IP SLA Track Object Not Triggering HSRP Failover
Presenting Symptom
The standby router does not take over as active when the upstream WAN link on the active router fails, even though IP SLA tracking is configured.
Network Context
A small branch office with two Cisco routers (R1 and R2) running HSRP for default gateway redundancy. R1 is the active HSRP router, and R2 is standby. Both routers connect to an upstream ISP via a single WAN link. IP SLA is configured on R1 to track the reachability of an ISP next-hop IP, and the track object is supposed to decrement HSRP priority on failure, but failover does not occur. IOS version 15.x.
Diagnostic Steps
Verify HSRP status on both routers
show standbyR1# show standby
GigabitEthernet0/0 - Group 10
State is Active
2 state changes, last state change 00:10:23
Virtual IP address is 192.168.1.254
Active virtual MAC address is 0000.0c07.ac0a
Local virtual MAC address is 0000.0c07.ac0a
Hello time 3 sec, hold time 10 sec
Next hello sent in 2.400 sec
Preemption enabled
Active router is local
Standby router is 192.168.1.2, priority 90 (expires in 8.448 sec)
Priority 100 (configured 100)
Track object 1 state Up decrement 20
Group name is "HSRP-Group10"Check if HSRP is configured and which router is active. Look for the track object line: it should show the object number and decrement value. If the track object is not listed, tracking is not applied to HSRP.
Check IP SLA configuration and state
show ip sla configurationR1# show ip sla configuration IP SLAs Infrastructure Engine-III Entry number: 1 Owner: Tag: Type of operation to perform: icmp-echo Target address: 203.0.113.1 Source address: 192.168.1.1 ... Frequency: 10 seconds ... Threshold: 5000 ... Life: forever ... Operation timeout: 5000 milliseconds ... Status of entry (SNMP RowStatus): Active
Verify that the IP SLA operation is configured correctly (target IP, source IP, frequency). Ensure the operation type matches the tracking method (e.g., icmp-echo). If the operation is not active, it won't trigger tracking.
Check IP SLA operational state and track object status
show ip sla statisticsR1# show ip sla statistics
Round Trip Time (RTT) for Index 1
Latest RTT: 10 ms
Latest operation start time: 12:34:56 UTC Mon Mar 1 2021
Latest operation return code: OK
Number of successes: 100
Number of failures: 0
Operation time to live: Forever
Check if the IP SLA operation is succeeding or failing. If it shows 'return code: OK', the operation is working. If it shows 'Timeout' or 'No connection', the target is unreachable. Also check the track object status with 'show track'.
Check track object status
show trackR1# show track
Track 1
IP SLA 1 reachability
Reachability is Up
2 changes, last change 00:05:00
Latest operation return code: OK
Latest RTT (millisecs): 10
Tracked by:
HSRP GigabitEthernet0/0 10
Verify that the track object is tracking the IP SLA and that its state is 'Up' or 'Down'. Also confirm that HSRP is listed as a tracked client. If the track object is 'Down' but HSRP priority did not decrement, the issue may be in HSRP configuration (e.g., preemption not enabled or decrement value not applied).
Check HSRP priority and preemption configuration
show running-config | section interface GigabitEthernet0/0interface GigabitEthernet0/0 ip address 192.168.1.1 255.255.255.0 standby 10 ip 192.168.1.254 standby 10 priority 100 standby 10 preempt standby 10 track 1 decrement 20
Ensure that the 'standby preempt' command is present on both routers. Without preemption, the standby router will not take over even if the active router's priority drops. Also verify that the track command is correctly applied to the HSRP group.
Root Cause
The HSRP preempt command is missing on both routers. When the IP SLA detects a failure and the track object goes down, the active router's priority decrements (e.g., from 100 to 80), but without preemption, the standby router (with default priority 100) does not preempt the active role because preemption is disabled. HSRP only preempts if explicitly configured.
Resolution
Verification
After applying the fix, simulate a failure by shutting down the upstream interface or disabling the IP SLA target. Then run: R1# show standby Expected output on R1 after failure: State is Standby Priority 80 (configured 100) Track object 1 state Down decrement 20 Active router is 192.168.1.2, priority 90 (expires in 8.448 sec) On R2: State is Active Priority 90 (configured 90) Active router is local This confirms that the standby router has taken over as active.
Prevention
1. Always enable HSRP preemption on all routers in the group to allow seamless failover when priority changes. 2. Use a lower default priority on the standby router (e.g., 90) so that it can preempt when the active router's priority drops below that value. 3. Test failover scenarios during initial deployment to ensure IP SLA tracking and HSRP interaction work as expected.
CCNA Exam Relevance
On the CCNA 200-301 exam, this scenario may appear as a troubleshooting question where you are given show command outputs and asked to identify why HSRP failover is not occurring. The exam tests understanding of HSRP preemption, priority tracking, and IP SLA integration. A key fact is that HSRP preemption is disabled by default and must be explicitly configured for priority-based failover to work.
Exam Tips
Remember that HSRP preemption is disabled by default; without it, a higher-priority router will not take over the active role.
When troubleshooting HSRP failover, always check 'show standby' for the 'Preemption enabled' line and the track object status.
The 'show track' command is essential to verify that the IP SLA operation is being tracked and that the track object state is correctly reflected.
Test Your CCNA Knowledge
Practice with scenario-based questions to prepare for the CCNA 200-301 exam.
Practice CCNA Questions