The configuration of a basic Virtual Router Redundancy Protocol (VRRP) implementation is not all that complex, and resembles a lot the configuration of Cisco’s Hot Standby Router Protocol (HSRP) if the reader is more familiar with that protocol. This section first covers the configuration process steps and commands that are used to perform a basic VRRP configuration. An example is then given on how these steps can be used to configure VRRP in a sample networking topology.
VRRP Simple Configuration Steps
Only a few commands are required to get VRRP up and working. Table 1 features these commands and a few other common commands that are used to modify the default behavior of VRRP.
Table 1 - VRRP Configuration Commands
1
|
Enter privileged EXEC mode.
|
router>enable
|
2
|
Enter global configuration mode.
|
router#configure terminal
|
3
|
Enter interface configuration mode.
|
router(config)#interface interface
|
4
|
Configure an IP address on the interface.
|
router(config-if)#ip address address netmask
|
5
|
Configure a VRRP virtual IP address.
Note: This address must be in the same subnet as the interface IP address (primary or secondary).
|
router(config-if)#vrrp group-number ip ip-address
|
6
|
Configure the VRRP priority (optional).
Note: The valid values for the priority are from 1 through 254.
|
router(config-if)#vrrp group-number prioritypriority
|
7
|
Configure VRRP preemption (optional).
Note: VRRP preemption is enabled by default.
|
router(config-if)#vrrp group-number preempt
|
VRRP Simple Example
Because often it is easier to see the complete application of a subject, this section goes over the configuration of VRRP between two devices in a sample network. Figure 1 displays the topology that will be used; Table 2 and 3 will then display the commands required on both R1 and R2.
Figure 1 VRRP example topology
The configuration will perform the following:
- Configure the IP addresses 10.10.20.1/30 (R1) and 10.10.20.2/30(R2) on their Fa0/1 interfaces.
- Configure the IP addresses 172.16.1.1/24 (R1) and 172.16.2.1 (R2) on their Fa0/0 interfaces.
- Configure VRRP between R1 and R2 using the IP addresses 10.10.10.1/24 (R1) and 10.10.10.2/24(R2) and a virtual IP address of 10.10.10.5 on their Fa1/0 interfaces.
- Configure R1 with a VRRP priority of 140.

Figure 1 VRRP example topology
Table 2 - R1 Simple Example Configuration
1
|
Enter privileged EXEC mode.
|
R1>enable
|
2
|
Enter global configuration mode.
|
R1#configure terminal
|
3
|
Enter interface configuration mode.
|
R1(config)#interface fa0/0
|
4
|
Configure an IP address on the interface.
|
R1(config-if)#ip address 172.16.1.1 255.255.255.0
|
5
|
Enter interface configuration mode.
|
R1(config)#interface fa0/1
|
6
|
Configure an IP address on the interface.
|
R1(config-if)#ip address 10.10.20.1 255.255.255.252
|
7
|
Enter interface configuration mode.
|
R1(config)#interface fa1/0
|
8
|
Configure an IP address on the interface.
|
R1(config-if)#ip address 10.10.10.1 255.255.255.0
|
9
|
Configure VRRP using a virtual IP address of 10.10.10.5 using group 1.
|
R1(config-if)#vrrp 1 ip 10.10.10.5
|
10
|
Configure the VRRP priority to 140.
|
R1(config-if)#vrrp 1 priority 140
|
Table 3 - R2 Simple Example Configuration
1
|
Enter privileged EXEC mode.
|
R2>enable
|
2
|
Enter global configuration mode.
|
R2#configure terminal
|
3
|
Enter interface configuration mode.
|
R2(config)#interface fa0/0
|
4
|
Configure an IP address on the interface.
|
R2(config-if)#ip address 172.16.2.1 255.255.255.0
|
5
|
Enter interface configuration mode.
|
R2(config)#interface fa0/1
|
6
|
Configure an IP address on the interface.
|
R2(config-if)#ip address 10.10.20.2 255.255.255.252
|
7
|
Enter interface configuration mode.
|
R2(config)#interface fa1/0
|
8
|
Configure an IP address on the interface.
|
R2(config-if)#ip address 10.10.10.2 255.255.255.0
|
9
|
Configure VRRP using a virtual IP address of 10.10.10.5 using group 1.
|
R2(config-if)#vrrp 1 ip 10.10.10.5
|
VRRP Complex Configuration Steps
As with most features, a number of different optional features may or may not be useful depending on the specific implementation situation. This section reviews the additional commands that can be configured to take advantage of these additional features (Table 4), and then covers another example using these features.
Table 4 - VRRP Complex Configuration Commands
1
|
Configure VRRP Authentication
|
router(config-if)#vrrp group-numberauthentication {plain-text-string | textplain-text-string | md5 {key-string keystring| key-chain key-chain-name}}
|
If a key-chain is configured with the command above, follow these next few steps to create the key-chain.
| ||
2
|
Create and enter into key chain configuration mode.
|
router(config)#key chain chain-name
|
3
|
Create and enter into key chain – key configuration mode.
Note: The key-numbercan be any number between 0-2147483647.
|
router(config-keychain)#key key-number
|
4
|
Enter the key string that will be used to authenticate with neighboring devices.
|
router(config-keychain-key)#key-stringkeystring
|
1
|
Configure VRRP Object tracking.
Note: The default priority decrement value is 10.
|
router(config-if)#vrrp group-number trackobject-number [decrement priority]
|
2
|
Create a tracked object
Notes:
The object-numbercan be any number between 1 and 1000.
The line-protocolparameter will track the protocol state of the configured interface. Theip routingparameter will track the IP routing capability of an interface (is it configured with an IP address and operational?).
|
router(config)#track object-number interfaceinterface {line-protocol | ip routing}
|
VRRP Complex Example
This section covers an example using both VRRP MD5 authentication (using a basic key-string) and VRRP object tracking. For the object tracking configuration, R1 will be configured to monitor the line protocol state of its own fa0/0 interface. If it goes down, then its VRRP priority will be lowered by 50; R2 will be configured the same using its fa0/0 interface. The examples in Tables 5 and 6 build upon the simple VRRP example shown earlier in Table 4.
Table 5 - R1 Complex Example Configuration Addition
1
|
Enter privileged EXEC mode.
|
R1>enable
|
2
|
Enter global configuration mode.
|
R1#configure terminal
|
3
|
Create a tracked object that will monitor the line protocol status of the fa0/0 interface using an object number of 1.
|
R1(config)#track 1 interface fa0/0 line-protocol
|
4
|
Enter interface configuration mode.
|
R1(config)#interface fa1/0
|
5
|
Configure VRRP to use the tracked object to influence its priority..
|
R1(config-if)#vrrp 1 track 1 decrement 50
|
6
|
Configure the use of an MD5 keystring ofabc123.
|
R1(config-if)#vrrp 1 authentication md5 key-string abc123
|
Table 6 - R2 Complex Example Configuration Addition
1
|
Enter privileged EXEC mode.
|
R2>enable
|
2
|
Enter global configuration mode.
|
R2#configure terminal
|
3
|
Create a tracked object that will monitor the line protocol status of the fa0/0 interface using an object number of 1.
|
R2(config)#track 1 interface fa0/0 line-protocol
|
4
|
Enter interface configuration mode.
|
R2(config)#interface fa1/0
|
5
|
Configure VRRP to use the tracked object to influence its priority.
|
R2(config-if)#vrrp 1 track 1 decrement 50
|
6
|
Configure the use of an MD5 key string ofabc123.
|
R2(config-if)#vrrp 1 authentication md5 key-string abc123
|
Blogger Comment
Facebook Comment