13 Feb

Cisco HSRP version 2

I’m now revisiting the IOS Services as part of my CCIE study, so yesterday I discovered HSRP version 2. The default version is 1, and without the standby version 2 command, we can’t really see the new parameters using the “?”.

So, we have some exciting new features, as stated here:

  • In HSRP version 1, millisecond timer values are not advertised or learned. HSRP version 2 advertises and learns millisecond timer values. This change ensures stability of the HSRP groups in all cases. – This means, we can archive sub sec. convergence:

003056: .Feb 13 09:58:24.623: HSRP: Fa0/0.146 Grp 1024 Hello  out Standby pri 110 vIP
003057: .Feb 13 09:58:24.815: HSRP: Fa0/0.146 Grp 1024 Hello  in Active  pri 200 vIP
003058: .Feb 13 09:58:25.427: HSRP: Fa0/0.146 Grp 1024 Hello  out Standby pri 110 vIP
003059: .Feb 13 09:58:25.607: HSRP: Fa0/0.146 Grp 1024 Hello  in Active  pri 200 vIP

  • In HSRP version 1, group numbers are restricted to the range from 0 to 255. HSRP version 2 expands the group number range from 0 to 4095. – I always wanted to map the VLAN IDs to the standby group IDs. Well, here we go.
  • HSRP version 2 provides improved management and troubleshooting. With HSRP version 1, you cannot use HSRP active hello messages to identify which physical router sent the message because the source MAC address is the HSRP virtual MAC address. The HSRP version 2 packet format includes a 6-byte identifier field that is used to uniquely identify the sender of the message. Typically, this field is populated with the interface MAC address.
  • The multicast address is used to send HSRP hello messages. This address can conflict with Cisco Group Management Protocol (CGMP) leave processing.
    There is also a cool feature regarding Router-on-the-stick implementations. With the HSRP follow feature we can configure groups to follow a master group. This sound great if you have a lot of sub interfaces on the upstream routers, operated in HA environment.
    An example configuration:

Rack1R6#srs FastEthernet
interface FastEthernet0/0
no ip address

interface FastEthernet0/0.67
encapsulation dot1Q 67
ip address
ntp multicast
standby version 2
standby 2048 ip
standby 2048 follow TEST
standby 2048 preempt

interface FastEthernet0/0.146
encapsulation dot1Q 146
ip address
standby version 2
standby 1024 ip
standby 1024 timers msec 800 3
standby 1024 priority 110
standby 1024 preempt
standby 1024 authentication md5 key-string CISCO123
standby 1024 name TEST


Rack1R6#sh standby fastEthernet 0/0.67 all
FastEthernet0/0.67 – Group 2048 (version 2)
  State is Active (following "TEST")
    4 state changes, last state change 00:13:02
  Virtual IP address is
  Active virtual MAC address is unknown
    Local virtual MAC address is 0000.0c9f.f800 (v2 default)
  MAC refresh 10 secs (next refresh 3.104 secs)
  Preemption enabled
  Active router is local
  Standby router is unknown
  Priority 100 (default 100)
  Group name is "hsrp-Fa0/0.67-2048" (default)
  Following "TEST"

Rack1R6#sh standby brief
                     P indicates configured to preempt.
Interface   Grp  Pri P State   Active          Standby         Virtual IP
Fa0/0.146   1024 110 P Active  local