Login
- Table of Contents
-
- H3C S3600 Series Ethernet Switches Command Manual-Release 1510(V1.04)
- 00-1Cover
- 01-CLI Command
- 02-Login Command
- 03-Configuration File Management Command
- 04-VLAN Command
- 05-IP Address and Performance Configuration Command
- 06-Management VLAN Command
- 07-Voice VLAN Command
- 08-GVRP Command
- 09-Port Basic Configuration Command
- 10-Link Aggregation Command
- 11-Port Isolation Command
- 12-Port Security-Port Binding Command
- 13-DLDP Command
- 14-MAC Address Table Command
- 15-Auto Detect Command
- 16-MSTP Command
- 17-Routing Protocol Command
- 18-Multicast Command
- 19-802.1x Command
- 20-AAA-RADIUS-HWTACACS-EAD Command
- 21-VRRP Command
- 22-Centralized MAC Address Authentication Command
- 23-ARP Command
- 24-DHCP Command
- 25-ACL Command
- 26-QoS-QoS Profile Command
- 27-Web Cache Redirection Command
- 28-Mirroring Command
- 29-IRF Fabric Command
- 30-Cluster Command
- 31-PoE-PoE Profile Command
- 32-UDP Helper Command
- 33-SNMP-RMON Command
- 34-NTP Command
- 35-SSH Terminal Service Command
- 36-File System Management Command
- 37-FTP and TFTP Command
- 38-Information Center Command
- 39-System Maintenance and Debugging Command
- 40-VLAN-VPN Command
- 41-HWPing Command
- 42-DNS Command
- 43-Access Management Command
- 44-Appendix
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 21-VRRP Command | 81 KB |
Table of Contents
Chapter 1 VRRP Configuration Commands
1.1 VRRP Configuration Commands
1.1.3 vrrp authentication-mode
1.1.6 vrrp vlan-interface vrid track
1.1.9 vrrp vrid timer advertise
1.1.11 vrrp vrid track detect-group
Chapter 1 VRRP Configuration Commands
The S3600-EI series switches support the VRRP feature, but not the S3600-SI series.
1.1 VRRP Configuration Commands
1.1.1 display vrrp
Syntax
display vrrp [ interface Vlan-interface vlan-id | statistics [ Vlan-interface vlan-id ] ] [ virtual-router-id ]
View
Any view
Parameter
interface: Displays VRRP information about the specified VLAN interface.
vlan-id: VLAN interface ID.
statistics: Displays VRRP statistics.
virtual-router-id: VRRP backup group ID, ranging from 1 to 255.
Description
Use the display vrrp command to display the information about the VRRP state or VRRP statistics.
When VRRP status information is displayed:
l If the interface index and backup group ID are not specified, the state information about all the backup groups on the switch is displayed.
l If only the interface index is specified, the state information about all the backup groups on the interface is displayed.
l If both the interface index and backup group ID are specified, the state information about the specified backup group on the interface is displayed.
When VRRP statistics information is displayed:
l If the interface index and backup group ID are not specified, the statistics about all the backup groups on the switch is displayed.
l If only the interface index is specified, the statistics about all the backup groups on the interface is displayed.
l If both the interface index and backup group ID are specified, the statistics about the specified backup group on the interface is displayed.
Example
# Display the statistics about all the backup groups on the switch.
<H3C> display vrrp statistics
Interface : Vlan-interface10
VRID : 1
CheckSum Errors : 0 Version Errors : 0
VRID Errors : 0 Advertisement Interval Errors : 0
IP TTL Errors : 0 Auth Failures : 0
Invalid Auth Type : 0 Auth Type Mismatch : 0
Packet Length Errors : 0 Address List Errors : 0
Become Master : 2 Priority Zero Pkts Rcvd : 0
Advertise Rcvd : 0 Priority Zero Pkts Sent : 1
Invalid Type Pkts Rcvd: 0
Table 1-1 Description on the fields of the display vrrp statistics command
|
Field |
Description |
|
Interface |
Interface in which the backup group resides |
|
VRID |
Backup group ID |
|
CheckSum Errors |
Number of checksum errors |
|
Version Errors |
Number of version errors |
|
VRID Errors |
Number of backup group ID errors |
|
Advertisement Interval Errors |
Number of advertisement time interval errors |
|
IP TTL Errors |
Number of TTL errors |
|
Auth Failures |
Number of authentication errors |
|
Invalid Auth Type |
Number of invalid authentication types |
|
Auth Type Mismatch |
Number of mismatched authentication types |
|
Packet Length Errors |
Number of VRRP packet length errors |
|
Address List Errors |
Number of the virtual IP address list errors |
|
Become Master |
Number of the occasions where the switch operates as the master |
|
Priority Zero Pkts Rcvd |
Number of the received advertisement packets with the priority of 0 |
|
Advertise Rcvd |
Number of the received advertisement packets |
|
Priority Zero Pkts Sent |
Number of the sent advertisement packets with the priority of 0 |
|
Invalid Type Pkts Rcvd |
Number of packet type errors |
1.1.2 reset vrrp statistics
Syntax
reset vrrp statistics [ vlan-interface vlan-id ] [ virtual-router-id ]
View
User view
Parameter
vlan-id: VLAN interface ID.
virtual-router-id: VRRP virtual router ID, ranging from 1 to 255.
Description
Use the reset vrrp command to clear the statistics information about VRRP.
When you execute this command,
l If the interface index and backup group ID are not specified, the statistics information about all the backup groups on the switch is cleared.
l If only the interface index is specified, the statistics information about all the backup groups on the interface is cleared.
l If both the interface index and backup group ID are specified, the statistics information about the specified backup group on the interface is cleared.
Example
# Clear the VRRP statistics on the switch.
<H3C> reset vrrp statistics
1.1.3 vrrp authentication-mode
Syntax
vrrp authentication-mode authentication-type authentication-key
undo vrrp authentication-mode
View
VLAN interface view
Parameter
authentication-type: Authentication type, which can be:
l simple: Indicates to perform simple character authentication.
l md5: Indicates to perform the authentication with MD5 algorithm.
authentication-key: Authentication key. When you specify authentication-type to be simple, the authentication key can contain up to eight characters. When you specify authentication-type to be md5, the authentication key can be a string comprising up to eight characters in plain text or a 24-character encrypted string.
Description
Use the vrrp authentication-mode command to specify the authentication type and the authentication key for a VRRP backup group.
Use the undo vrrp authentication-mode command to clear the configured authentication type and authentication key.
If the simple or md5 authentication is configured, the authentication key is required.
This command sets the authentication type and authentication key for all the VRRP backup groups on an interface. As defined in the protocol, all the backup groups on an interface share the same authentication type and authentication key. And all the members joining the same backup group also share the same authentication type and authentication key.
Note that the authentication key is case-sensitive.
Example
# Specify the authentication type as simple, and authentication key as aabbcc.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] interface Vlan-interface 2
[H3C-Vlan-interface2] vrrp authentication-mode simple aabbcc
1.1.4 vrrp method
Syntax
vrrp method { real-mac | virtual-mac }
undo vrrp method
View
System view
Parameter
real-mac: Maps the real MAC address of a Layer 3 switch routing interface to virtual router IP addresses.
virtual-mac: Maps the virtual MAC address of a Layer 3 switch routing interface to virtual router IP addresses.
Description
Use the vrrp method command to map the MAC address of a backup group to the virtual router IP addresses. You can map the actual or virtual MAC address of a Layer 3 switch routing interface to virtual router IP addresses.
Use the undo vrrp method command to restore the default map settings.
By default, the virtual MAC address of a backup group is mapped to the IP address of the virtual router.
Note that as the mapping relationship between the MAC addresses of a backup group and a virtual router IP address cannot be configured after the backup group is created, configure the mapping relationship before you create a backup group.
Example
# Map the real MAC address of a routing interface to a virtual router IP address.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] vrrp method real-mac
1.1.5 vrrp ping-enable
Syntax
vrrp ping-enable
undo vrrp ping-enable
View
System view
Parameter
None
Description
Use the vrrp ping-enable command to enable a backup group to respond to ping operations destined for its virtual router IP address.
Use the undo vrrp ping-enable command to restore the default situation.
By default, a backup group does not respond to ping operations destined for its virtual router IP address.
As these two commands are invalid to switches in backup groups, use them before you create a backup group.
Example
# Enable a backup group to respond to ping operations destined for its virtual router IP address.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] vrrp ping-enable
1.1.6 vrrp vlan-interface vrid track
Syntax
vrrp vlan-interface vlan-id vrid virtual-router-id track [ reduced value-reduced ]
undo vrrp vlan-interface vlan-id vrid virtual-router-id track
View
Ethernet port view
Parameter
virtual-router-id: VRRP backup group ID, ranging from 1 to 255.
vlan-id: VLAN ID.
value-reduced: Value by which the priority of a switch is to decrease. This argument ranges from 1 to 255.
Description
Use the vrrp vlan-Interface vrid track command to enable the port tracking function on the physical ports of a backup group.
Use the undo vrrp vlan-Interface vrid track command to disable the port tracking function.
By default, the value by which the priority of an Ethernet port decreases is 10.
The VRRP backup group port tracking function can track a specified port and decrease the priority of the switch when the port fails.
Using this function, you can enable the priority of a master switch to decrease by the specified value when the uplink port of the master switch fails. This in turn triggers the new master to be determined in the backup group.
& Note:
l The port to be tracked can be in the VLAN which the backup group VLAN interface belongs to.
l Up to eight ports can be tracked simultaneously.
Example
# Configure that the priority of the switch decreases by 50 if its Ethernet1/0/1 port fails.
<H3C> system-view
[H3C] vlan 2
[H3C-vlan2] port Ethernet1/0/1
[H3C-vlan2] quit
[H3C] interface Ethernet 1/0/1
[H3C-Ethernet1/0/1] vrrp vlan-interface 2 vrid 1 track reduced 50
1.1.7 vrrp vrid preempt-mode
Syntax
vrrp vrid virtual-router-id preempt-mode [ timer delay delay-value ]
undo vrrp vrid virtual-router-id preempt-mode
View
VLAN interface view
Parameter
virtual-router-id: VRRP backup group ID, ranging from 1 to 255.
delay-value: Delay period (in seconds), ranging from 0 to 255.
Description
Use the vrrp vrid preempt-mode command to configure a switch to operate in the preemptive mode and set the delay period.
Use the undo vrrp vrid preempt-mode command to cancel the configuration.
By default, switches in a backup group operate in the preemptive mode, with the delay period set to 0 seconds.
If you want a switch with high priority to preempt the master switch, configure the switch to operate in the preemptive mode. You can also set the delay period for preemption as needed.
As long as a switch in the backup group becomes the master switch, other switches, even if they are configured with a higher priority later, do not preempt the master switch unless they operate in preemptive mode. The switch operating in preemptive mode will become the master switch when it finds its priority is higher than that of the current master switch, and the former master switch becomes a backup switch accordingly.
You can configure an S3600 Ethernet switch to operate in preemptive mode. You can also set the delay period. A backup switch waits for a period of time (the delay period) before becoming a master switch. Setting a delay period aims at:
In an unstable network, backup switches in a backup group possibly cannot receive packets from the master in time due to network congestions even if the master operates properly. This causes the master of the backup group being determined frequently. With the configuration of delay period, the backup switch will wait for a while if it does not receive packets from the master switch in time. A new master is determined only after the backup switches do not receive packets from the master switch after the specified delay time.
& Note:
You can use the undo vrrp vrid preempt-mode command to set a switch in a backup group to operate in non-preemptive mode.
Example
# Configure the switch to operate in the preemptive mode.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] interface Vlan-interface 2
[H3C-Vlan-interface2] vrrp vrid 1 preempt-mode
# Set the delay period.
[H3C-Vlan-interface2] vrrp vrid 1 preempt-mode timer delay 5
# Configure the switch to operate in non-preemptive mode.
[H3C-Vlan-interface2] undo vrrp vrid 1 preempt-mode
1.1.8 vrrp vrid priority
Syntax
vrrp vrid virtual-router-id priority priority
undo vrrp vrid virtual-router-id priority
View
VLAN interface view
Parameter
virtual-router-id: VRRP backup group ID, ranging from 1 to 255.
priority: Switch priority to be set. This argument ranges from 1 to 254.
Description
Use the vrrp vrid priority command to set the priority of a switch in a backup group.
Use the undo vrrp vrid priority command to restore the default priority.
By default, the priority of a switch in a backup group is 100.
Switch priority determines the possibility for the switch to become a master switch. A switch with higher priority is more likely to become a master switch. Note that the priority of 0 is reserved for special use, and the priority of 255 is for IP address owners. That is, the priority of a switch that owns a virtual router IP address is fixed to 255 and cannot be modified.
Example
# Set the priority to 120 on VLAN-interface2 for the switch in the backup group.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] interface Vlan-interface 2
[H3C-Vlan-interface2] vrrp vrid 1 priority 120
1.1.9 vrrp vrid timer advertise
Syntax
vrrp vrid virtual-router-id timer advertise adver-interval
undo vrrp vrid virtual-router-id timer advertise
View
VLAN interface view
Parameter
virtual-router-id: VRRP backup group ID, ranging from 1 to 255.
adver-interval: Interval (in seconds) at which the master switch of a backup group sends VRRP packets, in seconds. This argument ranges from 1 to 255.
Description
Use the vrrp vrid timer advertise command to set the interval for the master switch of a backup group to send VRRP packets.
Use the undo vrrp vrid timer advertise command to revert to the default interval.
Note that configuration error occurs if switches of the same backup group are configured with different adver-interval values.
By default, the interval for the master switch in a backup group to send VRRP packets is 1 second.
Example
# Set the interval for the master switch to send VRRP packets to 15 seconds.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] interface Vlan-interface 2
[H3C-Vlan-interface2] vrrp vrid 1 timer advertise 15
1.1.10 vrrp vrid track
Syntax
vrrp vrid virtual-router-id track vlan-interface vlan-id [ reduced value-reduced ]
undo vrrp vrid virtual-router-id track vlan-interface vlan-id [ reduced value-reduced ]
View
VLAN interface view
Parameter
virtual-router-id: VRRP backup group ID, ranging form 1 to 255.
vlan-id: A VLAN interface ID to be tracked.
value-reduced: Value by which the priority decreases. This argument ranges from 1 to 255.
Description
Use the vrrp vrid track command to set a VLAN interface to be tracked.
Use the undo vrrp vrid track command to disable a VLAN interface from being tracked.
By default, the value by which the priority of the VLAN interface decreases is 10.
The VLAN interface tracking function extends the use of the backup function. With this function enabled, the backup function is applicable to the VLAN interface that belongs to a backup group and those that do not belong to a backup group. You can utilize the VLAN interface tracking function by specifying monitored VLAN interfaces.
With the VLAN interface tracking function enabled, the priority of a master switch decreases by the value set by the value-reduced argument when a tracked VLAN interface on the switch goes down. And other switches in the backup group, whose priorities are higher than the decreased priority of the master switch, may become the master switch.
& Note:
l The VLAN interface tracking function is not applicable to switches operating as IP address owners.
l A backup group can track up to eight VLAN interfaces simultaneously.
Example
# Configure VLAN-interface2 to track VLAN-interface1 and configure the priority of the master switch of backup group 1 (on VLAN-interface2) to decrease by 50 when VLAN-interface1 goes down.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] interface Vlan-interface 2
[H3C-Vlan-interface2] vrrp vrid 1 track vlan-interface 1 reduced 50
1.1.11 vrrp vrid track detect-group
Syntax
vrrp vrid virtual-router-id track detect-group group-number [ reduced value-reduced ]
undo vrrp vrid virtual-router-id track detect-group group-number
View
Parameter
virtual-router-id: Virtual router ID, ranging from 1 to 255.
group-number: Detecting group number, ranging from 1 to 25.
value-reduced: Value by which the priority decreases. This argument ranges from 1 to 255 and defaults to 10.
Description
Use the vrrp vrid track detect-group command to enable the auto detect function when employing VRRP.
Use the undo vrrp vrid track detect-group command to disable the auto detect function when employing VRRP.
You can control the priority of the VRRP backup group according to the auto detect result to enable automatic switch between the master switch and the backup switch.
l Decrease the priority of a backup group when the result of the detecting group is unreachable.
l Restore the priority of a backup group when the result of the detecting group is reachable.
l A detecting group can be used to detect up to eight Layer 3 interfaces.
l Currently, auto detect in VRRP is only supported in S3600-EI series switches.
Example
# Create detecting group 10 and specify to detect the IP address of 202.12.1.55.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] detect-group 10
[H3C-detect-group-10] detect-list 1 ip address 202.12.1.55
# Specify to decrease the priority of backup group 1 by 20 when the result of the detecting group is unreachable.
[H3C] interface vlan-interface 2
[H3C- Vlan-interface2] vrrp vrid 1 track detect-group 10 reduced 20
1.1.12 vrrp vrid virtual-ip
Syntax
vrrp vrid virtual-router-id virtual-ip virtual-address
undo vrrp vrid virtual-router-id virtual-ip virtual-address
View
VLAN interface view
Parameter
virtual-router-id: VRRP backup group ID, ranging from 1 to 255.
virtual-address: Virtual router IP address to be configured.
Description
Use the vrrp vrid virtual-ip command to add a virtual router IP address to an existing backup group.
Use the undo vrrp vrid virtual-ip command to remove a virtual router IP address from an existing backup group.
The vrrp vrid virtual-ip command can also be used to create a backup group. You can add up to 16 virtual router IP addresses to a backup group. The undo vrrp vrid virtual-ip command can also be used to remove an existing backup group or an IP address in the existing group. A backup group is removed if all the virtual router IP addresses configured for it are removed.
Example
# Create a backup group.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] interface Vlan-interface 2
[H3C-Vlan-interface2] vrrp vrid 1 virtual-ip 10.10.10.10
# Add a virtual router IP address to an existing backup group.
[H3C-Vlan-interface2] vrrp vrid 1 virtual-ip 10.10.10.11
# Remove a virtual router IP address from a backup group.
[H3C-Vlan-interface2] undo vrrp vrid 1 virtual-ip 10.10.10.10
# Remove a backup group.
[H3C-Vlan-interface2] undo vrrp vrid 1
