3.6 First Hop Redundancy Protocols (FHRP)

The Problem FHRPs Solve

End devices (PCs, phones, servers) are configured with a single default gateway IP. If that one router fails, every device on the subnet loses access to other networks — even if a second, perfectly healthy router sits on the same subnet — because the hosts have no way to learn about it.

First Hop Redundancy Protocols (FHRPs) fix this by sharing a virtual IP address (VIP) and a virtual MAC address across two or more routers. Hosts point at the VIP as their gateway. If the active router dies, a standby router assumes the same VIP and virtual MAC, so end devices keep sending to the unchanged gateway address and ARP entry — failover is invisible to them.

HSRP (Hot Standby Router Protocol)

HSRP States

HSRP Election and Preemption

• The highest priority router becomes Active (default priority 100, range 0-255).
• If priorities tie, the highest interface IP wins.
• Preemption is off by default — without standby <grp> preempt, a recovered higher-priority router will not reclaim the Active role; it waits as Standby until the current Active fails.

Router(config-if)# standby 1 ip 10.0.0.1
Router(config-if)# standby 1 priority 110
Router(config-if)# standby 1 preempt

VRRP (Virtual Router Redundancy Protocol)

VRRP behaves much like HSRP but is an open standard, so it interoperates across vendors. A key contrast: VRRP preempts by default, while HSRP does not.

GLBP (Gateway Load Balancing Protocol)

GLBP's distinguishing trait: HSRP and VRRP keep one router actively forwarding while the others sit idle, but GLBP forwards through multiple routers at once. A single AVG hands out different virtual MAC addresses to different clients (round-robin by default), so client traffic spreads across all active forwarders simultaneously.

FHRP Comparison

On the Exam: The CCNA tests FHRP concepts, not deep configuration. Lock in three facts: (1) FHRPs give transparent default-gateway failover via a shared virtual IP/MAC; (2) HSRP and GLBP are Cisco-proprietary while VRRP is the IEEE open standard; and (3) only GLBP load-balances across multiple active routers. Distractors love to claim HSRP or VRRP load-balances — they do not.

How Failover Actually Happens

The magic of an FHRP is the virtual MAC. When a host ARPs for its gateway VIP, the Active/Master router replies with the virtual MAC, not its own burned-in address. The host caches the VIP-to-virtual-MAC mapping. If the Active router fails, the Standby promotes itself, claims the same virtual MAC, and sends a gratuitous ARP so switches relearn which port owns that MAC. Because the host's ARP entry (VIP to virtual MAC) never changes, the PC keeps forwarding without re-ARPing — failover completes in seconds and is invisible to the user. This is why FHRPs use a virtual MAC rather than swapping in the new router's real MAC.

Object Tracking and Uplink Failures

A subtle real-world problem: the Active router can stay Active even if its uplink to the rest of the network fails, blackholing traffic. FHRPs solve this with interface or object tracking — the Active router monitors its uplink and decrements its priority when that uplink goes down. If preemption is enabled and the Standby's priority now exceeds the wounded Active's, the Standby takes over and forwards through its healthy uplink. The CCNA expects you to understand the concept: tracking lets an FHRP react to failures beyond the immediate LAN segment, not just to the gateway router crashing.

Picking the Right FHRP

In practice HSRP dominates Cisco-only enterprises, VRRP appears wherever non-Cisco gear must participate, and GLBP shows up when an organization wants to recoup the cost of its standby routers by load-sharing. For the exam, anchor on the standards body (Cisco vs. IEEE) and the load-balancing distinction — those two facts answer most FHRP questions.