H3C S3600 Series Ethernet Switches Operation Manual-Release 1510(V1.04)

HomeSupportSwitchesH3C S3600 Switch SeriesConfigure & DeployConfiguration GuidesH3C S3600 Series Ethernet Switches Operation Manual-Release 1510(V1.04)
21-VRRP Operation
Title Size Download
21-VRRP Operation 543 KB

Chapter 1  VRRP Configuration

 

The S3600-EI series switches support the VRRP feature, but not the S3600-SI series.

 

1.1  VRRP Overview

Virtual router redundancy protocol (VRRP) is a fault-tolerant protocol.

As shown in Figure 1-1, in general,

l           A default route (for example, the next hop address of the default route is 10.100.10.1, as shown in the following figure) is configured for every host on a network.

l           The packets destined for the external network segments and sourced from these hosts go through the default routes to the Layer 3 Switch 1, implementing communication between these hosts and the external network.

l           If Switch 1 fails, all the hosts on this segment taking Switch 1 as the next-hop through the default routes are cut off from the external network.

Figure 1-1 LAN networking

VRRP, designed for LANs with multicast and broadcast capabilities (such as Ethernet), settles the problem caused by switch failures.

VRRP combines a group of LAN switches, including a master switch and several backup switches, into a virtual router, or a backup group

Figure 1-2 Virtual router

The switches in a backup group have the following features:

l           This virtual router has its own IP address: 10.100.10.1 (which can be the interface address of a switch within the backup group).

l           The switches within the backup group have their own IP addresses (such as 10.100.10.2 for the master switch and 10.100.10.3 for the backup switch).

l           Hosts on the LAN only know the IP address of this virtual router, that is, 10.100.10.1, but not the specific IP addresses 10.100.10.2 of the master switch and 10.100.10.3 of the backup switch.

l           Hosts in the LAN use the IP address of the virtual router (that is, 10.100.10.1) as their default next-hop IP addresses.

Therefore, hosts within the network will communicate with the other networks through this virtual router.

If the master switch in the backup group goes down, the backup switch with the highest priority functions as the new master switch to guarantee normal communication between the hosts and the external networks. This ensures the communications between the hosts and the external networks.

1.1.1  Virtual Router Overview

After you enable VRRP on the switches of a backup group, a virtual router is formed. You can perform related configuration on the virtual router.

I. Configuring a virtual router IP address

The IP address of the virtual router can be an unassigned IP address of the network segment where the backup group is located or the interface IP address of a member switch in the backup group. The virtual router IP address has the following features:

l           You can specify the virtual router IP address as the IP address used by a member switch in the backup group. In this case, the switch is called an IP address owner.

l           A backup group is established if it is assigned an IP address for the first time. If you then add other IP addresses to the backup group, the IP addresses are added to the virtual router IP address list of the backup group.

l           The virtual router IP address and the IP addresses used by the member switches in a backup group must belong to the same network segment. If not, the backup group will be in the initial state (the state before you configure the VRRP on the switches of the group). In this case, VRRP does not take effect.

l           A backup group is removed if all its virtual router IP addresses are removed. In this case, all the configurations performed for the backup group get ruined.

According to the standard VRRP, you will fail to use the ping command to ping the IP address of a virtual router. So the hosts connected to a switch in a backup group cannot judge with ping command whether an IP address is used by the backup group. If the IP address of a host is also used by the virtual router, all packets destined for the network segment will be forwarded to the host. In this case, data in this network segment cannot be forwarded properly.

Before enabling VRRP feature on an S3600 Ethernet switch, you can enable the switches in a backup group to respond the ping operations destined for the virtual router IP addresses. Therefore the above incident can be avoided. If VRRP is already enabled, the system does not support this configuration.

II. Mapping virtual IP addresses to MAC addresses

An S3600 Ethernet switch provides the following functions in addition to forwarding data correctly.

l           You can map multiple virtual IP addresses of the backup group to a virtual MAC address as needed. You can also map virtual IP addresses to the MAC address of a switch routing interface.

l           You need to map the IP addresses of the backup group to the MAC addresses before enabling VRRP feature on an S3600 Ethernet switch. If VRRP is already enabled, the system does not support this configuration.

By default, virtual router IP addresses are mapped to the virtual MAC address of a backup group.

 

&  Note:

When you map a virtual IP address to the virtual MAC address on an S3600 Ethernet switch, the number of backup groups that can be configured on a VLAN interface is determined by the chips used. Refer to device specification for details.

 

1.1.2  Introduction to Backup Group

I. Configurations available on switches in a backup group

VRRP can group switches in a LAN into a virtual router, which is also known as a backup group.

You can perform the following configuration on an S3600 Ethernet switch that belongs to a backup group.

Table 1-1 Configuration available on switches in a backup group

Configuration

Description

Related section

Configure switch priority

Required

Section 1.1.2  II.  "Configuring switch priority

Configure preemptive mode

Required

Section 1.1.2  III.  "Configuring preemptive mode for a switch in a backup group

Configure authentication type and authentication key

Optional

Section 1.1.2  IV.  "Configuring authentication type and authentication key for a switch in a backup group

Configure VRRP timer

Required

Section 1.1.2  V.  "Configuring VRRP timer

Configure the VLAN interfaces to be tracked for a backup group

Required

Section 1.1.2  VI.  "Configuring the VLAN interfaces to be tracked for a backup group

 

II. Configuring switch priority

You can configure the priority of a switch in a backup group. VRRP will determine the status of each switch in a backup group according to the priority of the switch. The master switch in a backup group is the one currently with the highest priority.

Switch priority ranges from 0 to 255 (a larger number indicates a higher switch priority) and defaults to 100. Note that only 1 through 254 are available to users. Switch priority of 255 is reserved for IP address owners.

 

&  Note:

The priority of the IP address owner is fixed to 255.

 

III. Configuring preemptive mode for a switch in a backup group

As long as a switch in the backup group becomes the master switch, other switches, even if they are configured with a higher priority later, do not preempt the master switch unless they operate in preemptive mode. The switch operating in preemptive mode will become the master switch when it finds its priority is higher than that of the current master switch, and the former master switch becomes a backup switch accordingly.

You can configure an S3600 Ethernet switch to operate in preemptive mode. You can also set the delay period. A backup switch waits for a period of time (the delay period) before becoming a master switch. Setting a delay period aims at:

In an unstable network, backup switches in a backup group possibly cannot receive packets from the master in time due to network congestions even if the master operates properly. This causes the master of the backup group being determined frequently. With the configuration of delay period, the backup switch will wait for a while if it does not receive packets from the master switch in time. A new master is determined only after the backup switches do not receive packets from the master switch after the specified delay time.

IV. Configuring authentication type and authentication key for a switch in a backup group

VRRP provides the following authentication types:

l           simple: Simple character authentication

l           md5: MD5 authentication

In a network under possible security threat, the authentication type can be set to simple. Then the switch adds the authentication key into the VRRP packets before transmitting them. The receiver will compare the authentication key of the packet with the locally configured one. If they are the same, the packet will be taken as a true and legal one. Otherwise it will be regarded as an illegal packet and be discarded. In this case, a simple authentication key should not exceed eight characters.

In a vulnerable network, the authentication type can be set to md5. The switch then uses the authentication type provided by the Authentication Header, and MD5 algorithm to authenticate the VRRP packets. In this case, you need to set an authentication key comprising up to eight characters or a 24-character encrypted string.

Packets that fail to pass the authentication are discarded. The switch then sends trap packets to the network management system.

V. Configuring VRRP timer

The master switch advertises its normal operation state to the switches within the VRRP backup group by sending VRRP packets once in each specified interval (determined by the adver-interval argument). If the backup switches do not receive VRRP packets from the master after a specific period (determined by the master-down-interval argument), they consider the master is down and initiates the process to determine the master switch.

You can adjust the frequency in which a master sends VRRP packets by setting the corresponding VRRP timers (that is, the adver-interval argument). The master-down-interval argument is usually three times of the adver-interval argument. Excessive network traffic or differences between the timers of different switches will result in master-down-interval timing out and state changing abnormally. Such problems can be solved through prolonging the adver-interval and setting delay time. If you configure the preemption delay for a backup switch, the switch preempts the master after the period specified by the preemption delay if it does not receive a VRRP packet from the master for the period specified by the master-down-interval argument.

VI. Configuring the VLAN interfaces to be tracked for a backup group

The VLAN interface tracking function expands the backup group function. With this function enabled, the backup group function is provided not only when the interface where the backup group resides fails, but also when other interfaces are unavailable. By executing the related command you can track an interface.

When a tracked VLAN interface goes down, the priority of the switch owning the interface will reduce automatically by a specified value (the value-reduced argument). If the switches with their priorities higher than that of the current master switch exist in the backup group, a new master switch will be then determined.

1.1.3  Introduction to the Port Tracking Function

VRRP backup group port tracking function can track the link state of the physical port, and decrease the priority of the switch when the physical port fails.

When the master’s uplink physical port fails, the priority of the master switch is decreased by a set value. This in turn triggers the new master to be determined in the backup group.

1.1.4  Auto Detect Implementation in VRRP

 

&  Note:

Currently, auto detect implementation in VRRP is only supported on S3600-EI series switches.

 

You can control the priority of the VRRP backup group according to the auto detect result to enable automatic switch between the master switch and the standby switch as follows:

l           Decrease the priority of a backup group when the result of the detecting group is unreachable.

l           Restore the priority of a backup group when the result of the detecting group is reachable.

Refer to Auto Detect Operation Manual for information about auto detect.

1.2  VRRP Configuration

1.2.1  Introduction to VRRP Configuration Tasks

Table 1-2 VRRP configuration tasks

Configuration

Description

Related section

Configure a virtual router IP address

Required

Section 1.2.2   "Configuring a Virtual Router IP Address

Configure backup group-related parameters

Required

Section 1.2.3   "Configuring Backup Group-Related Parameters

VRRP backup group interface tracking configuration

Optional

Section 1.2.4  Configuring the Port Tracking Function

VRRP auto detect configuration

Optional

Section 1.2.5  Configuring the Auto Detect Function for VRRP

 

1.2.2  Configuring a Virtual Router IP Address

Table 1-3 lists the operations to configure a virtual router IP address (suppose you have correctly configured the relation between the port and VLAN):

Table 1-3 Configure a virtual router IP address

Operation

Command

Description

Enter system view

system-view

Configure that the virtual IP address can be pinged

vrrp ping-enable

Optional

By default, the virtual IP address cannot be pinged.

Map the virtual router IP address to a MAC address

vrrp method { real-mac | virtual-mac }

Optional

By default, the virtual IP address of a backup group is mapped to a virtual router IP address.

Create a VLAN

vlan vlan-id

This operation creates the VLAN to which the backup group corresponds. The vlan-id argument is the ID of the VLAN.

Quit to system view

quit

Enter VLAN interface view

interface vlan-interface vlan-id

Configure a virtual router IP address

vrrp vrid virtual-router-id virtual-ip virtual-address

Optional

 

1.2.3  Configuring Backup Group-Related Parameters

Table 1-4 lists the operations to configure a switch in a backup group.

Table 1-4 Configure backup group-related parameters

Operation

Command

Description

Enter system view

system-view

Create a VLAN

vlan vlan-id

Quit to system view

quit

Enter VLAN interface view

interface vlan-interface valn-id

Configure the priority of the backup group

vrrp vrid virtual-router-id priority priority

Optional

By default, the priority of a backup group is 100.

Configure the preemptive mode and delay period for the backup group

vrrp vrid virtual-router-id preempt-mode [ timer delay delay-value ]

Optional

By default, a backup group operates in the preemptive mode.

Configure the authentication type and authentication key

vrrp authentication-mode authentication-type authentication-key

Optional

By default, a backup group does not perform authentication.

Configure the VRRP timer

vrrp vrid virtual-router-id timer advertise adver-interval

Optional

By default, the interval for the master switch in a backup group to send VRRP packets is 1 second.

Specify the interface to be tracked

vrrp vrid virtual-router-id track vlan-interface vlan-id [ reduced value-reduced ]

Optional

value-reduced: Value by which the priority is to be reduced. By default, this value is 10.

 

1.2.4  Configuring the Port Tracking Function

Table 1-5 Configure the VRRP backup group port tracking function

Operation

Command

Description

Enter system view

system-view

Create a VLAN

vlan vlan-id

Required

Add an Ethernet port to the VLAN

port interface-type interface-number

Quit to system view

quit

Quit the VLAN view to system view

Enter Ethernet port view

interface interface-type interface-number

Enable the port tracking function

vrrp vlan-interface vlan-id vrid virtual-router-id track [ reduced value-reduced ]

Required

By default, the value by which the priority of an Ethernet port is decreased is 10.

 

&  Note:

l      The port to be tracked can be in the VLAN which the VLAN interface of the backup group belongs to.

l      Up to eight ports can be monitored simultaneously.

 

1.2.5  Configuring the Auto Detect Function for VRRP

 

&  Note:

You need to create the detecting group and perform VRRP-related configurations before the following operations. Refer to Auto Detect Operation Manual for the creation of a detecting group.

 

Table 1-6 Configure the auto detect function for VRRP

Operation

Command

Description

Enter system view

system-view

Enter VLAN interface view

interface vlan-interface vlan-id

Enable the auto detect function for VRRP

vrrp vrid virtual-router-id track detect-group group-number [ reduced value-reduced ]

Required

 

&  Note:

A detecting group can be used to detect up to eight Layer 3 interfaces.

 

1.3  Displaying and Debugging VRRP

After the above configurations, you can execute the display command in any view to view VRRP configuration and verify the configuration effect. And you can execute the reset command in user view to clear the VRRP statistics.

Table 1-7 Display and debug VRRP

Operation

Command

Description

Display VRRP state information and statistics information

display vrrp [ interface vlan-interface vlan-id | statistics [ vlan-interface vlan-id ] ] [ virtual-router-id ]

The display command can be executed in any view.

Clear VRRP statistics

reset vrrp statistics [ vlan-interface vlan-id ] [ virtual-router-id ]

The reset command can be executed in user view.

 

1.4  VRRP Configuration Example

1.4.1  Single-VRRP Backup Group Configuration

I. Network requirements

Host A uses the VRRP virtual router comprising switch A and switch B as its default gateway to visit host B on the Internet.

The information about the VRRP backup group is as follows:

l           VRRP backup group ID: 1

l           Virtual router IP address: 202.38.160.111

l           Master switch: Switch A

l           Backup switch: Switch B

l           Preemptive mode: enabled

Table 1-8 Network description

Switch

Ethernet port connecting to Host A

IP address of the VLAN interface

Switch priority in the backup group

Preemptive mode

LSW-A

Ethernet 1/0/6

202.38.160.1/24

110

Enabled

LSW-B

Ethernet 1/0/5

202.38.160.2/24

100 (default)

Enabled

 

II. Network diagram

Figure 1-3 Network diagram for single-VRRP backup group configuration

III. Configuration procedure

l           Configure Switch A.

# Configure VLAN 2.

<LSW-A> system-view

[LSW-A] vlan 2

[LSW-A-vlan2] port Ethernet 1/0/6

[LSW-A-vlan2] quit

[LSW-A] interface Vlan-interface 2

[LSW-A-Vlan-interface2] ip address 202.38.160.1 255.255.255.0

[LSW-A-Vlan-interface2] quit

# Enable a backup group to respond to ping operations destined for its virtual router IP address.

[LSW-A] vrrp ping-enable

# Create a backup group.

[LSW-A] interface vlan 2

[LSW-A-Vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111

# Set the priority for the backup group.

[LSW-A-Vlan-interface2] vrrp vrid 1 priority 110

# Configure the preemptive mode for the backup group.

[LSW-A-Vlan-interface2] vrrp vrid 1 preempt-mode

l           Configure Switch B.

# Configure VLAN 2.

<LSW-B> system-view

System View: return to User View with Ctrl+Z.

[LSW-B] vlan 2

[LSW-B-Vlan2] port Ethernet 1/0/5

[LSW-B-vlan2] quit

[LSW-B] interface Vlan-interface 2

[LSW-B-Vlan-interface2] ip address 202.38.160.2 255.255.255.0

[LSW-B-Vlan-interface2] quit

# Enable a backup group to respond to ping operations destined for its virtual router IP address.

[LSW-B] vrrp ping-enable

# Create a backup group.

[LSW-B] interface vlan 2

[LSW-B-Vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111

# Configure the preemptive mode for the backup group.

[LSW-B-Vlan-interface2] vrrp vrid 1 preempt-mode

The IP address of the default gateway of Host A can be configured to be 202.38.160.111.

Normally, Switch A functions as the gateway, but when Switch A is turned off or fails, Switch B will function as the gateway instead.

Configure Switch A to operate in preemptive mode, so that it can resume its gateway function as the master switch after recovery.

1.4.2  VRRP Tracking Interface Configuration

I. Network requirements

Even when Switch A is still functioning, Switch B (with another link to connect with the outside) can function as a gateway when the interface on Switch A and connecting to Internet does not function properly. This can be implemented by enabling the VLAN interface tracking function.

The VRRP backup group ID is set to 1, with configurations of authorization key and timer.

II. Network diagram

Figure 1-4 Network diagram for interface tracking configuration

III. Configuration procedure

l           Configure Switch A.

# Configure VLAN 2.

<LSW-A> system-view

System View: return to User View with Ctrl+Z.

[LSW-A] vlan 2

[LSW-A-vlan2] port Ethernet 1/0/6

[LSW-A-vlan2] quit

[LSW-A] interface Vlan-interface 2

[LSW-A-Vlan-interface2] ip address 202.38.160.1 255.255.255.0

[LSW-A-Vlan-interface2] quit

# Configure that the virtual router can be pinged.

[LSW-A] vrrp ping-enable

# Create a backup group.

[LSW-A] interface Vlan-interface 2

[LSW-A-Vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111

# Set the priority for the backup group.

[LSW-A-Vlan-interface2] vrrp vrid 1 priority 110

# Set the authentication type for the backup group to md5, and the password to abc123.

[LSW-A-Vlan-interface2] vrrp authentication-mode md5 abc123

# Configure the master switch to send VRRP packets every 5 seconds.

[LSW-A-Vlan-interface2] vrrp vrid 1 timer advertise 5

# Set the tracked VLAN interface.

[LSW-A-Vlan-interface2] vrrp vrid 1 track Vlan-interface 3 reduced 30

l           Configure switch B.

# Configure VLAN 2.

<LSW-B> system-view

System View: return to User View with Ctrl+Z.

[LSW-B] vlan 2

[LSW-B-vlan2] port Ethernet 1/0/5

[LSW-B-vlan2] quit

[LSW-B] interface Vlan-interface 2

[LSW-B-Vlan-interface2] ip address 202.38.160.2 255.255.255.0

[LSW-B-Vlan-interface2] quit

# Configure that the virtual router can be pinged.

[LSW-B] vrrp ping-enable

# Create a backup group.

[LSW-B] interface Vlan-interface 2

[LSW-B-Vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111

# Configure the authentication key for the backup group.

[LSW-B-Vlan-interface2] vrrp authentication-mode md5 abc123

# Configure the master to send VRRP packets every 5 seconds.

[LSW-B-Vlan-interface2] vrrp vrid 1 timer advertise 5

Normally, Switch A functions as the gateway, but when VLAN-interface3 on Switch A goes down, its priority will be reduced by 30, lower than that of Switch B so that Switch B will preempt the master for gateway services instead.

When VLAN-interface3 recovers, switch A will resume its gateway function as the master.

1.4.3  Multiple-VRRP Backup Group Configuration

I. Network requirements

A switch can function as backup switches of multiple backup groups.

Multiple-backup group configuration can implement load balancing. For example, Switch A operates as the master switch of backup group 1 and a backup switch in backup group 2. Similarly, Switch B operates as the master switch of backup group 2 and a backup switch in backup group 1. Some hosts in the network take virtual router 1 as the gateway, while others take virtual router 2 as the gateway. In this way, both load balancing and mutual backup are implemented.

II. Network diagram

Figure 1-5 Network diagram for multiple-VRRP backup group configuration

III. Configuration procedure

l           Configure Switch A.

# Configure VLAN 2.

<LSW-A> system-view

System View: return to User View with Ctrl+Z.

[LSW-A] vlan 2

[LSW-A-vlan2] port Ethernet 1/0/6

[LSW-A-vlan2] quit

[LSW-A] interface Vlan-interface 2

[LSW-A-Vlan-interface2] ip address 202.38.160.1 255.255.255.0

# Create backup group 1.

[LSW-A-Vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111

# Set the priority for backup group 1.

[LSW-A-Vlan-interface2] vrrp vrid 1 priority 150

# Create backup group 2.

[LSW-A-Vlan-interface2] vrrp vrid 2 virtual-ip 202.38.160.112

l           Configure Switch B.

# Configure VLAN 2.

<LSW-B> system-view

System View: return to User View with Ctrl+Z.

[LSW-B] vlan 2

[LSW-B-vlan2] port Ethernet 1/0/6

[LSW-B-vlan2] quit

[LSW-B] interface vlan-interface 2

[LSW-B-Vlan-interface2] ip address 202.38.160.2 255.255.255.0

# Create backup group 1.

[LSW-B-Vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111

# Create backup group 2.

[LSW-B-Vlan-interface2] vrrp vrid 2 virtual-ip 202.38.160.112

# Set the priority for backup group 2.

[LSW-B-Vlan-interface2] vrrp vrid 2 priority 110

 

&  Note:

Normally, multiple backup groups are used in actual use.

 

1.4.4  Port Tracking Configuration Example

I. Network requirements

l           Backup group 1 comprises two switches, which operate as the master switch and the backup switch.

l           The actual IP addresses of the master and the backup switches are 10.100.10.2 and 10.100.10.3 respectively.

l           The master switch is connected to the upstream network through its Ethernet1/0/1 port. The backup switch is connected to the upstream network through its Ethernet1/0/2 port.

l           The virtual router IP address of the backup group is 10.100.10.1.

l           Enable the port tracking function on Ethernet1/0/1 port of the master switch and specify that the priority of the master decreases by 50 when Ethernet1/0/1 port fails, which triggers new master switch being determined in the backup group 1.

II. Network diagram

Figure 1-6 Network diagram for VRRP port tracking configuration

III. Configuration procedure

l           Configure the master switch.

# Enter system view.

<H3C> system-view

# Create VLAN 2.

[H3C] vlan 2

[H3C-vlan2] port Ethernet1/0/1

[H3C-vlan2] quit

# Enter Ethernet1/0/1 port view and enable the port tracking function.

[H3C] interface Ethernet1/0/1

[H3C-Ethernet1/0/1] vrrp vlan-interface 2 vrid 1 track reduced 50

1.4.5  VRRP Auto Detect Configuration Example

I. Network requirements

l           Switch B and switch D form VRRP backup group 1, whose virtual IP address is 192.168.1.10. Normally, packets sourced from Switch A and destined for Switch C are forwarded by Switch B.

l           When the connection between Switch B and Switch C fails, Switch D becomes the Master in backup group 1 automatically and the link from Switch D to Switch C, namely the secondary link, is enabled.

II. Network diagram

Figure 1-7 Network diagram for implementing the auto detect function in VRRP

III. Configuration procedure

l           Configure Switch B.

# Create detecting group 9.

<H3C B> system-view

[H3C B] detect-group 9

# Specify to detect the reachability of the IP address 10.1.1.4, setting the detect number to 1.

[H3C B-detect-group-9] detect-list 1 ip address 10.1.1.4

[H3C B-detect-group-9] quit

# Assign an IP address to VLAN-interface1.

[H3C B] interface vlan-interface 1

[H3C B-Vlan-interface1] ip address 192.168.1.2 24

# Enable VRRP on VLAN-interface1 and assign a virtual IP address to the backup group.

[H3C B-Vlan-interface1] vrrp vrid 1 virtual-ip 192.168.1.10

# Set the backup group priority of switch B to 110, and specify to decrease the priority by 20 when the result of detecting group 9 is unreachable.

[H3C B-Vlan-interface1] vrrp vrid 1 priority 110

[H3C B-Vlan-interface1] vrrp vrid 1 track detect-group 9 reduced 20

l           Configure Switch D.

# Assign an IP address to VLAN-interface1.

<H3C D> system-view

[H3C D] interface vlan-interface 1

[H3C D-Vlan-interface1] ip address 192.168.1.3 24

# Crate a backup group on VLAN-interface1 and assign a virtual IP address to the backup group.

[H3C D-Vlan-interface1] vrrp vrid 1 virtual-ip 192.168.1.10

# Set the backup group priority of Switch D to 100.

[H3C D-Vlan-interface1] vrrp vrid 1 priority 100

1.5  Troubleshooting VRRP

You can locate VRRP problems through the configuration and debugging information. Here are some possible failures you might meet and the corresponding troubleshooting methods.

I. Symptom 1: Frequent prompts of configuration errors on the console

This indicates that incorrect VRRP packets are received. It may be because of the inconsistent configuration of the switches within the backup group, or the attempt of other devices sending illegal VRRP packets. The first possible fault can be solved through modifying the configuration. And as the second possibility is caused by the malicious attempt of some devices, non-technical measures should be taken.

II. Symptom 2: More than one master existing within a backup group

There are also 2 reasons. One is short coexistence of many master switches, which is normal and needs no manual intervention. Another is long coexistence of many master switches, which may be caused because the original master switch and other member switches in a backup group cannot receive VRRP packets from each other, or receive some illegal packets.

To solve such a problem, an attempt should be made to ping among these masters and if such an attempt fails, check the connectivity between related devices. If they can be pinged, check VRRP configuration. For the configuration of a VRRP backup group, complete consistency for the number of virtual IP addresses, each virtual IP address, timer interval and authentication type configured on each member switch must be guaranteed.

III. Symptom 3: VRRP state of a switch changes repeatedly

Such problems occur when the backup group timer interval is too short. They can be solved through prolonging the interval or configuring the preemption delay period.

 

  • Cloud & AI
  • InterConnect
  • Intelligent Computing
  • Security
  • SMB Products
  • Intelligent Terminal Products
  • Product Support Services
  • Technical Service Solutions
All Services
  • Resource Center
  • Policy
  • Online Help
All Support
  • Become a Partner
  • Partner Resources
  • Partner Business Management
All Partners
  • Profile
  • News & Events
  • Online Exhibition Center
  • Contact Us
All About Us
新华三官网