Chapter 1
VRRP Configuration Commands
1.1 VRRP Configuration Commands
Syntax
display vrrp
[ verbose ] [ interface vlan-interface vlan-id [ vrid virtual-router-id
] ]
View
Any view
Parameters
verbose: Displays
detailed state information of VRRP.
vlan-interface vlan-id: Displays VRRP state information
of the specified VLAN interface. vlan-id is the VLAN interface ID.
vrid virtual-router-id: Displays state information of the specified VRRP group. virtual-router-id
is the VRRP group ID, in the range 1 to 255.
Description
Use the display vrrp command to
display the brief VRRP state information. For details, refer to Table 1-1.
Use display vrrp verbose command to
display the detailed VRRP state information. refer to Table 1-2 for
details.
l
If you do not specify a VLAN interface or a VRRP
group, the command will display the state information of all VRRP groups on the
switch.
l
If you specify a VLAN interface only, the
command will display the state information of all VRRP groups on the specified
VLAN interface.
l
If you specify both a VLAN interface and a VRRP
group, the command will display the state information of the specified VRRP
group on the specified VLAN interface.
Examples
# Display the VRRP state information about all the VRRP groups on the switch.
<Sysname> display vrrp
Run Method : VIRTUAL-MAC
Virtual Ip Ping : Disable
The total number of the virtual
routers: 1
Interface VRID State
Run Adver. Auth Virtual
Pri Time Type IP
--------------------------------------------------------------------------
Vlan2 2 Initialize
100 1 NONE 173.160.0.1
Table
1-1 Description on the fields of the display
vrrp command
|
Field
|
Description
|
|
Run Method
|
Current VRRP running method, including
REAL-MAC and VIRTUAL-MAC
|
|
Virtual IP ping
|
Whether you can ping the virtual IP
address of the VRRP group
|
|
Interface
|
Interface where the VRRP group resides
|
|
VRID
|
ID of the virtual router
|
|
State
|
Status of the current switch in the VRRP
group, including Master, Backup and Initialize
|
|
Run Pri
|
Running priority
|
|
Adver. Timer
|
Interval for sending VRRP advertisements
|
|
Auth Type
|
Authentication type, including NONE,
SIMPLE, and MD5
|
|
Virtual IP
|
Virtual IP address of the VRRP group
|
# Display detailed information about all
VRRP groups on the switch.
<Sysname> display vrrp verbose
Run Method : VIRTUAL-MAC
Virtual Ip Ping : Disable
Interface : Vlan-interface1
VRID :
1 Adver. Timer : 1
Admin Status :
UP State : Master
Config Pri :
100 Run Pri : 100
Preempt Mode :
YES Delay Time : 0
Auth Type : NONE
Virtual IP : 192.168.0.133
Virtual
MAC : 0000-5e00-0101
Master IP : 192.168.0.68
Table 1-2 Description
on the fields of the display vrrp verbose
command
|
Field
|
Description
|
|
Run Method
|
Current VRRP running method, including
REAL-MAC and VIRTUAL-MAC
|
|
Virtual Ip Ping
|
Whether you can ping the virtual IP
address of the VRRP group
|
|
Interface
|
Interface where the VRRP group resides
|
|
VRID
|
VRRP group ID
|
|
Adver. Timer
|
Interval for sending VRRP advertisements
|
|
Admin Status
|
Administrative state: UP or DOWN
|
|
State
|
Status of the current switch in the VRRP
group, including Master, Backup and Initialize
|
|
Config Pri
|
Configured priority
|
|
Run Pri
|
Running priority
|
|
Preempt Mode
|
Preemptive mode
|
|
Delay Time
|
Preemption delay
|
|
Auth Type
|
Authentication type, including NONE,
SIMPLE, and MD5
|
|
Virtual IP
|
Virtual IP address of the VRRP group
|
|
Virtual MAC
|
Virtual MAC address corresponding to the
virtual IP address of the VRRP group. It is displayed only when the switch is
in the state of master.
|
|
Master IP
|
Primary IP address of the master’s interface
where the VRRP group is configured.
|
1.1.2 display vrrp statistics
Syntax
display vrrp statistics [ interface vlan-interface vlan-id
[ vrid virtual-router-id ] ]
View
Any view
Parameters
vlan-interface vlan-id: Specifies a VLAN interface by
its VLAN ID. vlan-id is the ID of the VLAN interface.
vrid virtual-router-id: Specifies a VRRP group. virtual-router-id is the VRRP group
ID, ranging from 1 to 255.
Description
Use the display vrrp statistics
command to display the VRRP statistics information of VRRP group(s). Refer to Table 1-3 for the
displayed information.
l
If neither a VLAN interface nor a VRRP group is
specified, the statistics information about all the VRRP groups on the switch
is displayed.
l
If only a VLAN interface is specified, the statistics
information about all the VRRP groups on the specified VLAN interface is
displayed.
l
If both a VLAN interface and a VRRP group are
specified, the statistics information about the specified VRRP group on the specified
VLAN interface is displayed.
You can clear the VRRP statistics by using
the reset vrrp statistics command.
Related commands: reset vrrp statistics
Examples
# Display the VRRP statistics information
about all the VRRP groups.
<Sysname> display vrrp
statistics
Interface :
Vlan-interface1
VRID : 1
CheckSum Errors : 0
Version Errors : 0
VRID Errors : 0
Advertisement Interval Errors : 0
IP TTL Errors : 0
Auth Failures : 0
Invalid Auth Type : 0
Auth Type Mismatch : 0
Packet Length Errors : 0
Address List Errors : 0
Become Master : 1 Priority
Zero Pkts Rcvd : 0
Advertise Rcvd : 0
Priority Zero Pkts Sent : 0
Invalid Type Pkts Rcvd : 0
Table 1-3 Description on the fields of the display vrrp statistics
command
|
Field
|
Description
|
|
Interface
|
Interface where the VRRP group resides
|
|
VRID
|
VRRP group ID
|
|
CheckSum Errors
|
Number of checksum errors
|
|
Version Errors
|
Number of version errors
|
|
VRID Errors
|
Number of virtual router ID errors
|
|
Advertisement Interval Errors
|
Number of errors of the interval for
sending VRRP advertisements
|
|
IP TTL Errors
|
Number of TTL errors
|
|
Auth Failures
|
Number of authentication errors
|
|
Invalid Auth Type
|
Number of invalid authentication types
|
|
Auth Type Mismatch
|
Number of mismatched authentication types
|
|
Packet Length Errors
|
Number of VRRP packet length errors
|
|
Address List Errors
|
Number of the virtual IP address list
errors
|
|
Become Master
|
Number of the occasions where the current
switch operates as the master
|
|
Priority Zero Pkts Rcvd
|
Number of the received VRRP advertisements
with the priority of 0
|
|
Advertise Rcvd
|
Number of the received VRRP advertisements
|
|
Priority Zero Pkts Sent
|
Number of the sent advertisements with
the priority of 0
|
|
Invalid Type Pkts Rcvd
|
Number of the packet type errors
|
1.1.3 reset vrrp statistics
Syntax
reset vrrp statistics [ interface vlan-interface vlan-id [ vrid virtual-router-id
] ]
View
User view
Parameters
vlan-interface vlan-id: Specifies a VLAN interface by
its ID. vlan-id is the ID of a VLAN interface.
vrid virtual-router-id: Specifies a VRRP group. virtual-router-id is the VRRP group
ID, ranging from 1 to 255.
Description
Use the reset vrrp statistics
command to clear the VRRP statistics information.
When you execute this command,
l
If neither a VLAN interface nor a VRRP group is
specified, the statistics information about all the VRRP groups on the switch
is cleared.
l
If only a VLAN interface is specified, the statistics
information about all the VRRP groups on the specified VLAN interface is cleared.
l
If both a VLAN interface and a VRRP group are
specified, the statistics information about the specified VRRP group on the specified
VLAN interface is cleared.
You can view the current VRRP statistics by
using the display vrrp statistics command.
Related commands: display vrrp statistics
Examples
# Clear the VRRP statistics information about all the interfaces on the
switch.
<Sysname> reset vrrp statistics
1.1.4 vrrp
method
Syntax
vrrp method {
real-mac | virtual-mac }
undo vrrp method
View
System view
Parameters
real-mac:
Maps the real MAC address of the switch to the virtual IP address of the VRRP
group.
virtual-mac:
Maps the virtual MAC address of the VRRP group to the virtual IP address of the
VRRP group.
Description
Use the vrrp method command to configure
the MAC-Virtual IP address mapping for VRRP groups. You can configure to map
the real MAC address of the switch to the virtual IP address of a VRRP group or
configure to map the virtual MAC address of a VRRP group to the virtual IP
address of the VRRP group.
Use the undo vrrp method command to
restore the default.
By default, the virtual MAC address of a VRRP
group is mapped to the virtual IP address of the VRRP group.
Note that the mapping relationship between
the MAC address and the virtual IP address must be configured before any VRRP
group is created. If a VRRP group already exists on the switch, you are not
allowed to modify the mapping relationship.
Examples
# Map the MAC address of a VLAN interface
to the virtual IP address of the VRRP group.
<Sysname> system-view
System View: return to User View with
Ctrl+Z.
[Sysname] vrrp method real-mac
1.1.5 vrrp
ping-enable
Syntax
vrrp ping-enable
undo vrrp ping-enable
View
System view
Parameters
None
Description
Use the vrrp ping-enable command to
enable a VRRP group to respond to ping packets destined for its virtual router
IP address.
Use the undo vrrp ping-enable
command to restore the default.
By default, a VRRP group does not respond
to ping packets destined for its virtual router IP address.
Note that this command must be configured
before any VRRP group is created. If a VRRP group already exists on the switch,
you are not allowed to execute the command.
Examples
# Enable a VRRP group to respond to ping packets
destined for its virtual router IP address.
<Sysname> system-view
System View: return to User View with
Ctrl+Z.
[Sysname] vrrp ping-enable
Syntax
vrrp vlan-interface vlan-id vrid virtual-router-id
track [ reduced value-reduced ]
undo vrrp vlan-interface vlan-id vrid virtual-router-id
track
View
Ethernet port view
Parameters
virtual-router-id: VRRP group ID, ranging from 1 to 255.
vlan-id:
VLAN ID.
value-reduced: Value by which the priority of a switch is to decrease. This
argument ranges from 1 to 255, and defaults to 10.
Description
Use the vrrp vlan-interface vrid track
command to enable the port tracking function of a VRRP group on a physical port.
Use the undo vrrp vlan-interface vrid
track command to disable the port tracking function.
After the port tracking function of a VRRP
group is enabled on a port, this function will track the link status of the
port. If a fault occurs on the port, the function decreases the priority of the
switch where the port resides by a specified value.
Usually, this function is used to track the
status of the uplink port of the master in a VRRP group. Thereby, when the
uplink port of the master fails, the master’s priority will decrease by a
specified value, so as to trigger a new master election in the VRRP group.
l
If an IP address owner exists in a VRRP group,
the port tracking function configured on the IP address owner cannot take
effect.
l
The port to be tracked can be in the VLAN whose
VLAN interface has the VRRP group configured.
l
Up to eight ports can be tracked simultaneously.
Examples
# Configure that the priority of the switch
decreases by 50 if its GigabitEthernet 1/0/1 port fails.
<Sysname> system-view
[Sysname] vlan 2
[Sysname-vlan2] port GigabitEthernet1/0/1
[Sysname-vlan2] quit
[Sysname] interface GigabitEthernet
1/0/1
[Sysname-GigabitEthernet1/0/1] vrrp
vlan-interface 2 vrid 1 track reduced 50
1.1.7 vrrp vrid authentication-mode
Syntax
vrrp vrid virtual-router-id authentication-mode
authentication-type authentication-key
undo vrrp vrid virtual-router-id authentication-mode
View
VLAN interface view
Parameters
virtual-router-id: VRRP group ID, ranging from 1 to 255.
authentication-type: Authentication type, which can be:
l
simple: Indicates
to perform simple text authentication.
l
md5: Indicates to
perform the authentication by using MD5 algorithm.
authentication-key: Authentication key, which can be:
l
When the authentication type is simple,
the authentication key is in plain text and can contain one to eight
characters.
l
When the authentication type is md5, the
authentication key can be a string of one to eight characters in plain text,
such as 1234567, or a 24-character MD5 encrypted string, such as
_(TT8F]Y\5SQ=^Q`MAF4<1!!.
Description
Use the vrrp vrid authentication-mode
command to specify the authentication type and the authentication key for a VRRP
group to receive and send VRRP packets.
Use the undo vrrp vrid
authentication-mode command to restore the default.
By default, no VRRP authentication is configured.
Note that:
l
The authentication key is case sensitive.
l
Before configuring VRRP authentication on a VLAN
interface, you need to create a VRRP group and configure the virtual IP address
of it on the VLAN interface.
l
This command sets the authentication type and
authentication key for all the VRRP groups on an interface. This is determined
by the protocol, which defines that all the VRRP groups on an interface share
the same authentication type and authentication key. Besides, all the members
joining the same VRRP group should also share the same authentication type and
authentication key.
Examples
# Set the authentication type of VRRP group
1 on VLAN-interface 2 to simple and the authentication key for it to aabbcc.
<Sysname> system-view
System View: return to User View with
Ctrl+Z.
[Sysname] interface Vlan-interface 2
[Sysname-Vlan-interface2] vrrp vrid 1
virtual-ip 10.1.1.1
[Sysname-Vlan-interface2] vrrp vrid 1
authentication-mode simple aabbcc
Syntax
vrrp vrid virtual-router-id preempt-mode [ timer delay delay-value ]
undo vrrp vrid virtual-router-id preempt-mode
View
VLAN interface view
Parameters
virtual-router-id: VRRP group ID, ranging from 1 to 255.
delay-value:
Preemption delay period (in seconds), ranging from 0 to 255.
Description
Use the vrrp vrid preempt-mode
command to configure a switch to operate in the preemptive mode and set the preemption
delay period.
Use the undo vrrp vrid preempt-mode
command to cancel the configuration, that is, configure the switch to work in
the non-preemptive mode.
By default, switches in a VRRP group
operate in the preemptive mode, with the preemption delay period set to 0
seconds.
If you want a switch with high priority to
preempt the master, configure the switch to operate in the preemptive mode. You
can also set the delay period for preemption as needed.
For S5600 series, you can enable the
preemptive mode for switches in a VRRP group:
l
In a VRRP group where the preemptive mode is not
enabled, once a switch in the VRRP group becomes the master, other switches,
even if they are with a higher priority later, do not preempt the master as
long as the master is not down.
l
In a VRRP group where switches are enabled with
the preemptive mode, a backup sends out VRRP advertisements to trigger a new master
election if it finds its priority is higher than that of the current master,
and finally becomes the new master. The former master becomes a backup accordingly.
You can also set the preemptive delay for
the switches in a VRRP group. Setting a preemption delay period aims at:
l
In an unstable network, backups in a VRRP group
possibly cannot receive VRRP advertisements from the master in time due to
network congestions. This causes the master of the VRRP group to be determined
frequently. In this case, the backup considers itself as the master and sends
out VRRP advertisements to elect the master. This causes the master of the VRRP
group to be determined frequently.
l
With the configuration of preemption delay, if a
backup does not receive VRRP advertisements from the master in time, it waits
for a while before switching to a new master. The backup does not send VRRP
advertisements if it receives VRRP advertisements from the master during the
specified delay period.
Examples
# Configure the switch to operate in the
preemptive mode.
<Sysname> system-view
System View: return to User View with
Ctrl+Z.
[Sysname] interface Vlan-interface 2
[Sysname-Vlan-interface2] vrrp vrid 1
preempt-mode
# Set the preemption delay period.
[Sysname-Vlan-interface2] vrrp vrid 1
preempt-mode timer delay 5
# Configure the switch to operate in
non-preemptive mode.
[Sysname-Vlan-interface2] undo vrrp
vrid 1 preempt-mode
Syntax
vrrp vrid virtual-router-id priority priority
undo vrrp vrid virtual-router-id priority
View
VLAN interface view
Parameters
virtual-router-id: VRRP group ID, ranging from 1 to 255.
priority:
Switch priority to be set. This argument ranges from 1 to 254.
Description
Use the vrrp vrid priority command
to set the priority of a switch in a VRRP group.
Use the undo vrrp vrid priority
command to restore the default priority.
By default, the priority of a switch in a VRRP
group is 100.
Switch priority determines the possibility
for the switch to become a master. A switch with higher priority is more likely
to become a master. Switch priority ranges from 0 to 255 (a larger number
indicates a higher switch priority) and defaults to 100. Note that only 1
through 254 are available to users. Switch priority 0 and 255 are reserved for
special uses and IP address owner respectively. If a switch is an IP address
owner, its priority is always 255 and not configurable. So if an IP address
owner exists in a VRRP group, the switch (the IP address owner) is the master
of the VRRP group as along as it can work properly.
Examples
# Set the priority to 120 on VLAN-interface
2 for the switch in the VRRP group.
<Sysname> system-view
System View: return to User View with
Ctrl+Z.
[Sysname] interface Vlan-interface 2
[Sysname-Vlan-interface2] vrrp vrid 1
priority 120
Syntax
vrrp vrid virtual-router-id timer advertise adver-interval
undo vrrp vrid virtual-router-id timer advertise
View
VLAN interface view
Parameters
virtual-router-id: VRRP group ID, ranging from 1 to 255.
adver-interval: Interval (in seconds) at which the master of a VRRP group sends
VRRP advertisement packets, in seconds. This argument ranges from 1 to 255 and
defaults to 1.
Description
Use the vrrp vrid timer advertise
command to set the interval for the master of a VRRP group to send VRRP advertisements.
Use the undo vrrp vrid timer advertise
command to restore to the default interval.
By default, the interval for the master in
a VRRP group to send VRRP advertisements is 1 second.
The master of a VRRP group will send VRRP
advertisements at a specified interval to inform backups of the VRRP group that
it works normally. If backups receive no VRRP advertisement packet after
waiting for a period three times of the advertisement interval, they send VRRP
advertisements to other members of the VRRP group to elect a new master.
Note that configuration error occurs if
switches of the same VRRP group are configured with different adver-interval
values.
Examples
# Set the interval for the master to send
VRRP advertisements to 15 seconds.
<Sysname> system-view
System View: return to User View with
Ctrl+Z.
[Sysname] interface Vlan-interface 2
[Sysname-Vlan-interface2] vrrp vrid 1
timer advertise 15
Syntax
vrrp vrid virtual-router-id track interface vlan-interface
vlan-id [ reduced value-reduced ]
undo vrrp vrid virtual-router-id track interface vlan-interface
vlan-id
View
VLAN interface view
Parameters
virtual-router-id: VRRP group ID, ranging from 1 to 255.
vlan-id: A
VLAN interface ID to be tracked.
value-reduced: Value by which the priority decreases. This argument ranges from 1
to 255 and defaults to 10.
Description
Use the vrrp vrid track interface
command to set a VLAN interface to be tracked.
Use the undo vrrp vrid track
interface command to disable a VLAN interface from being tracked.
The VLAN interface tracking function
extends the use of the backup function. With this function enabled on a switch,
the backup function can take effect not only when the VLAN interface where a VRRP
group resides fails, but also when some other VLAN interfaces on the switch
fail. You can utilize the VLAN interface tracking function by specifying
monitored VLAN interfaces.
When the tracked VLAN interface on the
master of a VRRP group is down, the priority of the master decreases by the
value set by the value-reduced argument, allowing a switch with the
highest priority in the VRRP group becomes the master.
l
If an IP address owner exists in a VRRP group, do
not configure the interface tracking function on the IP address owner. If
configured, the function cannot take effect.
l
A VRRP group can track up to eight VLAN
interfaces simultaneously.
Examples
# On VLAN-interface 2, configure to track VLAN-interface
1 and configure the priority of the master of VRRP group 1 (on VLAN-interface 2)
to decrease by 50 when VLAN-interface 1 goes down.
<Sysname> system-view
System View: return to User View with
Ctrl+Z.
[Sysname] interface Vlan-interface 2
[Sysname-Vlan-interface2] vrrp vrid 1
track interface vlan-interface 1 reduced 50
Syntax
vrrp vrid virtual-router-id track detect-group group-number [ reduced
value-reduced ]
undo vrrp
vrid virtual-router-id track detect-group group-number
View
VLAN interface view
Parameters
virtual-router-id: Virtual VRRP group ID, ranging from 1 to 255.
group-number:
Detected group number, ranging from 1 to 25.
value-reduced: Value by which the priority decreases.
This argument ranges from 1 to 255 and defaults to 10.
Description
Use the vrrp vrid track detect-group
command to enable the auto detect function when employing VRRP.
Use the undo vrrp vrid track
detect-group command to disable the auto detect implementation in VRRP.
The auto detect result of the detected
group can control the priority of a switch in a VRRP group. In this way, the
automatic switching between the master and the backup is implemented.
l
Decrease the priority of a switch in a VRRP
group when the result of the detected group is unreachable.
l
Restore the priority of the switch in the VRRP
group when the result of the detected group is reachable.
l
If an IP address owner exists in a VRRP group,
the auto detect function configured on the IP address owner cannot take effect.
l
A detected group can be used to detect up to
eight Layer 3 interfaces.
Examples
# Create detected group 10 and specify to
detect the IP address of 202.12.1.55.
<Sysname> system-view
System View: return to User View with
Ctrl+Z.
[Sysname] detect-group 10
[Sysname-detect-group-10] detect-list
1 ip address 202.12.1.55
# Specify to decrease the priority of the
master of VRRP group 1 by 20 when detected group 10 is unreachable.
[Sysname] interface vlan-interface 2
[Sysname- Vlan-interface2] vrrp vrid
1 track detect-group 10 reduced 20
Syntax
vrrp vrid virtual-router-id
virtual-ip virtual-address
undo vrrp vrid virtual-router-id [ virtual-ip virtual-address
]
View
VLAN interface view
Parameters
virtual-router-id: VRRP group ID, ranging from 1 to 255.
virtual-address: Virtual IP address to be configured.
Description
Use the vrrp vrid virtual-ip command
to create a VRRP group and configure the virtual IP address for the VRRP group,
or add a virtual IP address to the virtual IP address list of an existing VRRP
group. You can add up to 16 virtual IP addresses for a VRRP group.
Use the undo vrrp vrid virtual-ip
command to remove an existing VRRP group, or remove a virtual IP address from the
virtual IP address list of an existing VRRP group. A VRRP group is removed if
all its virtual IP addresses are removed.
By default, no VRRP group is created.
Note that:
l
A virtual IP address cannot be an all-zero
address (0.0.0.0), a broadcast address (255.255.255.255), a loopback interface,
a non-A/B/C class address, or an illegal IP address, such as 0.0.0.1.
l
Virtual IP addresses of a VRRP group must be in
the same network segment with the IP address of the interface where the VRRP
group is configured. Otherwise, the VRRP group cannot work normally.
It is not
recommended to perform VRRP group-related configurations on the VLAN interface
of a remote-probe VLAN. Otherwise, packet mirroring may be affected.
Examples
# Create a VRRP group.
<Sysname> system-view
System View: return to User View with
Ctrl+Z.
[Sysname] interface Vlan-interface 2
[Sysname-Vlan-interface2] vrrp vrid 1
virtual-ip 10.10.10.10
# Add a virtual IP address to an existing VRRP
group.
[Sysname-Vlan-interface2] vrrp vrid 1
virtual-ip 10.10.10.11
# Remove a virtual IP address from a VRRP
group.
[Sysname-Vlan-interface2] undo vrrp
vrid 1 virtual-ip 10.10.10.10
# Remove a VRRP group.
[Sysname-Vlan-interface2] undo vrrp
vrid 1
