Chapter 1 VRRP
Configuration Commands
Syntax
debugging vrrp { state | packet }
undo debugging vrrp { state | packet }
View
User view
Parameter
state:
Debugs VRRP state.
packet:
Debugs VRRP packets.
Description
Use the debugging vrrp command to
enable VRRP debugging.
Use the undo debugging vrrp
command to disable VRRP debugging.
By default, VRRP debugging is disabled.
Example
# Enable VRRP state debugging.
<H3C> debugging vrrp state
Syntax
display vrrp [ interface Vlan-interface
valn-id | statistics [ Vlan-interface vlan-id ]
] [ virtual-router-id ]
View
Any view
Parameter
interface:
Displays VRRP information about the specified VLAN interface.
vlan-id:
VLAN interface ID.
statistics:
Displays VRRP statistics.
virtual-router-id: VRRP backup group ID, ranging from 1 to 255.
Description
Use the display vrrp command to
display the information about the VRRP state or VRRP statistics.
When VRRP status information is displayed:
l
If the interface index and backup group ID are
not specified, the state information about all the backup groups on the switch
is displayed.
l
If only the interface index is specified, the
state information about all the backup groups on the interface is displayed.
l
If both the interface index and backup group ID
are specified, the state information about the specified backup group on the
interface is displayed.
When VRRP statistics information is
displayed:
l
If the interface index and backup group ID are
not specified, the statistics about all the backup groups on the switch are
displayed.
l
If only the interface index is specified, the
statistics about all the backup groups on the interface are displayed.
l
If both the interface index and backup group ID
are specified, the statistics about the specified backup group on the interface
are displayed.
Example
# Display the statistics about all the backup groups on the switch.
<H3C> display vrrp statistics
Interface :
Vlan-interface10
VRID : 1
CheckSum Errors : 0
Version Errors : 0
VRID Errors : 0
Advertisement Interval Errors : 0
IP TTL Errors : 0
Auth Failures : 0
Invalid Auth Type : 0
Auth Type Mismatch : 0
Packet Length Errors : 0
Address List Errors : 0
Become Master : 2
Priority Zero Pkts Rcvd : 0
Advertise Rcvd : 0
Priority Zero Pkts Sent : 1
Invalid Type Pkts Rcvd : 0
Table 1-1 Description on the fields of the display vrrp statistics
command
|
Field
|
Description
|
|
Interface
|
Interface in which the backup group resides
|
|
VRID
|
Backup group ID
|
|
CheckSum Errors
|
Number of checksum errors
|
|
Version Errors
|
Number of version errors
|
|
VRID Errors
|
Number of backup group ID errors
|
|
Advertisement Interval Errors
|
Number of advertisement interval errors
|
|
IP TTL Errors
|
Number of TTL errors
|
|
Auth Failures
|
Number of authentication errors
|
|
Invalid Auth Type
|
Number of invalid authentication types
|
|
Auth Type Mismatch
|
Number of mismatched authentication types
|
|
Packet Length Errors
|
Number of VRRP packet length errors
|
|
Address List Errors
|
Number of the virtual IP address list
errors
|
|
Become Master
|
Number of the occasions where the switch
operates as the master
|
|
Priority Zero Pkts Rcvd
|
Number of the received advertisement packets
with the priority of 0
|
|
Advertise Rcvd
|
Number of the received advertisement
packets
|
|
Priority Zero Pkts Sent
|
Number of the sent advertisement packets
with the priority of 0
|
|
Invalid Type Pkts Rcvd
|
Number of packet type errors
|
Syntax
reset vrrp statistics [ vlan-interface vlan-id ] [ virtual-router-id
]
View
User view
Parameter
vlan-id:
VLAN interface ID.
virtual-router-id: VRRP virtual router ID, ranging from 1 to 255.
Description
Use the reset vrrp command to
clear the statistics information about VRRP.
When you execute this command,
l
If the interface index and backup group ID are
not specified, the statistics information about all the backup groups on the
switch is cleared.
l
If only the interface index is specified, the
statistics information about all the backup groups on the interface will be
cleared.
l
If both the interface index and backup group ID
are specified, the statistics information about the specified backup group on
the interface is cleared.
Example
# Clear the VRRP statistics on the switch.
<H3C> reset vrrp statistics
Syntax
vrrp authentication-mode authentication-type authentication-key
undo vrrp authentication-mode
View
VLAN interface view
Parameter
authentication-type: Authentication type, which can be:
l
simple: Indicates
to perform simple character authentication.
l
md5: Indicates to
perform the authentication with MD5 algorithm.
authentication-key: Authentication key. When you specify authentication-type as
simple, the authentication key can contain up to eight characters. When
you specify authentication-type as md5, the authentication key
can be a string comprising up to eight characters in plain text or a
24-character encrypted string.
Description
Use the vrrp authentication-mode
command to specify the authentication type and the authentication key for a
VRRP backup group.
Use the undo vrrp authentication-mode
command to clear the configured authentication type and authentication key.
If the simple or md5
authentication is configured, the authentication key is required.
This command sets the authentication type
and authentication key for all the VRRP backup groups on an interface. As
defined in the protocol, all the backup groups on an interface share the same
authentication type and authentication key. And all the members joining the
same backup group also share the same authentication type and authentication
key.
Note that the authentication key is
case-sensitive.
Example
# Specify the authentication type as simple,
and authentication key as “aabbcc”.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] interface Vlan-interface 2
[H3C-Vlan-interface2] vrrp
authentication-mode simple aabbcc
Syntax
vrrp method {
real-mac | virtual-mac }
undo vrrp method
View
System view
Parameter
real-mac:
Maps the real MAC address of a Layer 3 switch routing interface to virtual
router IP addresses.
virtual-mac:
Maps the virtual MAC address to virtual router IP addresses of backup groups.
Description
Use the vrrp method command to map
the MAC address of a backup group to the virtual router IP addresses. You can
map the actual or virtual MAC address of a Layer 3 switch routing interface to
virtual router IP addresses.
Use the undo vrrp method command to
restore the default mapping settings.
By default, the virtual MAC address of a
backup group is mapped to the IP address of the virtual router.
Note that as the mapping relationship
between the MAC addresses of a backup group and a virtual router IP address
cannot be configured after the backup group is created, configure the mapping
relationship before you create a backup group.
Due to the chips
installed, when you map the virtual IP addresses to the virtual MAC addresses,
the chip type decides the number of backup groups that can be configured on a
VLAN interface. Refer to device specification for details.
Example
# Map the real MAC address of a routing
interface to a virtual router IP address.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] vrrp method real-mac
Syntax
vrrp ping-enable
undo vrrp ping-enable
View
System view
Parameter
None
Description
Use the vrrp ping-enable command to
enable a backup group to respond to ping operations destined for its virtual
router IP address.
Use the undo vrrp ping-enable
command to revert to the default.
By default, a backup group does not respond
to ping operations destined for its virtual router IP address.
As these two commands are invalid to
switches in backup groups, use them before you create a backup group.
Example
# Enable a backup group to respond to ping
operations destined for its virtual router IP address.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] vrrp ping-enable
Syntax
vrrp vrid virtual-router-id preempt-mode [ timer delay delay-value ]
undo vrrp vrid virtual-router-id preempt-mode
View
VLAN interface view
Parameter
virtual-router-id: VRRP backup group ID, ranging from 1 to 255.
delay-value:
Delay period (in seconds), ranging from 0 to 255.
Description
Use the vrrp vrid preempt-mode
command to configure a switch to operate in the preemptive mode and set the
delay period.
Use the undo vrrp vrid preempt-mode command
to cancel the configuration.
By default, switches in a backup group
operate in the preemptive mode, with the delay period set to 0 seconds.
If you want backup switches to preempt the
master switch, configure them to operate in the preemptive mode. You can also
set the delay period for preemption as needed.
As long as a switch in the backup group
becomes the master switch, other switches, even if they are configured with a
higher priority later, do not preempt the master switch unless they operate in
preemptive mode. The switch operating in preemptive mode will become the master
switch when it finds its priority is higher than that of the current master
switch, and the former master switch becomes a backup switch accordingly.
You can configure an S7500 series switch to
operate in preemptive mode. You can also set the delay period. A backup switch
waits for a period of time (the delay period) before becoming a master switch.
Setting a delay period aims at:
In an unstable network, backup switches in
a backup group possibly cannot receive packets from the master in time due to
network congestions even if the master operates properly. This causes the
master of the backup group being determined frequently. With the configuration
of delay period, the backup switch will wait for a while if it does not receive
packets from the master switch in time. A new master is determined only after
the backup switches do not receive packets from the master switch after the
specified delay time.
You can use the undo
vrrp vrid preempt-mode command to set switches in a backup group to operate
in non-preemptive mode.
Example
# Configure the switches to operate in the
preemptive mode.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] interface Vlan-interface 2
[H3C-Vlan-interface2] vrrp vrid 1
preempt-mode
# Set the delay period.
[H3C-Vlan-interface2] vrrp vrid 1
preempt-mode timer delay 5
# Configure the switches to operate in
non-preemptive mode.
[H3C-Vlan-interface2] undo vrrp vrid
1 preempt-mode
Syntax
vrrp vrid virtual-router-id priority priority
undo vrrp vrid virtual-router-id priority
View
VLAN interface view
Parameter
virtual-router-id: VRRP backup group ID, ranging from 1 to 255.
priority:
Switch priority to be set. This argument ranges from 1 to 254.
Description
Use the vrrp vrid priority command
to set the priority of a switch in a backup group.
Use the undo vrrp vrid priority
command to revert to the default priority.
By default, the priority of a switch in a
backup group is 100.
Switch priority determines the possibility
for the switch to become a master switch. A switch with larger priority is more
likely to become a master switch. Note that the priority of 0 is reserved for
special use, and the priority of 255 is for IP address owners. That is, the
priority of a switch that owns a virtual router IP address is fixed to 255 and
cannot be modified.
Example
# Set the priority to 120 for a switch in
the backup group.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] interface Vlan-interface 2
[H3C-Vlan-interface2] vrrp vrid 1
priority 120
Syntax
vrrp vrid virtual-router-id timer advertise adver-interval
undo vrrp vrid virtual-router-id timer advertise
View
VLAN interface view
Parameter
virtual-router-id: VRRP backup group ID, ranging from 1 to 255.
adver-interval: Interval (in seconds) for the master switch of a backup group to
send VRRP packets. This argument ranges from 1 to 255.
Description
Use the vrrp vrid timer advertise
command to set the interval for the master switch of a backup group to send
VRRP packets.
Use the undo vrrp vrid timer advertise
command to revert to the default interval.
Note that configuration error occurs if
switches of the same backup group are configured with different adver-interval
values.
By default, the interval for the master
switch in a backup group to send VRRP packets is 1 second.
Example
# Set the interval for the master switch to
send VRRP packets to 15 seconds.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] interface Vlan-interface 2
[H3C-Vlan-interface2] vrrp vrid 1
timer advertise 15
Syntax
vrrp vrid virtual-router-id track interface-type interface-number
[ reduced value-reduced ]
undo vrrp vrid virtual-router-id track [ interface-type interface-number ]
View
VLAN interface view
Parameter
virtual-router-id: VRRP backup group ID, ranging form 1 to 255.
Interface-type interface-number: VLAN interface to be tracked.
value-reduced: Value by which the priority is to decrease. This argument ranges
from 1 to 255.
Description
Use the vrrp vrid track command to
set a VLAN interface/Ethernet port to be tracked.
Use the undo vrrp vrid track
command to disable a VLAN interface/Ethernet port from being tracked.
By default, the value by which the priority
of the VLAN interface decreases is 10.
The VLAN interface/Ethernet port tracking
function extends the use of the backup function. With this function enabled,
the backup function is provided not only when the interface where the backup
group resides fails, but also when other interfaces/Ethernet ports are
unavailable. By executing the related command, you can track an
interface/Ethernet port.
When a tracked VLAN interface/Ethernet port
goes down, the priority of the switch owning the interface/port will reduce
automatically by a specified value (the value-reduced argument). If the
switches with their priorities higher than that of the current master switch exist
in the backup group, a new master switch will be then determined.
l
The Ethernet port tracked can be in or out of
the VLAN in whose interface the backup group resides.
l
If a switch is the IP address owner, the VLAN
interface/Ethernet port tracking function can not be enabled for the switch.
l
If a tracked VLAN interface/Ethernet port goes
down, when it is up again, the priority of the corresponding switch is
automatically restored.
l
Each backup group can track up to eight VLAN
interfaces/Ethernet ports.
Example
# Configure VLAN 2 interface to track VLAN
1 interface and specify the priority of the master switch of backup group 1 (on
VLAN 2 interface) decreases by 50 when VLAN 1 interface goes down.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] interface Vlan-interface 2
[H3C-Vlan-interface2] vrrp vrid 1
track vlan-interface 1 reduced 50
Syntax
vrrp vrid virtual-router-id
virtual-ip virtual-address
undo vrrp vrid virtual-router-id [ virtual-ip virtual-address
]
View
VLAN interface view
Parameter
virtual-router-id: VRRP backup group ID, ranging from 1 to 255.
virtual-address: Virtual router IP address to be configured.
Description
Use the vrrp vrid virtual-ip command
to add a virtual router IP address to an existing backup group.
Use the undo vrrp vrid virtual-ip
command to remove a virtual router IP address from an existing backup group.
The vrrp vrid virtual-ip command can
also be used to create a backup group. You can add up to 16 virtual router IP
addresses to a backup group. The undo vrrp vrid virtual-ip command can
also be used to remove an existing backup group. A backup group is removed if
all the virtual router IP addresses configured for it are removed.
Note that the virtual router IP address and
the IP addresses used by the member switches in a backup group must belong to
the same network segment. If not, the backup group will be in the initial state
(the state before you configure the VRRP for the switches). In this case, VRRP
does not take effect.
Example
# Create a backup group.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] interface Vlan-interface 2
[H3C-Vlan-interface2] vrrp vrid 1
virtual-ip 10.10.10.10
# Add a virtual router IP address to an
existing backup group.
[H3C-Vlan-interface2] vrrp vrid 1
virtual-ip 10.10.10.11
# Remove a virtual router IP address from a
backup group.
[H3C-Vlan-interface2] undo vrrp vrid
1 virtual-ip 10.10.10.10
# Remove a backup group.
[H3C-Vlan-interface2] undo vrrp vrid
1
