10 Hot Standby Router Protocol Interview Questions and Answers

Hot Standby Router Protocol (HSRP) is a Cisco proprietary redundancy protocol designed to ensure high network availability by providing failover capabilities. HSRP allows for the seamless transfer of routing responsibilities from one router to another in the event of a failure, thereby minimizing network downtime and ensuring continuous service. This protocol is crucial for maintaining robust and resilient network infrastructures, especially in environments where uptime is critical.

This article offers a curated selection of HSRP-related interview questions and answers to help you prepare effectively. By familiarizing yourself with these questions, you will gain a deeper understanding of HSRP’s mechanisms and be better equipped to demonstrate your expertise in network redundancy and failover strategies during your interview.

Hot Standby Router Protocol Interview Questions and Answers

1. What is HSRP and how does it work?

HSRP (Hot Standby Router Protocol) is a Cisco proprietary protocol designed to ensure high availability of the default gateway for hosts on a local subnet. It allows multiple routers to present a single virtual router to the network. HSRP designates one router as the active router and another as the standby router. The active router forwards packets sent to the virtual router’s IP address. If the active router fails, the standby router takes over, ensuring continuous network availability.

Key components of HSRP include:

• Virtual IP Address: The IP address that hosts use as their default gateway.
• Virtual MAC Address: The MAC address associated with the virtual IP address, ensuring seamless failover.
• Active Router: The router currently forwarding packets to the virtual IP address.
• Standby Router: The router that takes over if the active router fails.
• HSRP Priority: A value used to determine which router should be the active router. The router with the highest priority becomes the active router.
• HSRP Timers: Timers that control the interval between hello messages and the time a router waits before assuming the active role.

HSRP routers communicate using multicast hello messages to inform each other of their status. If the standby router stops receiving hello messages from the active router, it assumes the active router has failed and takes over.

2. Explain the different states in the HSRP state machine.

HSRP consists of several states that a router can be in during the process:

• Initial State: The starting state for all HSRP routers, waiting to be configured.
• Learn State: The router waits to hear from the active router to determine the virtual IP address.
• Listen State: The router knows the virtual IP address but is neither active nor standby. It listens for Hello messages.
• Speak State: The router sends periodic Hello messages and participates in the election of the active or standby router.
• Standby State: The router is a candidate to become the next active router, monitoring Hello messages from the active router.
• Active State: The router is currently forwarding packets to the virtual IP address, sending periodic Hello messages.

3. How do you configure HSRP on a Cisco router? Provide a sample configuration.

Here is a sample configuration to set up HSRP on a Cisco router:

interface GigabitEthernet0/1
 ip address 192.168.1.2 255.255.255.0
 standby 1 ip 192.168.1.1
 standby 1 priority 110
 standby 1 preempt
 standby 1 authentication md5 key-string myHSRPkey

In this configuration:

• The standby 1 ip 192.168.1.1 command sets the virtual IP address for the HSRP group.
• The standby 1 priority 110 command sets the priority of the router. The router with the highest priority becomes the active router.
• The standby 1 preempt command allows the router to take over as the active router if it has a higher priority than the current active router.
• The standby 1 authentication md5 key-string myHSRPkey command sets an authentication key to secure HSRP communications.

4. What are the default HSRP priority values, and how can they be changed?

The default priority value for HSRP is 100. HSRP uses priority values to determine which router should be the active router in a standby group. The router with the highest priority value becomes the active router. If two routers have the same priority, the router with the higher IP address becomes the active router.

To change the HSRP priority value, you can use the following command in the router’s interface configuration mode:

standby <group-number> priority <priority-value>

For example, to set the priority to 150 for HSRP group 1, you would use:

standby 1 priority 150

5. Explain the preemption feature in HSRP and how to enable it.

The preemption feature in HSRP allows a router with a higher priority to take over the active role from a router with a lower priority. This ensures that the most capable router is always the active router.

To enable preemption in HSRP, configure the preempt command on the router with the higher priority. This command allows the router to take over the active role if it has a higher priority than the current active router.

Example:

Router(config)# interface GigabitEthernet0/1
Router(config-if)# standby 1 ip 192.168.1.1
Router(config-if)# standby 1 priority 110
Router(config-if)# standby 1 preempt

In this example, the router is configured with a priority of 110 and the preempt command is enabled.

6. How would you troubleshoot an HSRP flapping issue?

To troubleshoot an HSRP flapping issue, consider several potential causes and systematically diagnose the problem. HSRP flapping can occur due to various reasons such as misconfiguration, network congestion, hardware issues, or software bugs.

• Check HSRP Configuration: Ensure that the HSRP configuration on all routers is consistent. Verify that the HSRP group numbers, priority values, and timers are correctly configured.
• Network Congestion: High network traffic can cause HSRP packets to be delayed or dropped, leading to flapping. Monitor the network traffic and check for any signs of congestion or excessive broadcast traffic.
• Interface Issues: Verify the status of the interfaces participating in HSRP. Check for any errors, drops, or physical issues that might be causing instability.
• Hardware and Software: Ensure that the routers are running compatible and stable versions of the firmware. Check for any known bugs or issues related to HSRP in the current software version.
• HSRP Timers: Adjust the HSRP hello and hold timers to more appropriate values if they are set too aggressively. This can help in reducing the sensitivity to minor network issues.
• Redundancy and Load Balancing: Ensure that the network design provides adequate redundancy and load balancing to prevent a single point of failure from causing HSRP flapping.

7. Explain the significance of the HSRP timers and how to adjust them.

HSRP uses two main timers:

• Hello Timer: This timer determines how often the active and standby routers send hello packets to indicate their presence. The default hello timer is set to 3 seconds.
• Hold Timer: This timer determines the time a router will wait before assuming that the active router has failed if it does not receive a hello packet. The default hold timer is set to 10 seconds.

Adjusting these timers can help optimize the failover and recovery times in an HSRP setup. To adjust the HSRP timers, you can use the following commands in the router’s configuration mode:

interface <interface_name>
 standby <group_number> timers <hello_interval> <hold_interval>

For example, to set the hello timer to 1 second and the hold timer to 4 seconds for HSRP group 1 on interface GigabitEthernet0/1, you would use:

interface GigabitEthernet0/1
 standby 1 timers 1 4

8. Describe the security vulnerabilities associated with HSRP and how to mitigate them.

HSRP has several security vulnerabilities that can be exploited if not properly mitigated.

One of the primary vulnerabilities is the lack of authentication in HSRP messages. Without authentication, an attacker can send spoofed HSRP messages to manipulate the state of the routers, potentially causing a denial of service (DoS) or redirecting traffic through a malicious router. Another vulnerability is the susceptibility to replay attacks, where an attacker captures legitimate HSRP messages and replays them to disrupt network operations.

To mitigate these vulnerabilities, the following strategies can be employed:

• Enable HSRP Authentication: Use MD5 authentication to ensure that HSRP messages are exchanged only between trusted routers. This prevents unauthorized devices from participating in the HSRP group.
• Implement Access Control Lists (ACLs): Use ACLs to restrict HSRP traffic to only known and trusted devices. This limits the potential for spoofed HSRP messages from untrusted sources.
• Use Secure Management Practices: Ensure that network management interfaces are secured and that only authorized personnel have access to configure HSRP settings. This reduces the risk of internal threats.
• Monitor Network Traffic: Regularly monitor network traffic for unusual HSRP activity. Implementing network monitoring tools can help detect and respond to potential attacks promptly.

9. How do you verify HSRP configuration and status on a Cisco router?

To verify HSRP configuration and status on a Cisco router, you can use the following commands:

• show standby brief
  This command provides a summary of HSRP groups, including the interface, group number, priority, state, and virtual IP address.
• show standby
  This command gives detailed information about HSRP configuration and status, including timers, priority, preemption, and the state of each HSRP group.
• show standby [interface] [group]
  This command provides detailed information for a specific HSRP group on a specific interface.

Example:

Router# show standby brief
Interface   Grp  Pri  P State   Active          Standby         Virtual IP
Gi0/1       1    100  Active   local           10.1.1.2         10.1.1.1

Router# show standby
GigabitEthernet0/1 - Group 1
  State is Active
    2 state changes, last state change 00:00:20
  Virtual IP address is 10.1.1.1
  Active virtual MAC address is 0000.0c07.ac01
    Local virtual MAC address is 0000.0c07.ac01 (v1 default)
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 1.872 secs
  Preemption enabled
  Active router is local
  Standby router is 10.1.1.2, priority 90 (expires in 8.640 sec)
  Priority 100 (configured 100)
  Group name is "hsrp-Gi0/1-1" (default)

10. Describe the differences between HSRP version 1 and version 2.

There are two versions of HSRP: version 1 and version 2. Here are the primary differences between them:

• Multicast Address: HSRP version 1 uses the multicast address 224.0.0.2, while HSRP version 2 uses 224.0.0.102.
• Group Numbers: HSRP version 1 supports group numbers ranging from 0 to 255. In contrast, HSRP version 2 supports an extended range of group numbers from 0 to 4095.
• Timers: HSRP version 2 introduces millisecond timer values, providing more granular control over the timing of hello and hold timers.
• Virtual MAC Address: The format of the virtual MAC address differs between the two versions. HSRP version 1 uses the format 0000.0C07.ACxx, where xx is the HSRP group number in hexadecimal. HSRP version 2 uses the format 0000.0C9F.Fxxx, where xxx is the HSRP group number in hexadecimal.
• Authentication: Both versions support plain text and MD5 authentication, but HSRP version 2 provides enhanced authentication capabilities.