infoDispersion - Sean Wilkins
Navigation
  • Home
  • Network Simulators
    • Academic Editions
    • Professional Editions
  • Videos
  • Articles
  • Books
  • Testimonials
  • Contact
  • Search the site...

Cisco Virtual Router Redundancy Protocol (VRRP) Configuration

Posted on September 25, 2013 by Sean Wilkins in Articles, CCIE, CCNA, CCNP, Routing and Switching, Uncategorized
en English
af Afrikaanssq Shqipam አማርኛar العربيةhy Հայերենaz Azərbaycan dilieu Euskarabe Беларуская моваbn বাংলাbs Bosanskibg Българскиca Catalàceb Cebuanony Chichewazh-CN 简体中文zh-TW 繁體中文co Corsuhr Hrvatskics Čeština‎da Dansknl Nederlandsen Englisheo Esperantoet Eestitl Filipinofi Suomifr Françaisfy Fryskgl Galegoka ქართულიde Deutschel Greekgu ગુજરાતીht Kreyol ayisyenha Harshen Hausahaw Ōlelo Hawaiʻiiw עִבְרִיתhi हिन्दीhmn Hmonghu Magyaris Íslenskaig Igboid Bahasa Indonesiaga Gaeligeit Italianoja 日本語jw Basa Jawakn ಕನ್ನಡkk Қазақ тіліkm ភាសាខ្មែរko 한국어ku كوردی‎ky Кыргызчаlo ພາສາລາວla Latinlv Latviešu valodalt Lietuvių kalbalb Lëtzebuergeschmk Македонски јазикmg Malagasyms Bahasa Melayuml മലയാളംmt Maltesemi Te Reo Māorimr मराठीmn Монголmy ဗမာစာne नेपालीno Norsk bokmålps پښتوfa فارسیpl Polskipt Portuguêspa ਪੰਜਾਬੀro Românăru Русскийsm Samoangd Gàidhligsr Српски језикst Sesothosn Shonasd سنڌيsi සිංහලsk Slovenčinasl Slovenščinaso Afsoomaalies Españolsu Basa Sundasw Kiswahilisv Svenskatg Тоҷикӣta தமிழ்te తెలుగుth ไทยtr Türkçeuk Українськаur اردوuz O‘zbekchavi Tiếng Việtcy Cymraegxh isiXhosayi יידישyo Yorùbázu Zulu

The configuration of a basic Virtual Router Redundancy Protocol (VRRP) implementation is not all that complex, and resembles a lot the configuration of Cisco’s Hot Standby Router Protocol (HSRP) if the reader is more familiar with that protocol. This section first covers the configuration process steps and commands that are used to perform a basic VRRP configuration. An example is then given on how these steps can be used to configure VRRP in a sample networking topology.

VRRP Simple Configuration Steps

Only a few commands are required to get VRRP up and working. Table 1 features these commands and a few other common commands that are used to modify the default behavior of VRRP.

Table 1 – VRRP Configuration Commands

1Enter privileged EXEC mode.router>enable
2Enter global configuration mode.router#configure terminal
3Enter interface configuration mode.router(config)#interface interface
4Configure an IP address on the interface.router(config-if)#ip address address netmask
5Configure a VRRP virtual IP address.Note: This address must be in the same subnet as the interface IP address (primary or secondary).router(config-if)#vrrp group-number ip ip-address
6Configure the VRRP priority (optional).Note:  The valid values for the priority are from 1 through 254.router(config-if)#vrrp group-number priority priority
7Configure VRRP preemption (optional).Note: VRRP preemption is enabled by default.router(config-if)#vrrp group-number preempt

 

VRRP Simple Example

Because often it is easier to see the complete application of a subject, this section goes over the configuration of VRRP between two devices in a sample network. Figure 1 displays the topology that will be used; Table 2 and 3 will then display the commands required on both R1 and R2.

Cisco Virtual Router Redundancy Protocol (VRRP) Configuration Figure 1

Figure 1 VRRP example topology

The configuration will perform the following:

  • Configure the IP addresses 10.10.20.1/30 (R1) and 10.10.20.2/30(R2) on their Fa0/1 interfaces.
  • Configure the IP addresses 172.16.1.1/24 (R1) and 172.16.2.1 (R2) on their Fa0/0 interfaces.
  • Configure VRRP between R1 and R2 using the IP addresses 10.10.10.1/24 (R1) and 10.10.10.2/24(R2) and a virtual IP address of 10.10.10.5 on their Fa1/0 interfaces.
  • Configure R1 with a VRRP priority of 140.

Table 2 – R1 Simple Example Configuration

1Enter privileged EXEC mode.R1>enable
2Enter global configuration mode.R1#configure terminal
3Enter interface configuration mode.R1(config)#interface fa0/0
4Configure an IP address on the interface.R1(config-if)#ip address 172.16.1.1 255.255.255.0
5Enter interface configuration mode.R1(config)#interface fa0/1
6Configure an IP address on the interface.R1(config-if)#ip address 10.10.20.1 255.255.255.252
7Enter interface configuration mode.R1(config)#interface fa1/0
8Configure an IP address on the interface.R1(config-if)#ip address 10.10.10.1 255.255.255.0
9Configure VRRP using a virtual IP address of 10.10.10.5 using group 1.R1(config-if)#vrrp 1 ip 10.10.10.5
10Configure the VRRP priority to 140.R1(config-if)#vrrp 1 priority 140

Table 3 – R2 Simple Example Configuration

1Enter privileged EXEC mode.R2>enable
2Enter global configuration mode.R2#configure terminal
3Enter interface configuration mode.R2(config)#interface fa0/0
4Configure an IP address on the interface.R2(config-if)#ip address 172.16.2.1 255.255.255.0
5Enter interface configuration mode.R2(config)#interface fa0/1
6Configure an IP address on the interface.R2(config-if)#ip address 10.10.20.2 255.255.255.252
7Enter interface configuration mode.R2(config)#interface fa1/0
8Configure an IP address on the interface.R2(config-if)#ip address 10.10.10.2 255.255.255.0
9Configure VRRP using a virtual IP address of 10.10.10.5 using group 1.R2(config-if)#vrrp 1 ip 10.10.10.5

 

VRRP Complex Configuration Steps

As with most features, a number of different optional features may or may not be useful depending on the specific implementation situation. This section reviews the additional commands that can be configured to take advantage of these additional features (Table 4), and then covers another example using these features.

Table 4 – VRRP Complex Configuration Commands

1Configure VRRP Authenticationrouter(config-if)#vrrp group-number authentication {plain-text-string | text plain-text-string | md5 {key-string keystring | key-chain key-chain-name}}
If a key-chain is configured with the command above, follow these next few steps to create the key-chain. 
2Create and enter into key chain configuration mode.router(config)#key chain chain-name
3Create and enter into key chain – key configuration mode.Note: The key-numbercan be any number between 0-2147483647.router(config-keychain)#key key-number
4Enter the key string that will be used to authenticate with neighboring devices.router(config-keychain-key)#key-string keystring
 
1Configure VRRP Object tracking.Note: The default priority decrement value is 10.router(config-if)#vrrp group-number track object-number [decrement priority]
2Create a tracked objectNotes:The object-numbercan be any number between 1 and 1000.The line-protocolparameter will track the protocol state of the configured interface. The ip routingparameter will track the IP routing capability of an interface (is it configured with an IP address and operational?).router(config)#track object-number interface interface {line-protocol | ip routing}

 

VRRP Complex Example

This section covers an example using both VRRP MD5 authentication (using a basic key-string) and VRRP object tracking. For the object tracking configuration, R1 will be configured to monitor the line protocol state of its own fa0/0 interface. If it goes down, then its VRRP priority will be lowered by 50; R2 will be configured the same using its fa0/0 interface. The examples in Tables 5 and 6 build upon the simple VRRP example shown earlier in Table 4.

Table 5 – R1 Complex Example Configuration Addition

1Enter privileged EXEC mode.R1>enable
2Enter global configuration mode.R1#configure terminal
3Create a tracked object that will monitor the line protocol status of the fa0/0 interface using an object number of 1.R1(config)#track 1 interface fa0/0 line-protocol
4Enter interface configuration mode.R1(config)#interface fa1/0
5Configure VRRP to use the tracked object to influence its priority..R1(config-if)#vrrp 1 track 1 decrement 50
6Configure the use of an MD5 keystring of abc123.R1(config-if)#vrrp 1 authentication md5 key-string abc123

Table 6 – R2 Complex Example Configuration Addition

1Enter privileged EXEC mode.R2>enable
2Enter global configuration mode.R2#configure terminal
3Create a tracked object that will monitor the line protocol status of the fa0/0 interface using an object number of 1.R2(config)#track 1 interface fa0/0 line-protocol
4Enter interface configuration mode.R2(config)#interface fa1/0
5Configure VRRP to use the tracked object to influence its priority.R2(config-if)#vrrp 1 track 1 decrement 50
6Configure the use of an MD5 key string of abc123.R2(config-if)#vrrp 1 authentication md5 key-string abc123

 

Summary

One thing that has been rather consistent over the last 20 years is that most LAN segments all include a single gateway that is used by everyone on that segment. While in past, this may not have been that big of a deal, but in modern networks, almost everyone is actively using the network to do normal tasks and often this involves access to parts of the network that are not local to a host’s machine. Because of this, the implementation of FHRPs has become more common in these types of network environments.

Knowledge of these options is an important part of the education of any LAN administrator or engineer, and should be known as part of all Cisco routing and switching certification tracks. I hope that this article enables you to have a better understanding of how the different configuration commands can be put together to obtain an expected, well thought-out solution to this common design issue.

You may also like:

  • Introduction to the Cisco Gateway Load Balance Protocol (GLBP)
  • Cisco Gateway Load Balance Protocol (GLBP) Configuration
  • Introduction to the Cisco Virtual Router Redundancy Protocol (VRRP)
InformIT (Pearson Education)
Pearson Education (myPEARSONstore)
Ad

Sean Wilkins

Sean Wilkins (@Sean_R_Wilkins) is an accomplished networking consultant and writer for infoDispersion (www.infodispersion.com) who has been in the IT field for over 20 years, working with several large enterprises. Sean holds certifications with Cisco (CCNP/CCDP), Microsoft (MCSE) and CompTIA (A+ and Network+). His educational accomplishments include: a Master’s of Science in Information Technology with a focus in Network Architecture and Design, a Master’s of Science in Organizational Management, a Master’s Certificate in Network Security, a Bachelors of Science in Computer Networking, and an Associates of Applied Science in Computer Information Systems. Sean spends most of his time writing articles and books for various clients including Cisco Press, Pearson, Tom’s IT Pro and PluralSight; as well as being an active video training author for PluralSight.

Sean maintains various online social media accounts including Facebook (https://www.facebook.com/infoDispersion), Twitter (@Sean_R_Wilkins) and Linkedin (http://www.linkedin.com/in/swilkins/en) and maintains a web site for centrally organizing his content across multiple clients (http://www.idisperse.info)

(c) 2023 infoDispersion - Sean Wilkins

  • Home
  • Network Simulators
  • Videos
  • Articles
  • Books
  • Testimonials
  • Contact
x
Top