The standby 0 ip 10.10.10.1 - is the IP this router is sharing

The standby 0 priority 250 - Means that this router has a priority of 250. The priority goes from 0-255, the higher priority is the active router, in the event of a tie the router with the higher IP becomes the Active HSRP router.

standby track GigabitEthernet1/1 25 - This makes it so that if gi1/1 goes down the priority of this router will go down by 25, this number can go from 1-255

standby 0 preempt - This makes it so the router will take over the IP address and become the active router if it sees it is the highest priority, by default it will just sit there and as long as it's getting hellos with a lower priority and stay in standby mode.

standby 0 authentication md5 key-chain HSRP-key - This goes along with some other lines in the config 

key chain HSRP-key
key 0
 key-string 7 THISISAKEY

This is a tricky one, by default HSRP just looks for hellos going to 224.0.0.2 and assumes that it's suppose to be there making it a WONDERFUL way to do a legitimate man in the middle attack. Just send out some hellos and you become the default gateway and everyone agrees your the default gateway since your not spoofing it. What this set of commands does is makes sure the other side knows the same key information. If the other router doesn't have the key "THISISAKEY" the HSRP won't accept it as a neighbor.

For more info you can check http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a0080094afd.shtml

Packet captures for this protocol are available at http://packetlife.net/captures/protocol/hsrp/

Retrieved from "http://www.networking-forum.com/wiki/Help:Contents"