VRRP interface tracking configuration example

Network requirements

Host A wants to access Host B on the Internet, using 202.38.160.111/24 as its default gateway.
Switch A and Switch B belong to VRRP group 1 with the virtual IP address of 202.38.160.111/24.
If Switch A operates properly, packets sent from Host A to Host B are forwarded by Switch A. If VLAN-interface 3 through which Switch A connects to the Internet is not available, packets sent from Host A to Host B are forwarded by Switch B.
To prevent attacks to the VRRP group from illegal users by using spoofed packets, configure the authentication mode as plain text to authenticate the VRRP packets in VRRP group 1, and specify the authentication key as hello.
Figure 40: Network diagram

Configuration procedure

Configure Switch A:
# Configure VLAN 2.
```
<SwitchA> system-view
[SwitchA] vlan 2
[SwitchA-vlan2] port gigabitethernet 1/0/5
[SwitchA-vlan2] quit
[SwitchA] interface vlan-interface 2
[SwitchA-Vlan-interface2] ip address 202.38.160.1 255.255.255.0
```
# Create a VRRP group 1 and set its virtual IP address to 202.38.160.111.
```
[SwitchA-Vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111
```
# Configure the priority of Switch A in the VRRP group to 110, which is higher than that of Switch B (100), so that Switch A can become the master.
```
[SwitchA-Vlan-interface2] vrrp vrid 1 priority 110
```
# Configure the authentication mode of the VRRP group as simple and authentication key as hello.
```
[SwitchA-Vlan-interface2] vrrp vrid 1 authentication-mode simple hello
```
# Set the interval for Master to send VRRP advertisement to four seconds.
```
[SwitchA-Vlan-interface2] vrrp vrid 1 timer advertise 4
```
# Configure Switch A to operate in preemptive mode, so that it can become the master whenever it operates properly. Configure the preemption delay as five seconds to avoid frequent status switchover.
```
[SwitchA-Vlan-interface2] vrrp vrid 1 preempt-mode timer delay 5
```
# Set VLAN interface 3 on Switch A to be tracked, and configure the amount by which the priority value decreases to be more than 10 (30 in this example), so that when VLAN-interface 3 fails, the priority of Switch A in VRRP group 1 decreases to a value lower than 100 and thus Switch B can become the master.
```
[SwitchA-Vlan-interface2] vrrp vrid 1 track interface vlan-interface 3 reduced 30
```
Configure Switch B:
# Configure VLAN 2.
```
<SwitchB> system-view
[SwitchB] vlan 2
[SwitchB-vlan2] port gigabitethernet 1/0/5
[SwitchB-vlan2] quit
[SwitchB] interface vlan-interface 2
[SwitchB-Vlan-interface2] ip address 202.38.160.2 255.255.255.0
```
# Create a VRRP group 1 and set its virtual IP address to 202.38.160.111.
```
[SwitchB-Vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111
```
# Configure the authentication mode of the VRRP group as simple and authentication key as hello.
```
[SwitchB-Vlan-interface2] vrrp vrid 1 authentication-mode simple hello
```
# Set the interval for master to send VRRP advertisement to four seconds.
```
[SwitchB-Vlan-interface2] vrrp vrid 1 timer advertise 4
```
# Configure Switch B to operate in preemptive mode, so that Switch B can become the master after the priority of Switch A decreases to a value lower than 100. Configure the preemption delay as five seconds to avoid frequent status switchover.
```
[SwitchB-Vlan-interface2] vrrp vrid 1 preempt-mode timer delay 5
```

Verify the configuration:

After the configuration, Host B can be pinged successfully on Host A. To verify your configuration, use the display vrrp verbose command.

# Display the detailed information about VRRP group 1 on Switch A.

[SwitchA-Vlan-interface2] display vrrp verbose
 IPv4 Standby Information:
     Run Mode       : Standard
     Run Method     : Virtual MAC
 Total number of virtual routers : 1
   Interface Vlan-interface2
     VRID           : 1               Adver Timer  : 4
     Admin Status   : Up              State        : Master
     Config Pri     : 110             Running Pri  : 110
     Preempt Mode   : Yes             Delay Time   : 5
     Auth Type      : Simple          Key          : ******
     Virtual IP     : 202.38.160.111
     Virtual MAC    : 0000-5e00-0101
     Master IP      : 202.38.160.1
   VRRP Track Information:
     Track Interface: Vlan3          State : Up                Pri Reduced : 30

# Display the detailed information about VRRP group 1 on Switch B.

[SwitchB-Vlan-interface2] display vrrp verbose
 IPv4 Standby Information:
     Run Mode       : Standard
     Run Method     : Virtual MAC
 Total number of virtual routers : 1
   Interface Vlan-interface2
     VRID           : 1               Adver Timer  : 4
     Admin Status   : Up              State        : Backup
     Config Pri     : 100             Running Pri  : 100
     Preempt Mode   : Yes             Delay Time   : 5
     Become Master  : 2200ms left
     Auth Type      : Simple          Key          : ******
     Virtual IP     : 202.38.160.111
     Master IP      : 202.38.160.1

The output shows that in VRRP group 1 Switch A is the master, Switch B is the backup and packets sent from Host A to Host B are forwarded by Switch A.

If interface VLAN-interface 3 through which Switch A connects to the Internet is not available, you can still ping Host B successfully on Host A. To view the detailed information about the VRRP group, use the display vrrp verbose command.

# If VLAN-interface 3 on Switch A is not available, the detailed information about VRRP group 1 on Switch A is displayed.

[SwitchA-Vlan-interface2] display vrrp verbose
 IPv4 Standby Information:
     Run Mode       : Standard
     Run Method     : Virtual MAC
 Total number of virtual routers : 1
   Interface Vlan-interface2
     VRID           : 1               Adver Timer  : 4
     Admin Status   : Up              State        : Backup
     Config Pri     : 110             Running Pri  : 80
     Preempt Mode   : Yes             Delay Time   : 5
     Become Master  : 2200ms left
     Auth Type      : Simple          Key          : ******
     Virtual IP     : 202.38.160.111
     Master IP      : 202.38.160.2
   VRRP Track Information:
     Track Interface: Vlan3          State : Down              Pri Reduced : 30

# When VLAN-interface 3 on Switch A is not available, the detailed information about VRRP group 1 on Switch B is displayed.

[SwitchB-Vlan-interface2] display vrrp verbose
 IPv4 Standby Information:
     Run Mode       : Standard
     Run Method     : Virtual MAC
 Total number of virtual routers : 1
   Interface Vlan-interface2
     VRID           : 1               Adver Timer  : 4
     Admin Status   : Up              State        : Master
     Config Pri     : 100             Running Pri  : 100
     Preempt Mode   : Yes             Delay Time   : 5
     Auth Type      : Simple          Key          : ******
     Virtual IP     : 202.38.160.111
     Virtual MAC    : 0000-5e00-0101
     Master IP      : 202.38.160.2

The output shows that when VLAN-interface 3 on Switch A is not available, the priority of Switch A is reduced to 80 and it becomes the backup. Switch B becomes the master and packets sent from Host A to Host B are forwarded by Switch B.

prev	up	next
Single VRRP group configuration example	home	VRRP with multiple VLANs configuration example