Sample VRRP Configuration for the C3/C2/G-Series

  • 0
  • 1
  • Article
  • Updated 5 years ago
  • (Edited)
Article ID: 12335 

Products
SecureStack C3, all firmware
SecureStack C2, firmware 3.00.50 and higher
G-Series, all firmware 

Goals
VRRP sample configuration. 

Solution
The following configurations sets up two routers configured to back each other up with VRRP for default gateway redundancy. This would work with all VRRP-compatible routers. 

* Master VRRP Router * 
#Router Configuration
router
enable
configure
interface vlan 201
ip address 10.16.128.1 255.255.255.0
no shutdown
exit
interface loopback 1
ip address 10.16.255.249 255.255.255.248
no shutdown
exit
router vrrp
create vlan 201 201
address vlan 201 201 10.16.128.1 1
enable vlan 201 201
exit
The "1" at the end of the 'address vlan' command indicates this router owns IP address 10.16.128.1. 

* Backup VRRP Router * 
#Router Configuration
router
enable
configure
interface vlan 201
ip address 10.16.128.2 255.255.255.0
no shutdown
exit
interface loopback 1
ip address 10.16.255.250 255.255.255.248
no shutdown
exit
router vrrp
create vlan 201 201
address vlan 201 201 10.16.128.1 0
enable vlan 201 201
exit
The "0" at the end of the 'address vlan' command indicates this router does not own IP address 10.16.128.1. 

* Testing Your VRRP Configuration * 

Use the 'show ip vrrp' router mode command to see the status of your VRRP routers. 

From the Master router 
C3(su)->router
C3(su)->router>enable
C3(su)->router#show ip vrrp
------------------VRRP CONFIGURATION--------
Vlan Vrid State Owner AssocIpAddr Priority
201 201 Master 1 10.16.128.1 255
C3(su)->router#
From the Backup router 
C2(su)->router
C2(su)->router>enable
C2(su)->router#show ip vrrp
------------------VRRP CONFIGURATION--------
Vlan Vrid State Owner AssocIpAddr Priority
201 201 Backup 0 10.16.128.1 100
C2(su)->router#
If VRRP is functioning, you will see a Master and Backup router in the "State" column.
If both routers show as Master, then it is likely that communication between the two is blocked at Layer 2, so check the port status to ensure it is operational and not being blocked by Spanning Tree. At Layer 3, check to see that you have no ACL blocking the VRRP updates between the routers (5775).
If in an Initialize state, then the process has not started on the router. Ensure that the interface is operational by using the 'show ip interface' router mode command. 

Also make sure that you can ping the real IP addresses, as you should always be able to ping them even if the router is configured for VRRP. 

Notes:
  • These products require an advanced router license (5828, 10824) in order to support VRRP.
  • Some of the underlying Layer 2 commands - for instance, to apply the advanced router license or to create and egress VLANs for these Layer 3 interfaces - have been omitted here.

For additional information, please consult the Configuration Guide relevant to your product and firmware version.
Photo of FAQ User

FAQ User, Official Rep

  • 13,620 Points 10k badge 2x thumb

Posted 5 years ago

  • 0
  • 1

There are no replies.

This conversation is no longer open for comments or replies.