active-gateway
Syntax
active-gateway {ip | ipv6} [<IP-ADDRESS>] [mac <MAC-ADDRESS>]
no active-gateway {ip | ipv6} [<IP-ADDRESS>] [mac]
Description
Configures a virtual IP and virtual MAC for an interface VLAN
The
no
form of this command removes the active gateway for active-active routing.
Command context
config-if-vlan
Parameters
ip
Specifies the configuration of an IPv4 address.
ipv6
Specifies the configuration of an IPv6 address.
<IP-ADDRESS>
- Specifies the IPv4 or IPv6 address.
Syntax for IPv4:
A.B.C.D
Syntax for IPv6:
A:B::C:D
<MAC-ADDR>
Specifies the Virtual MAC address. Syntax:
xx:xx:xx:xx:xx:xx
Authority
Administrators or local user group members with execution rights for this command.
Usage
Before configuring active gateway, confirm that an IP address is on the SVI that is in the same subnet as the active gateway IP you are trying to configure. If an active gateway IP does not have an SVI IP with the same subnet, the CLI allows the configuration, but the active gateway IP will not be programmed in the kernel, resulting the active gateway to be unreachable.
Active forwarding cannot be configured when ICMP redirect is enabled. Enter the
no ip icmp redirect
command for disabling ICMP redirect.
It is highly recommended that you use an IPv6 link-local address as a gateway (VIP) on the active gateway IPv6 configuration.
If VRRP or active forwarding is configured on an SVI, active gateway cannot be configured. Active gateway with overlapping networks is not allowed. Maximum of 16 unique virtual MACs are supported in a system.
The maximum number of supported active gateways per switch is 4,000. Since a maximum of 31 secondary IPv4 addresses can be configured on an SVI, 32 IPv4 active gateways (along with the primary IPv4 address) can be configured per SVI with IP multinetting support. This support is also the same for IPv6 addresses.
Do not use peer system MAC address as an active-gateway VMAC. If same MAC address is used, the VSX synchronization will try to sync the configuration on secondary switch and cause traffic disruptions.
Examples
Configuring active-gateway when the IP address is different from the SVI IP address on both VSX peers (valid for IPv6 and IPv4):
switch1(config-if-vlan)# ip address 192.168.1.250/24 switch1(config-if-vlan)# active-gateway ip 192.168.1.253 mac 00:00:00:00:00:01 switch1(config-if-vlan)# active-gateway ipv6 fe80::01 mac 00:00:00:01:00:01
switch2(config-if-vlan)# ip address 192.168.1.251/24 switch2(config-if-vlan)# active-gateway ip 192.168.1.253 mac 00:00:00:00:00:01 switch2(config-if-vlan)# active-gateway ipv6 fe80::01 mac 00:00:00:01:00:01
Configuring active-gateway when the IP address is the same as the SVI IP address on both VSX peers (valid for IPv4 only):
switch1(config-if-vlan)# ip address 192.168.1.250/24 switch(config-if-vlan)# active-gateway ip 192.168.1.250 mac 00:00:00:00:00:01
switch2(config-if-vlan)# ip address 192.168.1.250/24 switch2(config-if-vlan)# active-gateway ip 192.168.1.250 mac 00:00:00:00:00:01
Configuring only the active gateway address:
switch(config-if-vlan)# ip address 192.168.1.250/24 switch(config-if-vlan)# active-gateway ip 192.168.1.250
Configuring only the active gateway IP MAC address:
switch2(config-if-vlan)# ip address 192.168.1.250/24 switch2(config-if-vlan)# active-gateway ip mac 00:00:00:01:00:01
Removing the active gateway for active-active routing (IPv6 and IPv4):
switch(config-if-vlan)# no active-gateway ip switch(config-if-vlan)# no active-gateway ipv6
switch(config-if-vlan)# no active-gateway ip 192.168.1.250
switch(config-if-vlan)# no active-gateway ip mac