By certskills December 21, 2015 09:05

#HSRP solves one of many design issues by avoiding a single point of failure in a network by having two or more routers share the role of default gateway in a subnet. This lab takes a look at a basic HSRP config, for the usual reason: to get some reps in for practicing basic CCNA configs.


Configure HSRP on R1 and R2 for a typical case of HSRP, providing a redundant default gateway for PC1 in the figure. The lab begins with all interfaces shown in Figure 1 working, and with IPv4 addresses configured. You can use the design in Figure 1 or Figure 2; on the LAN, just make sure both routers and both hosts are in the same VLAN and can ping each other. For this lab, you will focus on the router configurations, not the switch configurations.

Your job is to add the HSRP configuration per the following rules:

  • Use the lowest available IP address in the shared subnet for the HSRP virtual IP address
  • Use the HSRP group number 10
  • Make R2 act as HSRP active under normal conditions
  • Use only the required commands

Figure 1: HSRP Design, One LAN Switch

Figure 2: HSRP Design, Two LAN Switches


Initial Configuration

Example 1 and 2 show the beginning configuration state of R1 and R2.


Example 1: R1 Config

Example 2: R2 Config


Additionally, note that the switches need to create a working VLAN so that both routers’ G0/1 interfaces and both PCs can communicate over that VLAN. If you built the lab like Figure 1, with a single switch, the switch could have all default configuration, with all devices in VLAN 1. With two switches, if you use VLAN 1, you should be fine with default configuration regardless. Examples 3 and 4 provide some initial configuration in case you need to use another VLAN (VLAN 2) instead of VLAN 1, and you need to ensure that VLAN trunking is used.

Example 3: SW1 Config

Example 4: SW2 Config


Answer on Paper, or Maybe Test in Lab

Next, write your answer on paper. Or if you have some real gear or other tools, configure the lab using them.

Verifying HSRP can be done with a command and a little testing. To verify, use the show standby brief command on both routers. One router should be in a state of “Active”, the other as “Standby”. Both should list the same virtual IP address.

For testing, if you have a host, change its default gateway to the HSRP IP address. Then start a long-running ping command on your host for one of the IP addresses on the link between the two routers that sits in another subnet ( or This ping should work no matter which router acts as HSRP active. Start the ping, go to the router that is currently active, and shutdown the G0/1 interface. HSRP should failover to the other router, your ping command should have a brief interruption, and then the ping should start working again.

To create a long-running ping, on Windows, add a –t to the end of the ping command. On OSX and Linux, the ping command needs no extra parameters – it should run until you stop it (Ctrl-c).


Do this Lab with Cisco’s CML (Formerly VIRL)

You can do these labs on paper and still get a lot out of the lab. As an extra help, we have added files for Cisco Modeling Lab – Personal (CML-P). CML-P replaces Cisco Virtual Internet Routing Lab (VIRL) software, in effect serving as VIRL Version 2.

Below, find two files: a file useful with CML-P and another useful with VIRL. (Note that the CML-P file has a .yaml filetype, while the older VIRL file has a VIRL filetype.) Once the file is loaded, CML-P or VIRL will create a lab topology similar to this lab’s topology, with the initial configuration shown in the lab as well.

This lab’s CML file!

This lab’s VIRL file!

Note that while many Cisco switches no longer support ISL as a trunking protocol, the layer 2 switch image in CML/VIRL does, so it needs to be configured to know whether to use ISL or 802.1Q. The lab exercise does not mention this fact. So, FYI, the .YAML/.VIRL file includes this command (already configured) so trunking will work:


Network Device Info

This table lists the interfaces changed in this lab to work well in CML/VIRL.

Device Lab Port CML/VIRL Port
SW1 F0/2 G0/2
SW1 F0/1 G0/3
SW2 F0/2 G0/2
SW2 F0/1 G0/3


Host device info:

This table lists host information pre-configured in CML/VIRL, information that might not be required by the lab but may be useful to you.

Device IP Address Mac Address User/password
PC1 02:00:11:11:11:11 cisco/cisco
PC2 02:00:22:22:22:22 cisco/cisco


Handy Host Commands:

To see PC IP address: ifconfig eth1

Ping example: ping -c 4

Trace example: tracepath

To connect to another node within the topology: telnet




Think. Config. Config Labs
Answers: HSRP 1
By certskills December 21, 2015 09:05
Write a comment


  1. Markus May 5, 06:01

    Hi Wendell

    I tried this lab in CML and had some issues.
    After a little searching I found the problem…
    the netmask of interface Gi0/1 on R2 isn’t correctly configured in the CML file: instead of


    Reply to this comment
    • certskills Author May 7, 14:06

      Hey Markus,
      I agree! I’ve moved the task to effect the fix into Trello; should be fixed in a few days. Thanks much for letting us know!

      Reply to this comment
  2. Denis Xenos February 5, 14:01

    Hi Wendel,

    These labs are from 2015. Im studying for the 200-301 verison of the CCNA. In Chapter 12 there is no mention of you configuring HSRP, just concepts.

    Do we need to learn how to configure HSRP for the 200-301 exam? If so i can create these labs in packet tracer.

    Please let me know.

    Thank you,

    Reply to this comment
    • certskills Author February 5, 16:47

      Hi Denis,
      When thinking about the scope of the current CCNA exam, trust the book, not the sum total of the blog content. As you noticed, some blog content pre-dates the release of current exams. That content was built based on older editions of the exams. Some of those posts can be useful, so I leave the useful content here for a while. But no, the exam topic that implies HSRP, about FHRPs, does not mention config/verify.

      Reply to this comment
      • Chris May 17, 05:23

        Can I ask a question about qos? There’s no mention of it in the last section.

        Reply to this comment
        • Wendell Odom May 17, 08:59

          Sure, Chris, go for it. (PS – last section of what?)

          Reply to this comment
          • Chris May 18, 10:22

            I meant the qos section. In book 2, Ch.11, Q.3 asks about diffserv but I can’t find where the 3 answers are given in the chapter.

          • Wendell Odom May 19, 10:10

            Got it. Sorry about my confusion.
            Anyway, I think I had answered you here already in an earlier comment on May 16th. Here’s the paragraph about where to find more info about those answers:

            Look at the material just before Figure 11-4, and following for about 3 pages for the related content. EG, under heading “Classification on Routers with ACLs and NBAR” discusses a couple of the answers. Admittedly, the discussion of matching (aka classifying) based on DSCP is brief, just before Figure 11-4, and maybe alluded to in later examples. That might be an expert blindspot that you revealed, where I assumed it was obvious (but it wouldn’t necessarily be for someone new to the topic.) Feel free to let me know if that’s what you found confusing.

            Indeed, feel free to follow up, but that’s where the chapter covers those answers.

  3. Chris May 22, 10:36

    Thanks Wendell. That’s what I found confusing and because it specifically mentioned Diffserv.

    Reply to this comment
    • Wendell Odom May 23, 13:41

      Hope that at least cleared it up a bit. Thanks for the input on that confusing sequence. I’ve noted it as something to improve.
      On connecting the terminology dots, in DSCP, “Differentiated Services Code Point”, the first two words are the two words that compress to DiffServ. I probably didn’t overtly connect those ideas in the text.

      Reply to this comment
View comments

Write a comment

Leave a Reply to Markus Cancel reply