show hsrp
Displays Hot Standby Router Protocol (HSRP) status and configuration information for all groups or a specified interface/group on Cisco NX-OS (Nexus) switches.
Overview
The 'show hsrp' command is a critical troubleshooting and verification tool for Hot Standby Router Protocol (HSRP) on Cisco Nexus switches. HSRP provides first-hop redundancy by allowing two or more routers to share a virtual IP and MAC address, with one router acting as the Active forwarder and another as Standby. This command displays the operational state, priority, timers, virtual addresses, and peer information for each HSRP group configured on the device. On Cisco NX-OS, the command supports additional parameters like 'brief', 'detail', and 'summary' to tailor the output. It is used during initial configuration verification, routine health checks, and when diagnosing issues such as failover failures, flapping, or authentication mismatches. Understanding the output helps network engineers ensure that HSRP is functioning correctly, providing seamless gateway redundancy. The command is essential for maintaining high availability in data center and campus networks where Nexus switches are deployed.
show hsrp [interface {ethernet slot/port | vlan vlan-id} [group group-number]] [brief | detail | summary]When to Use This Command
- Verify HSRP state and role (Active/Standby) for a specific VLAN interface to ensure redundancy is working.
- Troubleshoot HSRP preemption issues when a higher-priority router fails to take over as Active.
- Check virtual IP and MAC addresses assigned to HSRP groups for consistency across redundant routers.
- Monitor HSRP timers and hello packet statistics to diagnose flapping or convergence delays.
Parameters
| Parameter | Syntax | Description |
|---|---|---|
| interface | interface {ethernet slot/port | vlan vlan-id} | Specifies the interface (e.g., ethernet 1/1 or vlan 100) for which HSRP information is displayed. If omitted, all HSRP groups on all interfaces are shown. |
| group | group group-number | Specifies the HSRP group number (0-255) to display. Must be used with the interface parameter. If omitted, all groups on the specified interface are shown. |
| brief | brief | Displays a concise, table-format summary of HSRP groups, including interface, group, priority, preemption flag, state, active/standby routers, and virtual IP. |
| detail | detail | Provides detailed information including preemption settings, authentication, tracked objects, and redundancy names for each HSRP group. |
| summary | summary | Displays a summary of HSRP groups with counts of groups in each state (Active, Standby, Init) and total groups. |
Command Examples
Basic HSRP status for all groups
show hsrpVlan100 - Group 1 Local state is Active, priority 110 (cfgd 110) Hellotime 3 sec, holdtime 10 sec Virtual IP address is 192.168.100.1 Active router is local Standby router is 192.168.100.3, priority 100 (expires in 8 sec) Virtual mac address is 0000.0c07.ac01 2 state changes, last state change 00:01:23 Vlan200 - Group 2 Local state is Standby, priority 100 (cfgd 100) Hellotime 3 sec, holdtime 10 sec Virtual IP address is 192.168.200.1 Active router is 192.168.200.2, priority 110 (expires in 6 sec) Standby router is local Virtual mac address is 0000.0c07.ac02 5 state changes, last state change 00:05:10
Shows HSRP groups on VLAN100 and VLAN200. For VLAN100, this switch is Active (priority 110) with virtual IP 192.168.100.1; standby is 192.168.100.3. For VLAN200, this switch is Standby (priority 100) with active router 192.168.200.2. Timers, virtual MAC, and state change history are displayed.
Detailed HSRP information for a specific interface
show hsrp interface vlan 100 group 1 detailVlan100 - Group 1 Local state is Active, priority 110 (cfgd 110), may preempt Preemption delay: 0 sec Hellotime 3 sec, holdtime 10 sec Minimum delay 0 sec Virtual IP address is 192.168.100.1 Active router is local Standby router is 192.168.100.3, priority 100 (expires in 8 sec) Standby virtual mac address is 0000.0c07.ac01 Active router is local Primary IP address is 192.168.100.2 Authentication text, key-string "cisco" Track object 1 state Up decrement 10 2 state changes, last state change 00:01:23 IP redundancy name is "hsrp-Vl100-1"
Detailed output includes preemption configuration, authentication string, tracked objects, and IP redundancy name. Shows that preemption is enabled with no delay, authentication is set to 'cisco', and tracking object 1 (Up) decrements priority by 10 if it goes down.
Brief summary of HSRP groups
show hsrp briefInterface Grp Prio P State Active Standby Virtual IP Vlan100 1 110 Y Active local 192.168.100.3 192.168.100.1 Vlan200 2 100 N Standby 192.168.200.2 local 192.168.200.1
Compact table showing interface, group number, priority, preemption flag (Y/N), state, active and standby routers, and virtual IP. Useful for a quick overview of all HSRP groups.
Understanding the Output
The 'show hsrp' command output is organized per HSRP group per interface. Each group section begins with the interface (e.g., Vlan100) and group number. The 'Local state' field indicates the role of the local switch: 'Active' (forwarding traffic for the virtual IP), 'Standby' (ready to take over), or 'Init' (not yet participating). 'Priority' shows the configured priority (higher is more likely to be Active). 'Hellotime' and 'holdtime' are timers for hello messages and hold time before declaring a peer dead. 'Virtual IP address' is the gateway IP shared by the group. 'Active router' and 'Standby router' show the current active and standby routers' IP addresses and their priorities. 'Virtual mac address' is the MAC used for the virtual IP. 'State changes' and 'last state change' indicate stability. In healthy operation, one router is Active and another is Standby. Problems include both routers in Active state (split-brain) or both in Standby (no Active), or frequent state changes indicating flapping. The 'detail' option adds preemption settings, authentication, tracked objects, and redundancy names. The 'brief' option provides a concise table for all groups.
Configuration Scenarios
Basic HSRP Configuration on VLAN 100
Two Nexus switches (Nexus-A and Nexus-B) provide gateway redundancy for VLAN 100. Nexus-A should be Active with higher priority.
Topology
[Nexus-A] ---- [Nexus-B]
| |
+--- VLAN 100 -+Steps
- 1.Configure interface Vlan100 on both switches.
- 2.Assign IP addresses: Nexus-A 192.168.100.2/24, Nexus-B 192.168.100.3/24.
- 3.Enable HSRP group 1 with virtual IP 192.168.100.1.
- 4.Set priority 110 on Nexus-A (default 100 on Nexus-B).
- 5.Enable preemption on both.
! Nexus-A
interface Vlan100
ip address 192.168.100.2/24
hsrp 1
ip 192.168.100.1
priority 110
preempt
! Nexus-B
interface Vlan100
ip address 192.168.100.3/24
hsrp 1
ip 192.168.100.1
preemptVerify: On Nexus-A: 'show hsrp' should show local state Active, standby 192.168.100.3. On Nexus-B: local state Standby, active 192.168.100.2.
Watch out: If preemption is not enabled, Nexus-B will remain Standby even if Nexus-A fails and recovers, because Nexus-B became Active and will not give up the role.
HSRP with Object Tracking
Nexus-A should track an upstream interface (e.g., Ethernet 1/1) and decrement priority if it goes down, allowing Nexus-B to take over.
Topology
[Nexus-A] ---- [Nexus-B]
| |
[Upstream] [Upstream]Steps
- 1.Configure HSRP as in basic scenario.
- 2.Create a track object for interface Ethernet 1/1 line-protocol.
- 3.Apply tracking to HSRP group with decrement value.
! Nexus-A
interface Vlan100
ip address 192.168.100.2/24
hsrp 1
ip 192.168.100.1
priority 110
preempt
track 1 decrement 20
track 1 interface Ethernet 1/1 line-protocolVerify: Shut down Ethernet 1/1 on Nexus-A, then 'show hsrp' on Nexus-A should show priority 90 (110-20) and state Standby. Nexus-B should become Active.
Watch out: Ensure the tracked object is correctly defined and the decrement value is sufficient to drop priority below the standby router's priority.
Troubleshooting with This Command
When troubleshooting HSRP on Cisco Nexus switches, start with 'show hsrp' to verify the state of each group. If both routers show Active (split-brain), check for connectivity issues between them (e.g., VLAN mismatch, ACL blocking HSRP multicast). If both show Standby, ensure the virtual IP is configured and that hello packets are being exchanged. Use 'show hsrp interface vlan X detail' to check timers, authentication, and tracked objects. Common issues include mismatched authentication strings (use 'show hsrp' to see if authentication is configured), incorrect holdtime causing flapping, and preemption not enabled. Also verify that the virtual IP is not used elsewhere. On Nexus, HSRP uses the management VRF by default; if using a different VRF, ensure the 'hsrp use-vrf' command is configured. Check logs with 'show logging | include HSRP' for state changes. For persistent issues, use 'debug hsrp' (with caution) to see packet exchanges. Remember that HSRP requires IP connectivity between peers; test with ping to the primary IP addresses. If the standby router is not learning the active router, check for firewall rules or port security that might block UDP 1985.
CCNA Exam Tips
Remember that HSRP uses UDP port 1985 and multicast address 224.0.0.2 (all routers).
Know that the default priority is 100; higher priority wins the Active role.
Understand that preemption is disabled by default; you must enable it for a higher-priority router to take over after a failure recovery.
Common Mistakes
Forgetting to enable preemption, causing a higher-priority router to remain Standby after recovery.
Misconfiguring authentication (e.g., mismatched strings) causing HSRP sessions to fail.
Setting holdtime too low, leading to false failures and unnecessary state changes.
Platform Notes
On Cisco NX-OS, HSRP behaves similarly to Cisco IOS but with some differences. NX-OS uses a modular architecture; HSRP is part of the 'feature hsrp' which must be enabled. The 'show hsrp' command output is similar but includes additional fields like 'IP redundancy name'. NX-OS supports HSRP version 1 and 2; version 2 uses multicast 224.0.0.102 and supports group numbers up to 4095. The 'brief' and 'summary' options are available on NX-OS but not on all IOS versions. On Nexus, HSRP can be configured in the default VRF or a non-default VRF using the 'hsrp use-vrf' command. For comparison, on Juniper JunOS, the equivalent is 'show vrrp' or 'show vrrp detail' for VRRP; on Arista EOS, 'show ip virtual-router' is used. NX-OS also supports HSRP for IPv6 (HSRP for IPv6) with the 'show ipv6 hsrp' command. In terms of version differences, NX-OS 7.x and later have enhanced HSRP scalability and support for large numbers of groups.
Practice for the CCNA 200-301
Test your knowledge with hundreds of CCNA practice questions covering all exam domains.
Practice CCNA Questions