Fault tolerance: HSRP design and implementation on Cisco routers, from start to finish.

Building networks with fault tolerance in mind is one of the things that make you an experienced engineer. Service providers leverage on so many features available on network devices to create solutions that have the capacities to withstand disasters. One of such features is the Hot Standby Router Protocol, available on Cisco layer 3 devices. In this demonstration, I will share with us one of the real-live applications of HSRP on a network.
fault tollerence with HSRP

From the topology, we have a single ISP connection to our network with a /29 public subnet. To achieve fault tolerance, we have the link connected to a switch from where we have dual connections to two routers. The two routers may or may not be in the same building. If far apart, the connection will be established using fiber optic cables. The two routers are
further connected to the LAN switch via their f0/1 ports.

Our objective is to implement HSRP on the LAN ports of the two routers so that connectivity to the ISP will remain intact even when there is a fault to one of the routers.
Requirements: at least a /29 public subnet, two Cisco HSRP-enabled routers, two switches.


ISP Router:


ISP(config)#int f0/0

ISP(config-if)#ip add
ISP(config-if)#no shut


ACTIVE(config)#int f0/0
ACTIVE(config-if)#ip add
ACTIVE(config-if)#no shut
ACTIVE(config-if)#ip nat outside
ACTIVE(config-if)#int f0/1
ACTIVE(config-if)#ip add
ACTIVE(config-if)#no shut
ACTIVE(config-if)#ip nat inside
ACTIVE(config-if)#standby 1 ip
ACTIVE(config-if)#standby 1 priority 120
ACTIVE(config-if)#stabdby 1 preempt
ACTIVE(config)#access-list 1 permit
ACTIVE(config)#ip nat pool active netmask
ACTIVE(config)#ip nat inside source list 1 pool cisco overload


STANDBY(config)#int f0/0
STANDBY(config-if)#ip add
STANDBY(config-if)#no shut
STANDBY(config-if)#ip nat outside
STANDBY(config-if)#int f0/1
STANDBY(config-if)#ip add
STANDBY(config-if)#no shut
STANDBY(config-if)#ip nat inside
STANDBY(config-if)#standby 1 ip
STANDBY(config)#access-list 1 permit
STANDBY(config)#ip nat pool standby netmask
STANDBY(config)#ip nat inside source list 1 pool cisco overload

Note: I used the “public” IP on each router as its nat pool. This makes it possible for the ISP router to know where the traffics are coming from and effectively reply accordingly.

On the local computers, assign IP addresses from the starting from with gateway being -the IP address of the active HSRP router.
Test: to test this, run a ping to the IP address on the ISP router after that, shut down the active hsrp router and repeat the process. If implemented correctly, the pings should be successful.
Checking hsrp status: simply use the show standby command from the privilege mode e.g. #sh standby
Spread the love


I believe that Africa will advance technologically if knowledge is shared among the living than out of greed, taken to the grave.

Leave a Reply

Your email address will not be published. Required fields are marked *