Thursday, 7 May 2015

Configuring VRRP

How to Configure VRRP

  • Customizing VRRP
  • Enabling VRRP
  • Configuring VRRP Object Tracking
  • Configuring VRRP Text Authentication

Customizing VRRP


Customizing the behavior of VRRP is optional. Be aware that as soon as you enable a VRRP group, that group is operating. It is possible that if you first enable a VRRP group before customizing VRRP, the router could take over control of the group and become the virtual router master before you have finished customizing the feature. Therefore, if you plan to customize VRRP, it is a good idea to do so before enabling VRRP.

SUMMARY STEPS

    1.    enable 
    2.    configure terminal 
    3.    interface type number 
    4.    ip address ip-address mask 
    5.    vrrp group description text 
    6.    vrrp group priority level 
    7.    vrrp group preempt [delay minimum seconds] 
    8.    vrrp group timers advertise [msecinterval 
    9.    vrrp group timers learn 
    10.    exit 
    11.    no vrrp sso 


DETAILED STEPS

    Command or ActionPurpose
    Step 1enable 


    Example:
    Router> enable
    Enables privileged EXEC mode.

    • Enter your password if prompted.
    Step 2configure terminal


    Example:
    Router# configure terminal
    Enters global configuration mode.
    Step 3interface type number


    Example:
    Router(config)# interface GigabitEthernet 0/0/0
    Enters interface configuration mode.
    Step 4ip address ip-address mask


    Example:
    Router(config-if)# ip address 172.16.6.5 255.255.255.0
    Configures an IP address for an interface.
    Step 5vrrp group description text


    Example:
    Router(config-if)# vrrp 10 description working-group
    Assigns a text description to the VRRP group.
    Step 6vrrp group priority level


    Example:
    Router(config-if)# vrrp 10 priority 110
    Sets the priority level of the router within a VRRP group.

    • The default priority is 100.
    Step 7vrrp group preempt [delay minimum seconds]


    Example:
    Router(config-if)# vrrp 10 preempt delay minimum 380
    Configures the router to take over as virtual router master for a VRRP group if it has a higher priority than the current virtual router master.

    • The default delay period is 0 seconds.
    • The router that is IP address owner will preempt, regardless of the setting of this command.
    Step 8vrrp group timers advertise [msecinterval


    Example:
    Router(config-if)# vrrp 10 timers advertise 110
    Configures the interval between successive advertisements by the virtual router master in a VRRP group.

    • The unit of the interval is in seconds unless the mseckeyword is specified. The default interval value is 1 second.

    Note   
    All routers in a VRRP group must use the same timer values. If the same timer values are not set, the routers in the VRRP group will not communicate with each other and any misconfigured router will change its state to master.
    Step 9vrrp group timers learn


    Example:
    Router(config-if)# vrrp 10 timers learn
    Configures the router, when it is acting as virtual router backup for a VRRP group, to learn the advertisement interval used by the virtual router master.
    Step 10exit 


    Example:
    Router(config-if)# exit
    Exits interface configuration mode.
    Step 11no vrrp sso 


    Example:
    Router(config)# no vrrp sso
    (Optional) Disables VRRP support of SSO.

    • VRRP support of SSO is enabled by default.

    Enabling VRRP

    SUMMARY STEPS
      1.    enable 
      2.    configure terminal 
      3.    interface type number 
      4.    ip address ip-address mask 
      5.    vrrp group ip ip-address [secondary] 
      6.    end 
      7.    show vrrp [brief] | group] 
      8.    show vrrp interface type number [brief] 


    DETAILED STEPS

      Command or ActionPurpose
      Step 1enable 


      Example:
      Router> enable
      Enables privileged EXEC mode.

      • Enter your password if prompted.
      Step 2configure terminal


      Example:
      Router# configure terminal
      Enters global configuration mode.
      Step 3interface type number


      Example:
      Router(config)# interface GigabitEthernet 0/0/0
      Enters interface configuration mode.
      Step 4ip address ip-address mask


      Example:
      Router(config-if)# ip address 172.16.6.5 255.255.255.0
      Configures an IP address for an interface.
      Step 5vrrp group ip ip-address [secondary]


      Example:
      Router(config-if)# vrrp 10 ip 172.16.6.1
      Enables VRRP on an interface.

      • After you identify a primary IP address, you can use the vrrpip command again with thesecondary keyword to indicate additional IP addresses supported by this group.

      Note   
      All routers in the VRRP group must be configured with the same primary address and a matching list of secondary addresses for the virtual router. If different primary or secondary addresses are configured, the routers in the VRRP group will not communicate with each other and any misconfigured router will change its state to master.
      Step 6end 


      Example:
      Router(config-if)# end
      Returns to privileged EXEC mode.
      Step 7show vrrp [brief] | group]


      Example:
      Router# show vrrp 10
      (Optional) Displays a brief or detailed status of one or all VRRP groups on the router.
      Step 8show vrrp interface type number [brief]


      Example:
      Router# show vrrp interface GigabitEthernet 0/0/0
      (Optional) Displays the VRRP groups and their status on a specified interface.

      Configuring VRRP Object Tracking




      Note
      If a VRRP group is the IP address owner, its priority is fixed at 255 and cannot be reduced through object tracking.

      SUMMARY STEPS

        1.    enable 
        2.    configure terminal 
        3.    track object-number interface type number {line-protocol | ip routing} 
        4.    interface type number 
        5.    vrrp group ip ip-address 
        6.    vrrp group priority level 
        7.    vrrp group track object-number [decrement priority] 
        8.    end 
        9.    show track [object-number] 


      DETAILED STEPS

        Command or ActionPurpose
        Step 1enable 


        Example:
        Router> enable
        Enables privileged EXEC mode.

        • Enter your password if prompted.
        Step 2configure terminal


        Example:
        Router# configure terminal
        Enters global configuration mode.
        Step 3track object-number interface type number {line-protocol | ip routing}


        Example:
        Router(config)# track 2 interface serial 6 line-protocol
        Configures an interface to be tracked where changes in the state of the interface affect the priority of a VRRP group.

        • This command configures the interface and corresponding object number to be used with the vrrp track command.
        • The line-protocol keyword tracks whether the interface is up. The iprouting keyword also checks that IP routing is enabled and active on the interface.
        • You can also use thetrack ip route command to track the reachability of an IP route or a metric type object.
        Step 4interface type number


        Example:
        Router(config)# interface Ethernet 2
        Enters interface configuration mode.
        Step 5vrrp group ip ip-address


        Example:
        Router(config-if)# vrrp 1 ip 10.0.1.20
        Enables VRRP on an interface and identifies the IP address of the virtual router.
        Step 6vrrp group priority level


        Example:
        Router(config-if)# vrrp 1 priority 120
        Sets the priority level of the router within a VRRP group.
        Step 7vrrp group track object-number [decrement priority]


        Example:
        Router(config-if)# vrrp 1 track 2 decrement 15
        Configures VRRP to track an object.
        Step 8end 


        Example:
        Router(config-if)# end
        Returns to privileged EXEC mode.
        Step 9show track [object-number]


        Example:
        Router# show track 1
        Displays tracking information.

        Configuring VRRP Text Authentication

        Before You Begin
        Interoperability with vendors that may have implemented the RFC 2338 method is not enabled.
        Text authentication cannot be combined with MD5 authentication for a VRRP group at any one time. When MD5 authentication is configured, the text authentication field in VRRP hello messages is set to all zeros on transmit and ignored on receipt, provided the receiving router also has MD5 authentication enabled.

        SUMMARY STEPS

          1.    enable 
          2.    configure terminal 
          3.    terminal interface type number 
          4.    ip address ip-address mask [secondary] 
          5.    vrrp group authentication text text-string 
          6.    vrrp group ip ip-address 
          7.    Repeat Steps 1 through 6 on each router that will communicate.
          8.    end 


        DETAILED STEPS

          Command or ActionPurpose
          Step 1enable 


          Example:
          Router> enable
          Enables privileged EXEC mode.

          • Enter your password if prompted.
          Step 2configure terminal


          Example:
          Router# configure terminal
          Enters global configuration mode.
          Step 3terminal interface type number


          Example:
          Router(config)# interface Ethernet 0/1
          Configures an interface type and enters interface configuration mode.
          Step 4ip address ip-address mask [secondary]


          Example:
          Router(config-if)# ip address 10.0.0.1 255.255.255.0
          Specifies a primary or secondary IP address for an interface.
          Step 5vrrp group authentication text text-string


          Example:
          Router(config-if)# vrrp 1 authentication text textstring1
          Authenticates VRRP packets received from other routers in the group.

          • If you configure authentication, all routers within the VRRP group must use the same authentication string.
          • The default string is cisco.

          Note   
          All routers within the VRRP group must be configured with the same authentication string. If the same authentication string is not configured, the routers in the VRRP group will not communicate with each other and any misconfigured router will change its state to master.
          Step 6vrrp group ip ip-address


          Example:
          Router(config-if)# vrrp 1 ip 10.0.1.20
          Enables VRRP on an interface and identifies the IP address of the virtual router.
          Step 7Repeat Steps 1 through 6 on each router that will communicate.  
          Step 8end 


          Example:
          Router(config-if)# end
          Returns to privileged EXEC mode.

          Configuration Examples for VRRP


          Example: Configuring VRRP


          In the following example, Router A and Router B each belong to three VRRP groups.
          In the configuration, each group has the following properties:

          • Group 1:
            •  Virtual IP address is 10.1.0.10.
            •  Router A will become the master for this group with priority 120.
            •  Advertising interval is 3 seconds.
            •  Preemption is enabled.
          • Group 5:
            •  Router B will become the master for this group with priority 200.
            •  Advertising interval is 30 seconds.
            •  Preemption is enabled.
          • Group 100:
            •  Router A will become the master for this group first because it has a higher IP address (10.1.0.2).
            •  Advertising interval is the default 1 second.
            •  Preemption is disabled.

          Router A

          
Router(config)# interface GigabitEthernet 1/0/0 
          

          
Router(config-if)# ip address 10.1.0.2 255.0.0.0 
          

          
Router(config-if)# vrrp 1 priority 120 
          

          
Router(config-if)# vrrp 1 authentication cisco 
          

          
Router(config-if)# vrrp 1 timers advertise 3 
          

          
Router(config-if)# vrrp 1 timers learn 
          

          
Router(config-if)# vrrp 1 ip 10.1.0.10 
          

          
Router(config-if)# vrrp 5 priority 100 
          

          
Router(config-if)# vrrp 5 timers advertise 30
          

          
Router(config-if)# vrrp 5 timers learn
          

          
Router(config-if)# vrrp 5 ip 10.1.0.50 
          

          
Router(config-if)# vrrp 100 timers learn
          

          
Router(config-if)# no vrrp 100 preempt 
          

          
Router(config-if)# vrrp 100 ip 10.1.0.100
          

          
Router(config-if)# no shutdown

          Router B

          
Router(config)# interface GigabitEthernet 1/0/0 
          

          
Router(config-if)# ip address 10.1.0.1 255.0.0.0 
          

          
Router(config-if)# vrrp 1 priority 100 
          

          
Router(config-if)# vrrp 1 authentication cisco 
          

          
Router(config-if)# vrrp 1 timers advertise 3 
          

          
Router(config-if)# vrrp 1 timers learn 
          

          
Router(config-if)# vrrp 1 ip 10.1.0.10 
          

          
Router(config-if)# vrrp 5 priority 200 
          

          
Router(config-if)# vrrp 5 timers advertise 30
          

          
Router(config-if)# vrrp 5 timers learn
          

          
Router(config-if)# vrrp 5 ip 10.1.0.50 
          

          
Router(config-if)# vrrp 100 timers learn
          

          
Router(config-if)# no vrrp 100 preempt 
          

          
Router(config-if)# vrrp 100 ip 10.1.0.100
          

          
Router(config-if)# no shutdown

          Example: VRRP Object Tracking


          In the following example, the tracking process is configured to track the state of the line protocol on serial interface 0/1. VRRP on Ethernet interface 1/0 then registers with the tracking process to be informed of any changes to the line protocol state of serial interface 0/1. If the line protocol state on serial interface 0/1 goes down, then the priority of the VRRP group is reduced by 15.
          
Router(config)# track 1 interface Serial 0/1 line-protocol
          

          
Router(config-track)# exit
          

          
Router(config)# interface Ethernet 1/0
          

          
Router(config-if)# ip address 10.0.0.2 255.0.0.0
          

          
Router(config-if)# vrrp 1 ip 10.0.0.3
          

          
Router(config-if)# vrrp 1 priority 120
          

          
Router(config-if)# vrrp 1 track 1 decrement 15

          Example: VRRP Object Tracking Verification

          
Router# show vrrp
          


          
Ethernet1/0 - Group 1  
          
State is Master  

          
  Virtual IP address is 10.0.0.3
          
Virtual MAC address is 0000.5e00.0101

          
  Preemption is enabled
          
Advertisement interval is 1.000 sec
   min delay is 0.000 sec

          
  Master Router is 10.0.0.2 (local), priority is 105 
          
Priority is 105 
   Track object 1 state Down decrement 15

          
Router# show track
          
Master Advertisement interval is 1.000 sec
  Master Down interval is 3.531 sec

          

          

          
Track 1 
          

          
  Interface Serial0/1 line-protocol
          
Line protocol is Down (hw down)

          
  Tracked by:
          
1 change, last change 00:06:53

          
   VRRP Ethernet1/0 1

          Example: VRRP Text Authentication


          The following example shows how to configure VRRP text authentication using a text string:
          
Router(config)# interface GigabitEthernet 0/0/0
          

          
Router(config)# ip address 10.21.8.32 255.255.255.0
          

          
Router(config-if)# vrrp 10 authentication text stringxyz
          

          
Router(config-if)# vrrp 10 ip 10.21.8.10

          Example: VRRP MIB Trap


          
Router(config)# snmp-server enable traps vrrp
          

          
Router(config)# snmp-server host 10.1.1.0 community abc vrrp
          Posted by at
          Location: Patiala, Punjab, India

          No comments:

          Post a Comment

          Subscribe to: Post Comments (Atom)