subnet, the active router is forwarding all the packets off that subnet while the standby router is not forwarding any packets. To facilitate load sharing, a single router may be a member of multiple HSRP groups on the same segment. Multiple standby groups further enable redundancy and load sharing. While a router is actively forwarding traffic for one HSRP group, the router can be in standby or listen state for another group. Each standby group emulates a single virtual router. There can be up to 255 standby groups on any LAN, but the maximum number of standby groups need be no more than the number of routers on a segment. In most cases, two standby groups are sufficient. CAUTION: Increasing the number of groups in which a router participates increases the load on the router, which can impact the router’s performance. In Figure , both router A and B are members of groups 1 and 2. Router A is the active forwarding router for group 1 and the standby router for group 2. Router B is the active forwarding router for group 2 and the standby router for group 1. The following example shows how multiple HSRP groups can be configured on the same segment to facilitate load sharing. To be useful, half the hosts on the segment need to use 172.16.10.110 as a default gateway, while the other half need to use 172.16.10.120. RouterA#show running-config
Building configuration...

Current configuration:
!
<output omitted>
interface Vlan10
ip address 172.16.10.32 255.255.255.0
no ip redirects
standby 1 priority 150
standby 1 ip 172.16.10.110
standby 2 priority 50
standby 2 ip 172.16.10.120 RouterB#show running-config
Building configuration...

Current configuration:
!
<output omitted>
interface Vlan10
ip address 172.16.10.33 255.255.255.0
no ip redirects
standby 1 priority 50
standby 1 ip 172.16.10.110
standby 2 priority 150
standby 2 ip 172.16.10.120 RouterA#show standby brief
P indicates configured to preempt.
|
Interface Grp Prio P State Active Standby Virtual IP
Vl10 1 150 Active local 172.16.10.33 172.16.10.110
Vl10 2 50 Standby 172.16.10.33 local 172.16.10.120 Routers can simultaneously provide redundant backup and perform load sharing across different IP subnets. In Figure , two HSRP-enabled routers participate in two separate VLANs, using ISL or 802.1Q. Running HSRP over trunks allows users to configure redundancy among multiple routers that are configured as front ends for VLAN IP subnets. By configuring HSRP over trunks, users can eliminate situations in which a single point of failure causes traffic interruptions. This feature provides some improvement in overall networking resilience by providing load balancing and redundancy capabilities between subnets and VLANs. For a VLAN, configure the same device to be both the spanning tree root and the HSRP active router. This approach ensures that the Layer 2 forwarding path leads directly to the Layer 3 active router, thereby achieving maximum load balancing efficiency on the routers and trunks. A standby group, an IP address, and a single well-known MAC address with a unique group identifier should be allocated to the group for each VLAN. Although up to 255 standby groups can be configured, the number of group identifiers used should be kept to a minimum. If you are configuring two distribution layer switches, you typically need only two standby group identifiers. The following example shows how multiple HSRP groups can be configured on two HSRP-enabled routers participating in two separate VLANs RouterB#show running-config
Building configuration...

Current configuration:
!
<output omitted>
interface Vlan10
ip address 172.16.10.32 255.255.255.0
no ip redirects
standby 1 priority 150
standby 1 ip 172.16.10.110
interface Vlan20
ip address 172.16.20.32 255.55.255.0
no ip redirects
standby 2 priority 50
standby 2 ip 172.16.20.120

RouterB#show running-config
Building configuration...

Current configuration:
!
<output omitted>
interface Vlan10
ip address 172.16.10.33 255.255.255.0
no ip redirects
standby 1 priority 50
standby 1 ip 172.16.10.110
interface Vlan20
ip address 172.16.20.33 255.255.255.0
no ip redirects
standby 2 priority 150
standby 2 ip 172.16.20.120

---

Content 5.2 Optimizing HSRP 5.2.4 HSRP Debug Commands The commands in Figure are used to debug HSRP operations. Figure describes the debug commands.

---

Content 5.2 Optimizing HSRP 5.2.5 Debugging HSRP Operations The Cisco IOS implementation of HSRP supports the debug command, which displays HSRP state changes and information regarding the transmission and receipt of HSRP packets. To enable HSRP debugging, enter the following command in privileged EXEC mode: Switch#debug standby Figure provides a description of debug standby fields. CAUTION: Because debugging output is assigned high priority in the CPU process, this command can render the system unusable. Example: Debugging with Two Active Routers The example in Figure displays output on distribution router 1DSW1. Router 1DSW1 is also receiving an HSRP hello from 172.16.1.112 for the same VLAN and same virtual IP address but with a different standby group number. Hence, both routers are active for the same virtual IP address. The debug standby command is being used to troubleshoot the problem. The standby group number is not consistent, so the two routers have not formed a standby group. Example: Debugging Active Router Negotiation This example displays the debug standby command output as the 1DSW1 router with IP address 172.16.1.111 initializes and negotiates for the role of active router. *Mar 8 20:34:10.221: SB11: Vl11 Init: a/HSRP enabled
*Mar 8 20:34:10.221: SB11: Vl11 Init -> Listen
*Mar 8 20:34:20.221: SB11: Vl11 Listen: c/Active timer expired (unknown)
*Mar 8 20:34:20.221: SB11: Vl11 Listen -> Speak
*Mar 8 20:34:20.221: SB11: Vl11 Hello out 172.16.11.111 Speak pri 100 ip 172.16.11.115
*Mar 8 20:34:23.101: SB11: Vl11 Hello out 172.16.11.111 Speak pri 100 ip 172.16.11.115
*Mar 8 20:34:25.961: SB11: Vl11 Hello out 172.16.11.111 Speak pri 100 ip 172.16.11.115
*Mar 8 20:34:28.905: SB11: Vl11 Hello out 172.16.11.111 Speak pri 100 ip 172.16.11.115
*Mar 8 20:34:30.221: SB11: Vl11 Speak: d/Standby timer expired (unknown)
*Mar 8 20:34:30.221: SB11: Vl11 Standby router is local
*Mar 8 20:34:30.221: SB11: Vl11 Speak -> Standby
*Mar 8 20:34:30.221: SB11: Vl11 Hello out 172.16.11.111 Standby pri 100 ip 172.16.11.115
*Mar 8 20:34:30.221: SB11: Vl11 Standby: c/Active timer expired (unknown)
*Mar 8 20:34:30.221: SB11: Vl11 Active router is local
*Mar 8 20:34:30.221: SB11: Vl11 Standby router is unknown, was local
*Mar 8 20:34:30.221: SB11: Vl11 Standby -> Active
*Mar 8 20:34:30.221: %STANDBY-6-STATECHANGE: Vlan11 Group 11 state Standby -> Active
*Mar 8 20:34:30.221: SB11: Vl11 Hello out 172.16.11.111 Active pri 100 ip 172.16.11.115 To disable the debugging feature, use either the no debug standby or the no debug all command. Example: Debugging First and Only Router on Subnet Because 1DSW1 (172.16.11.111) is the only router on the subnet, and it is not configured for preempt, it goes through five HSRP states before becoming the active router. Notice that at Mar 8 20:34:10.221 the interface comes up, and 1DSW1 enters the listen state. The router stays in listen state for a hold time of 10 seconds. 1DSW1 then goes into speak state at Mar 8 20:34:20.221 for 10 seconds. When the router is speaking, it sends its state out every 3 seconds, according to its hello interval. After 10 seconds in speak state, the router has determined that there is no standby router and enters the standby state at Mar 8 20:34:30.221. The router has also determined that there is not an active router;