Cisco Virtual Router Redundancy Protocol (VRRP) Configuration

Arya MirΔίκτυα και Επικοινωνίες

12 Οκτ 2013 (πριν από 3 χρόνια και 10 μήνες)

267 εμφανίσεις

The configuration of a basic Virtual Router Redundancy Protocol (VRRP) implementation is not all that complex, and resembles a lot the configuration of Cisco’s Hot Standby Router Protocol (HSRP) if the reader is more familiar with that protocol. This section first covers the configuration process steps and commands that are used to perform a basic VRRP configuration. An example is then given on how these steps can be used to configure VRRP in a sample networking topology.

13-10-12 2:13 AM
Articles
Page 1 of 6
http://www.ciscopress.com/articles/printerfriendly.asp?p=2141275
Cisco Virtual Router Redundancy Protocol
(VRRP) Configuration
Date: Sep 25, 2013 By
Sean Wilkins
.
Article is provided courtesy of
Cisco Press
.
In this article networking consultant Sean Wilkins takes the concepts covered in

Introduction to VRRP
” and discusses how those concepts can be applied onto real
devices.
The configuration of a basic Virtual Router Redundancy Protocol
(VRRP) implementation is
not all that complex, and resembles a lot the
configuration of Cisco’s Hot Standby Router
Protocol (HSRP) if the reader is
more familiar with that protocol. This section first covers the
configuration
process steps and commands that are used to perform a basic VRRP
configuration.
An example is then given on how these steps can be used to configure VRRP
in a
sample networking topology.
VRRP Simple Configuration Steps
Only a few commands are required to get VRRP up and working. Table
1 features these
commands and a few other common commands that are used to
modify the default behavior
of VRRP.
Table 1
- VRRP Configuration Commands
1
Enter privileged EXEC mode.
router>
enable
2
Enter global configuration
mode.
router#
configure
terminal
3
Enter interface configuration
mode.
router(config)#
interface
interface
4
Configure an IP address on
the interface.
router(config-if)#
ip
address
address netmask
5
Configure a VRRP virtual IP
address.
Note: This address must be
in the same subnet as the
interface IP
address (primary
or secondary).
router(config-if)#
vrrp
group-
number

ip
ip-address
6
Configure the VRRP priority
(optional).
Note: The valid values for
the
priority
are from 1 through
254.
router(config-if)#
vrrp
group-
number

priority
priority
7
Configure VRRP preemption
(optional).
Note: VRRP preemption is
router(config-if)#
vrrp
group-
number

preempt
13-10-12 2:13 AM
Articles
Page 2 of 6
http://www.ciscopress.com/articles/printerfriendly.asp?p=2141275
enabled by default.
VRRP Simple Example
Because often it is easier to see the complete application of a
subject, this section goes over
the configuration of VRRP between two devices
in a sample network. Figure 1 displays the
topology that will be used; Table 2
and 3 will then display the commands required on both
R1 and R2.
Figure 1
VRRP example topology
The configuration will perform the following:
Configure the IP addresses 10.10.20.1/30 (R1)
and 10.10.20.2/30(R2) on their Fa0/1
interfaces.
Configure the IP addresses 172.16.1.1/24 (R1)
and 172.16.2.1 (R2) on their Fa0/0
interfaces.
Configure VRRP between R1 and R2 using the IP
addresses 10.10.10.1/24 (R1) and
10.10.10.2/24(R2) and a virtual IP address of
10.10.10.5 on their Fa1/0 interfaces.
Configure R1 with a VRRP priority of 140.
Table 2
- R1 Simple Example Configuration
1
Enter privileged EXEC mode.
R1>
enable
13-10-12 2:13 AM
Articles
Page 3 of 6
http://www.ciscopress.com/articles/printerfriendly.asp?p=2141275
1
Enter privileged EXEC mode.
R1>
enable
2
Enter global configuration
mode.
R1#
configure terminal
3
Enter interface configuration
mode.
R1(config)#
interface
fa0/0
4
Configure an IP address on
the interface.
R1(config-if)#
ip
address
172.16.1.1 255.255.255.0
5
Enter interface configuration
mode.
R1(config)#
interface
fa0/1
6
Configure an IP address on
the interface.
R1(config-if)#
ip
address
10.10.20.1 255.255.255.252
7
Enter interface configuration
mode.
R1(config)#
interface
fa1/0
8
Configure an IP address on
the interface.
R1(config-if)#
ip
address
10.10.10.1 255.255.255.0
9
Configure VRRP using a
virtual IP address of
10.10.10.5 using
group 1.
R1(config-if)#
vrrp 1 ip
10.10.10.5
10
Configure the VRRP priority to
140.
R1(config-if)#
vrrp 1
priority
140
Table 3
- R2 Simple Example Configuration
1
Enter privileged EXEC mode.
R2>
enable
2
Enter global configuration
mode.
R2#
configure terminal
3
Enter interface configuration
mode.
R2(config)#
interface
fa0/0
4
Configure an IP address on
the interface.
R2(config-if)#
ip
address
172.16.2.1 255.255.255.0
5
Enter interface configuration
mode.
R2(config)#
interface
fa0/1
6
Configure an IP address on
the interface.
R2(config-if)#
ip
address
10.10.20.2 255.255.255.252
7
Enter interface configuration
mode.
R2(config)#
interface
fa1/0
8
Configure an IP address on
the interface.
R2(config-if)#
ip
address
10.10.10.2 255.255.255.0
9
Configure VRRP using a
virtual IP address of
10.10.10.5 using
group 1.
R2(config-if)#
vrrp 1 ip
10.10.10.5
VRRP Complex Configuration Steps
As with most features, a number of different optional features may
or may not be useful
depending on the specific implementation situation. This
section reviews the additional
commands that can be configured to take
advantage of these additional features (Table 4),
13-10-12 2:13 AM
Articles
Page 4 of 6
http://www.ciscopress.com/articles/printerfriendly.asp?p=2141275
and then covers another
example using these features.
Table 4
- VRRP Complex Configuration Commands
1
Configure VRRP Authentication
router(config-if)#
vrrp
group-
number
authentication
{
plain-
text-string
|
text
plain-text-
string
|
md5
{
key-string
keystring
|
key-chain
key-
chain-name
}}

If a
key-chain
is configured with
the command above,
follow
these next few steps to create
the
key-chain
.

2
Create and enter into key chain
configuration mode.
router(config)#
key
chain
chain-name
3
Create and enter into key chain
– key configuration mode.
Note: The
key-number
can be
any number between 0-
2147483647.
router(config-keychain)#
key
key-number
4
Enter the key string that will be
used to authenticate with
neighboring devices.
router(config-keychain-
key)#
key-string
keystring



1
Configure VRRP Object
tracking.
Note: The default priority
decrement value is 10.
router(config-if)#
vrrp
group-
number
track
object-number
[
decrement
priority
]
2
Create a tracked object
Notes:
The
object-number
can
be any
number between 1 and 1000.
The
line-protocol
parameter
will track the protocol state of
the configured interface. The
ip
routing
parameter will
track the
IP routing capability of an
interface (is it configured with an
IP
address and operational?).
router(config)#
track
object-
number
interface
interface
{
line-protocol
|
ip routing
}
VRRP Complex Example
This section covers an example using both VRRP MD5 authentication
(using a basic key-
13-10-12 2:13 AM
Articles
Page 5 of 6
http://www.ciscopress.com/articles/printerfriendly.asp?p=2141275
string) and VRRP object tracking. For the object tracking
configuration, R1 will be configured
to monitor the line protocol state of its
own fa0/0 interface. If it goes down, then its VRRP
priority will be lowered by
50; R2 will be configured the same using its fa0/0 interface. The
examples in
Tables 5 and 6 build upon the simple VRRP example shown earlier in Table 4.
Table 5
- R1 Complex Example Configuration Addition
1
Enter privileged EXEC mode.
R1>
enable
2
Enter global configuration
mode.
R1#
configure terminal
3
Create a tracked object that
will monitor the line protocol
status of the fa0/0 interface
using an object number of 1.
R1(config)#
track 1
interface
fa0/0 line-protocol
4
Enter interface configuration
mode.
R1(config)#
interface
fa1/0
5
Configure VRRP to use the
tracked object to influence its
priority..
R1(config-if)#
vrrp 1
track 1
decrement 50
6
Configure the use of an MD5
keystring of
abc123
.
R1(config-if)#
vrrp 1
authentication md5 key-string
abc123
Table 6
- R2 Complex Example Configuration Addition
1
Enter privileged EXEC mode.
R2>
enable
2
Enter global configuration
mode.
R2#
configure terminal
3
Create a tracked object that
will monitor the line protocol
status of the fa0/0 interface
using an object number of 1.
R2(config)#
track 1
interface
fa0/0 line-protocol
4
Enter interface configuration
mode.
R2(config)#
interface
fa1/0
5
Configure VRRP to use the
tracked object to influence its
priority.
R2(config-if)#
vrrp 1
track 1
decrement 50
6
Configure the use of an MD5
key string of
abc123
.
R2(config-if)#
vrrp 1
authentication md5 key-string
abc123
Summary
One thing that has been rather consistent over the last 20 years is
that most LAN segments
all include a single gateway that is used by everyone on
that segment. While in past, this
may not have been that big of a deal, but in
modern networks, almost everyone is actively
using the network to do normal
tasks and often this involves access to parts of the network
that are not local
to a host’s machine. Because of this, the implementation of FHRPs has
become
more common in these types of network environments.
Knowledge of these options is an important part of the education of
any LAN administrator or
13-10-12 2:13 AM
Articles
Page 6 of 6
http://www.ciscopress.com/articles/printerfriendly.asp?p=2141275
engineer, and should be known as part of all Cisco
routing and switching certification tracks.
I hope that this article enables
you to have a better understanding of how the different
configuration commands
can be put together to obtain an expected, well thought-out solution
to this
common design issue.
© 2013 Pearson Education, Inc. Informit. All rights reserved.
800 East 96th Street Indianapolis, Indiana 46240