Chapter 1 VRRP
Configuration Commands
The S3600-EI series
switches support the VRRP feature, but not the S3600-SI series.
Syntax
display vrrp [ interface Vlan-interface
vlan-id | statistics [ Vlan-interface vlan-id ] ]
[ virtual-router-id ]
View
Any view
Parameter
interface:
Displays VRRP information about the specified VLAN interface.
vlan-id:
VLAN interface ID.
statistics:
Displays VRRP statistics.
virtual-router-id: VRRP backup group ID, ranging from 1 to 255.
Description
Use the display vrrp command to
display the information about the VRRP state or VRRP statistics.
When VRRP status information is displayed:
l
If the interface index and backup group ID are
not specified, the state information about all the backup groups on the switch
is displayed.
l
If only the interface index is specified, the
state information about all the backup groups on the interface is displayed.
l
If both the interface index and backup group ID
are specified, the state information about the specified backup group on the
interface is displayed.
When VRRP statistics information is
displayed:
l
If the interface index and backup group ID are
not specified, the statistics about all the backup groups on the switch is
displayed.
l
If only the interface index is specified, the
statistics about all the backup groups on the interface is displayed.
l
If both the interface index and backup group ID are
specified, the statistics about the specified backup group on the interface is
displayed.
Example
# Display the statistics about all the backup groups on the switch.
<H3C> display vrrp statistics
Interface :
Vlan-interface10
VRID : 1
CheckSum Errors : 0
Version Errors : 0
VRID Errors : 0
Advertisement Interval Errors : 0
IP TTL Errors : 0
Auth Failures : 0
Invalid Auth Type : 0 Auth
Type Mismatch : 0
Packet Length Errors : 0
Address List Errors : 0
Become Master : 2
Priority Zero Pkts Rcvd : 0
Advertise Rcvd : 0
Priority Zero Pkts Sent : 1
Invalid Type Pkts Rcvd: 0
Table 1-1 Description
on the fields of the display vrrp statistics command
|
Field
|
Description
|
|
Interface
|
Interface in which the backup group
resides
|
|
VRID
|
Backup group ID
|
|
CheckSum Errors
|
Number of checksum errors
|
|
Version Errors
|
Number of version errors
|
|
VRID Errors
|
Number of backup group ID errors
|
|
Advertisement Interval Errors
|
Number of advertisement time interval
errors
|
|
IP TTL Errors
|
Number of TTL errors
|
|
Auth Failures
|
Number of authentication errors
|
|
Invalid Auth Type
|
Number of invalid authentication types
|
|
Auth Type Mismatch
|
Number of mismatched authentication types
|
|
Packet Length Errors
|
Number of VRRP packet length errors
|
|
Address List Errors
|
Number of the virtual IP address list
errors
|
|
Become Master
|
Number of the occasions where the switch
operates as the master
|
|
Priority Zero Pkts Rcvd
|
Number of the received advertisement
packets with the priority of 0
|
|
Advertise Rcvd
|
Number of the received advertisement
packets
|
|
Priority Zero Pkts Sent
|
Number of the sent advertisement packets
with the priority of 0
|
|
Invalid Type Pkts Rcvd
|
Number of packet type errors
|
Syntax
reset vrrp statistics [ vlan-interface vlan-id ] [ virtual-router-id
]
View
User view
Parameter
vlan-id:
VLAN interface ID.
virtual-router-id: VRRP virtual router ID, ranging from 1 to 255.
Description
Use the reset vrrp command to
clear the statistics information about VRRP.
When you execute this command,
l
If the interface index and backup group ID are
not specified, the statistics information about all the backup groups on the
switch is cleared.
l
If only the interface index is specified, the
statistics information about all the backup groups on the interface is cleared.
l
If both the interface index and backup group ID
are specified, the statistics information about the specified backup group on
the interface is cleared.
Example
# Clear the VRRP statistics on the switch.
<H3C> reset vrrp statistics
Syntax
vrrp authentication-mode authentication-type authentication-key
undo vrrp authentication-mode
View
VLAN interface view
Parameter
authentication-type: Authentication type, which can be:
l
simple: Indicates
to perform simple character authentication.
l
md5: Indicates to
perform the authentication with MD5 algorithm.
authentication-key: Authentication key. When you specify authentication-type to
be simple, the authentication key can contain up to eight characters.
When you specify authentication-type to be md5, the
authentication key can be a string comprising up to eight characters in plain
text or a 24-character encrypted string.
Description
Use the vrrp authentication-mode
command to specify the authentication type and the authentication key for a
VRRP backup group.
Use the undo vrrp authentication-mode
command to clear the configured authentication type and authentication key.
If the simple or md5
authentication is configured, the authentication key is required.
This command sets the authentication type
and authentication key for all the VRRP backup groups on an interface. As
defined in the protocol, all the backup groups on an interface share the same
authentication type and authentication key. And all the members joining the
same backup group also share the same authentication type and authentication
key.
Note that the authentication key is case-sensitive.
Example
# Specify the authentication type as simple,
and authentication key as aabbcc.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] interface Vlan-interface 2
[H3C-Vlan-interface2] vrrp
authentication-mode simple aabbcc
Syntax
vrrp method {
real-mac | virtual-mac }
undo vrrp method
View
System view
Parameter
real-mac:
Maps the real MAC address of a Layer 3 switch routing interface to virtual
router IP addresses.
virtual-mac:
Maps the virtual MAC address of a Layer 3 switch routing interface to virtual
router IP addresses.
Description
Use the vrrp method command to map
the MAC address of a backup group to the virtual router IP addresses. You can
map the actual or virtual MAC address of a Layer 3 switch routing interface to
virtual router IP addresses.
Use the undo vrrp method command to
restore the default map settings.
By default, the virtual MAC address of a
backup group is mapped to the IP address of the virtual router.
Note that as the mapping relationship
between the MAC addresses of a backup group and a virtual router IP address
cannot be configured after the backup group is created, configure the mapping relationship
before you create a backup group.
Example
# Map the real MAC address of a routing
interface to a virtual router IP address.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] vrrp method real-mac
Syntax
vrrp ping-enable
undo vrrp ping-enable
View
System view
Parameter
None
Description
Use the vrrp ping-enable command to
enable a backup group to respond to ping operations destined for its virtual
router IP address.
Use the undo vrrp ping-enable
command to restore the default situation.
By default, a backup group does not respond
to ping operations destined for its virtual router IP address.
As these two commands are invalid to
switches in backup groups, use them before you create a backup group.
Example
# Enable a backup group to respond to ping
operations destined for its virtual router IP address.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] vrrp ping-enable
Syntax
vrrp vlan-interface vlan-id vrid virtual-router-id
track [ reduced value-reduced ]
undo vrrp vlan-interface vlan-id vrid virtual-router-id
track
View
Ethernet port view
Parameter
virtual-router-id: VRRP backup group ID, ranging from 1 to 255.
vlan-id:
VLAN ID.
value-reduced: Value by which the priority of a switch is to decrease. This
argument ranges from 1 to 255.
Description
Use the vrrp vlan-Interface vrid track
command to enable the port tracking function on the physical ports of a backup
group.
Use the undo vrrp vlan-Interface vrid
track command to disable the port tracking function.
By default, the value by which the priority
of an Ethernet port decreases is 10.
The VRRP backup group port tracking
function can track a specified port and decrease the priority of the switch
when the port fails.
Using this function, you can enable the
priority of a master switch to decrease by the specified value when the uplink
port of the master switch fails. This in turn triggers the new master to be
determined in the backup group.
l
The port to be tracked can be in the VLAN which
the backup group VLAN interface belongs to.
l
Up to eight ports can be tracked simultaneously.
Example
# Configure that the priority of the switch
decreases by 50 if its Ethernet1/0/1 port fails.
<H3C> system-view
[H3C] vlan 2
[H3C-vlan2] port Ethernet1/0/1
[H3C-vlan2] quit
[H3C] interface Ethernet 1/0/1
[H3C-Ethernet1/0/1] vrrp vlan-interface
2 vrid 1 track reduced 50
Syntax
vrrp vrid virtual-router-id preempt-mode [ timer delay delay-value ]
undo vrrp vrid virtual-router-id preempt-mode
View
VLAN interface view
Parameter
virtual-router-id: VRRP backup group ID, ranging from 1 to 255.
delay-value:
Delay period (in seconds), ranging from 0 to 255.
Description
Use the vrrp vrid preempt-mode
command to configure a switch to operate in the preemptive mode and set the
delay period.
Use the undo vrrp vrid preempt-mode
command to cancel the configuration.
By default, switches in a backup group
operate in the preemptive mode, with the delay period set to 0 seconds.
If you want a switch with high priority to
preempt the master switch, configure the switch to operate in the preemptive
mode. You can also set the delay period for preemption as needed.
As long as a switch in the backup group
becomes the master switch, other switches, even if they are configured with a
higher priority later, do not preempt the master switch unless they operate in
preemptive mode. The switch operating in preemptive mode will become the master
switch when it finds its priority is higher than that of the current master
switch, and the former master switch becomes a backup switch accordingly.
You can configure an S3600 Ethernet switch
to operate in preemptive mode. You can also set the delay period. A backup
switch waits for a period of time (the delay period) before becoming a master
switch. Setting a delay period aims at:
In an unstable network, backup switches in
a backup group possibly cannot receive packets from the master in time due to
network congestions even if the master operates properly. This causes the
master of the backup group being determined frequently. With the configuration
of delay period, the backup switch will wait for a while if it does not receive
packets from the master switch in time. A new master is determined only after
the backup switches do not receive packets from the master switch after the
specified delay time.
You can use the undo
vrrp vrid preempt-mode command to set a switch in a backup group to operate
in non-preemptive mode.
Example
# Configure the switch to operate in the
preemptive mode.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] interface Vlan-interface 2
[H3C-Vlan-interface2] vrrp vrid 1 preempt-mode
# Set the delay period.
[H3C-Vlan-interface2] vrrp vrid 1
preempt-mode timer delay 5
# Configure the switch to operate in
non-preemptive mode.
[H3C-Vlan-interface2] undo vrrp vrid 1
preempt-mode
Syntax
vrrp vrid virtual-router-id priority priority
undo vrrp vrid virtual-router-id priority
View
VLAN interface view
Parameter
virtual-router-id: VRRP backup group ID, ranging from 1 to 255.
priority: Switch
priority to be set. This argument ranges from 1 to 254.
Description
Use the vrrp vrid priority command
to set the priority of a switch in a backup group.
Use the undo vrrp vrid priority
command to restore the default priority.
By default, the priority of a switch in a
backup group is 100.
Switch priority determines the possibility
for the switch to become a master switch. A switch with higher priority is more
likely to become a master switch. Note that the priority of 0 is reserved for
special use, and the priority of 255 is for IP address owners. That is, the
priority of a switch that owns a virtual router IP address is fixed to 255 and
cannot be modified.
Example
# Set the priority to 120 on
VLAN-interface2 for the switch in the backup group.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] interface Vlan-interface 2
[H3C-Vlan-interface2] vrrp vrid 1
priority 120
Syntax
vrrp vrid virtual-router-id timer advertise adver-interval
undo vrrp vrid virtual-router-id timer advertise
View
VLAN interface view
Parameter
virtual-router-id: VRRP backup group ID, ranging from 1 to 255.
adver-interval: Interval (in seconds) at which the master switch of a backup group
sends VRRP packets, in seconds. This argument ranges from 1 to 255.
Description
Use the vrrp vrid timer advertise
command to set the interval for the master switch of a backup group to send
VRRP packets.
Use the undo vrrp vrid timer advertise
command to revert to the default interval.
Note that configuration error occurs if
switches of the same backup group are configured with different adver-interval
values.
By default, the interval for the master
switch in a backup group to send VRRP packets is 1 second.
Example
# Set the interval for the master switch to
send VRRP packets to 15 seconds.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] interface Vlan-interface 2
[H3C-Vlan-interface2] vrrp vrid 1 timer
advertise 15
Syntax
vrrp vrid virtual-router-id track vlan-interface
vlan-id [ reduced value-reduced ]
undo vrrp vrid virtual-router-id track vlan-interface vlan-id [ reduced value-reduced ]
View
VLAN interface view
Parameter
virtual-router-id: VRRP backup group ID, ranging form 1 to 255.
vlan-id: A
VLAN interface ID to be tracked.
value-reduced: Value by which the priority decreases. This argument ranges from 1
to 255.
Description
Use the vrrp vrid track command to
set a VLAN interface to be tracked.
Use the undo vrrp vrid track
command to disable a VLAN interface from being tracked.
By default, the value by which the priority
of the VLAN interface decreases is 10.
The VLAN interface tracking function
extends the use of the backup function. With this function enabled, the backup
function is applicable to the VLAN interface that belongs to a backup group and
those that do not belong to a backup group. You can utilize the VLAN interface
tracking function by specifying monitored VLAN interfaces.
With the VLAN interface tracking function
enabled, the priority of a master switch decreases by the value set by the value-reduced
argument when a tracked VLAN interface on the switch goes down. And other
switches in the backup group, whose priorities are higher than the decreased
priority of the master switch, may become the master switch.
l
The VLAN interface tracking function is not
applicable to switches operating as IP address owners.
l
A backup group can track up to eight VLAN
interfaces simultaneously.
Example
# Configure VLAN-interface2 to track VLAN-interface1
and configure the priority of the master switch of backup group 1 (on VLAN-interface2)
to decrease by 50 when VLAN-interface1 goes down.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] interface Vlan-interface 2
[H3C-Vlan-interface2] vrrp vrid 1 track
vlan-interface 1 reduced 50
Syntax
vrrp vrid virtual-router-id track detect-group group-number [ reduced
value-reduced ]
undo vrrp
vrid virtual-router-id track detect-group group-number
View
VLAN interface view
Parameter
virtual-router-id: Virtual router ID, ranging from 1 to 255.
group-number:
Detecting group number, ranging from 1 to 25.
value-reduced: Value by which the priority decreases. This
argument ranges from 1 to 255 and defaults to 10.
Description
Use the vrrp vrid track detect-group
command to enable the auto detect function when employing VRRP.
Use the undo vrrp vrid track detect-group
command to disable the auto detect function when employing VRRP.
You can control the priority of the VRRP
backup group according to the auto detect result to enable automatic switch
between the master switch and the backup switch.
l
Decrease the priority of a backup group when the
result of the detecting group is unreachable.
l
Restore the priority of a backup group when the
result of the detecting group is reachable.
l
A detecting group can be used to detect up to
eight Layer 3 interfaces.
l
Currently, auto detect in VRRP is only supported
in S3600-EI series switches.
Example
# Create detecting group 10 and specify to
detect the IP address of 202.12.1.55.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] detect-group 10
[H3C-detect-group-10] detect-list 1
ip address 202.12.1.55
# Specify to decrease the priority of
backup group 1 by 20 when the result of the detecting group is unreachable.
[H3C] interface vlan-interface 2
[H3C- Vlan-interface2] vrrp vrid 1
track detect-group 10 reduced 20
Syntax
vrrp vrid virtual-router-id
virtual-ip virtual-address
undo vrrp vrid virtual-router-id virtual-ip virtual-address
View
VLAN interface view
Parameter
virtual-router-id: VRRP backup group ID, ranging from 1 to 255.
virtual-address: Virtual router IP address to be configured.
Description
Use the vrrp vrid virtual-ip command
to add a virtual router IP address to an existing backup group.
Use the undo vrrp vrid virtual-ip
command to remove a virtual router IP address from an existing backup group.
The vrrp vrid virtual-ip command can
also be used to create a backup group. You can add up to 16 virtual router IP
addresses to a backup group. The undo vrrp vrid virtual-ip command can
also be used to remove an existing backup group or an IP address in the
existing group. A backup group is removed if all the virtual router IP
addresses configured for it are removed.
Example
# Create a backup group.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] interface Vlan-interface 2
[H3C-Vlan-interface2] vrrp vrid 1
virtual-ip 10.10.10.10
# Add a virtual router IP address to an
existing backup group.
[H3C-Vlan-interface2] vrrp vrid 1
virtual-ip 10.10.10.11
# Remove a virtual router IP address from a
backup group.
[H3C-Vlan-interface2] undo vrrp vrid
1 virtual-ip 10.10.10.10
# Remove a backup group.
[H3C-Vlan-interface2] undo vrrp vrid
1
