active-gateway

Syntax

active-gateway {ip | ipv6} [<IP-ADDRESS>] [mac <MAC-ADDRESS>]

no active-gateway {ip | ipv6} [<IP-ADDRESS>] [mac]

Description

Configures a virtual IP and virtual MAC for an interface VLAN

The no form of this command removes the active gateway for active-active routing.

Command context

config-if-vlan

Parameters

ip

Specifies the configuration of an IPv4 address.

ipv6

Specifies the configuration of an IPv6 address.

<IP-ADDRESS>
Specifies the IPv4 or IPv6 address.
  • Syntax for IPv4: A.B.C.D

  • Syntax for IPv6: A:B::C:D

<MAC-ADDR>

Specifies the Virtual MAC address. Syntax: xx:xx:xx:xx:xx:xx

Authority

Administrators or local user group members with execution rights for this command.

Usage

Before configuring active gateway, confirm that an IP address is on the SVI that is in the same subnet as the active gateway IP you are trying to configure. If an active gateway IP does not have an SVI IP with the same subnet, the CLI allows the configuration, but the active gateway IP will not be programmed in the kernel, resulting the active gateway to be unreachable.

Active forwarding cannot be configured when ICMP redirect is enabled. Enter the no ip icmp redirect command for disabling ICMP redirect.

It is highly recommended that you use an IPv6 link-local address as a gateway (VIP) on the active gateway IPv6 configuration.

If VRRP or active forwarding is configured on an SVI, active gateway cannot be configured. Active gateway with overlapping networks is not allowed. Maximum of 16 unique virtual MACs are supported in a system.

The maximum number of supported active gateways per switch is 4,000. Since a maximum of 31 secondary IPv4 addresses can be configured on an SVI, 32 IPv4 active gateways (along with the primary IPv4 address) can be configured per SVI with IP multinetting support. This support is also the same for IPv6 addresses.

NOTE:

Do not use peer system MAC address as an active-gateway VMAC. If same MAC address is used, the VSX synchronization will try to sync the configuration on secondary switch and cause traffic disruptions.

Examples

Configuring active-gateway when the IP address is different from the SVI IP address on both VSX peers (valid for IPv6 and IPv4):

Switch 1:
switch1(config-if-vlan)# ip address 192.168.1.250/24
switch1(config-if-vlan)# active-gateway ip 192.168.1.253 mac 00:00:00:00:00:01
switch1(config-if-vlan)# active-gateway ipv6 fe80::01 mac 00:00:00:01:00:01
Switch 2:
switch2(config-if-vlan)# ip address 192.168.1.251/24
switch2(config-if-vlan)# active-gateway ip 192.168.1.253 mac 00:00:00:00:00:01
switch2(config-if-vlan)# active-gateway ipv6 fe80::01 mac 00:00:00:01:00:01

Configuring active-gateway when the IP address is the same as the SVI IP address on both VSX peers (valid for IPv4 only):

Switch 1:
switch1(config-if-vlan)# ip address 192.168.1.250/24
switch(config-if-vlan)# active-gateway ip 192.168.1.250 mac 00:00:00:00:00:01
Switch 2:
switch2(config-if-vlan)# ip address 192.168.1.250/24
switch2(config-if-vlan)# active-gateway ip 192.168.1.250 mac 00:00:00:00:00:01

Configuring only the active gateway address:

switch(config-if-vlan)# ip address 192.168.1.250/24
switch(config-if-vlan)# active-gateway ip 192.168.1.250

Configuring only the active gateway IP MAC address:

switch2(config-if-vlan)# ip address 192.168.1.250/24
switch2(config-if-vlan)# active-gateway ip mac 00:00:00:01:00:01

Removing the active gateway for active-active routing (IPv6 and IPv4):

switch(config-if-vlan)# no active-gateway ip
switch(config-if-vlan)# no active-gateway ipv6
Removing the active gateway for active-active routing for an IP address:
switch(config-if-vlan)# no active-gateway ip 192.168.1.250
Removing the active gateway for active-active routing for virtual MAC addresses:
switch(config-if-vlan)# no active-gateway ip mac