Table of Contents

1 VRRP Configuration Commands· 1-1

VRRP Configuration Commands· 1-1

display vrrp· 1-1

display vrrp statistics· 1-3

reset vrrp statistics· 1-5

vrrp method· 1-5

vrrp ping-enable· 1-6

vrrp vlan-interface vrid track· 1-7

vrrp vrid authentication-mode· 1-8

vrrp vrid preempt-mode· 1-9

vrrp vrid priority· 1-10

vrrp vrid timer advertise· 1-10

vrrp vrid track interface· 1-11

vrrp vrid track detect-group· 1-12

vrrp vrid virtual-ip· 1-13

 

 

 

 

VRRP Configuration Commands

display vrrp

Syntax

display vrrp [ verbose ] [ interface vlan-interface vlan-id [ vrid virtual-router-id ] ]

View

Any view

Parameters

verbose: Displays detailed state information of VRRP.

vlan-interface vlan-id: Displays VRRP state information of the specified VLAN interface. vlan-id is the VLAN interface ID.

vrid virtual-router-id: Displays state information of the specified VRRP group. virtual-router-id is the VRRP group ID, in the range 1 to 255.

Description

Use the display vrrp command to display the brief VRRP state information. For details, refer to Table 1-1.

Use display vrrp verbose command to display the detailed VRRP state information. refer to Table 1-2 for details.

l          If you do not specify a VLAN interface or a VRRP group, the command will display the state information of all VRRP groups on the switch.

l          If you specify a VLAN interface only, the command will display the state information of all VRRP groups on the specified VLAN interface.

l          If you specify both a VLAN interface and a VRRP group, the command will display the state information of the specified VRRP group on the specified VLAN interface.

Examples

# Display the VRRP state information about all the VRRP groups on the switch.

<Sysname> display vrrp

 Run Method      : VIRTUAL-MAC

 Virtual Ip Ping : Disable

 The total number of the virtual routers:  1

  Interface     VRID  State       Run     Adver.  Auth  Virtual

                                  Pri     Time    Type  IP

--------------------------------------------------------------------------

  Vlan2         2     Initialize  100     1       NONE   173.160.0.1 

Table 1-1 Description on the fields of the display vrrp command

Field	Description
Run Method	Current VRRP running method, including REAL-MAC and VIRTUAL-MAC
Virtual IP ping	Whether you can ping the virtual IP address of the VRRP group
Interface	Interface where the VRRP group resides
VRID	ID of the virtual router
State	Status of the current switch in the VRRP group, including Master, Backup and Initialize
Run Pri	Running priority
Adver. Timer	Interval for sending VRRP advertisements
Auth Type	Authentication type, including NONE, SIMPLE, and MD5
Virtual IP	Virtual IP address of the VRRP group

 

# Display detailed information about all VRRP groups on the switch.

<Sysname> display vrrp verbose

 Run Method      : VIRTUAL-MAC

 Virtual Ip Ping : Disable

 Interface       : Vlan-interface1

 VRID            : 1                    Adver. Timer    : 1

 Admin Status    : UP                   State           : Master

 Config Pri      : 100                  Run Pri         : 100

 Preempt Mode    : YES                  Delay Time      : 0

 Auth Type       : NONE

 Virtual IP      : 192.168.0.133

 Virtual MAC     : 0000-5e00-0101

 Master IP       : 192.168.0.68

Table 1-2 Description on the fields of the display vrrp verbose command

Field	Description
Run Method	Current VRRP running method, including REAL-MAC and VIRTUAL-MAC
Virtual Ip Ping	Whether you can ping the virtual IP address of the VRRP group
Interface	Interface where the VRRP group resides
VRID	VRRP group ID
Adver. Timer	Interval for sending VRRP advertisements
Admin Status	Administrative state: UP or DOWN
State	Status of the current switch in the VRRP group, including Master, Backup and Initialize
Config Pri	Configured priority
Run Pri	Running priority
Preempt Mode	Preemptive mode
Delay Time	Preemption delay
Auth Type	Authentication type, including NONE, SIMPLE, and MD5
Virtual IP	Virtual IP address of the VRRP group
Virtual MAC	Virtual MAC address corresponding to the virtual IP address of the VRRP group. It is displayed only when the switch is in the state of master.
Master IP	Primary IP address of the master’s interface where the VRRP group is configured.

 

display vrrp statistics

Syntax

display vrrp statistics [ interface vlan-interface vlan-id [ vrid virtual-router-id ] ]

View

Any view

Parameters

vlan-interface vlan-id: Specifies a VLAN interface by its VLAN ID. vlan-id is the ID of the VLAN interface.

vrid virtual-router-id: Specifies a VRRP group. virtual-router-id is the VRRP group ID, ranging from 1 to 255.

Description

Use the display vrrp statistics command to display the VRRP statistics information of VRRP group(s). Refer to Table 1-3 for the displayed information.

l          If neither a VLAN interface nor a VRRP group is specified, the statistics information about all the VRRP groups on the switch is displayed.

l          If only a VLAN interface is specified, the statistics information about all the VRRP groups on the specified VLAN interface is displayed.

l          If both a VLAN interface and a VRRP group are specified, the statistics information about the specified VRRP group on the specified VLAN interface is displayed.

You can clear the VRRP statistics by using the reset vrrp statistics command.

Related commands: reset vrrp statistics

Examples

# Display the VRRP statistics information about all the VRRP groups.

<Sysname> display vrrp statistics

 Interface              : Vlan-interface1

 VRID                   : 1

 CheckSum Errors        : 0          Version Errors                 : 0

 VRID Errors            : 0          Advertisement Interval Errors  : 0

 IP TTL Errors          : 0          Auth Failures                  : 0

 Invalid Auth Type      : 0          Auth Type Mismatch             : 0

 Packet Length Errors   : 0          Address List Errors            : 0

 Become Master          : 1          Priority Zero Pkts Rcvd        : 0

 Advertise Rcvd         : 0          Priority Zero Pkts Sent        : 0

 Invalid Type Pkts Rcvd : 0      

Table 1-3 Description on the fields of the display vrrp statistics command

Field	Description
Interface	Interface where the VRRP group resides
VRID	VRRP group ID
CheckSum Errors	Number of checksum errors
Version Errors	Number of version errors
VRID Errors	Number of virtual router ID errors
Advertisement Interval Errors	Number of errors of the interval for sending VRRP advertisements
IP TTL Errors	Number of TTL errors
Auth Failures	Number of authentication errors
Invalid Auth Type	Number of invalid authentication types
Auth Type Mismatch	Number of mismatched authentication types
Packet Length Errors	Number of VRRP packet length errors
Address List Errors	Number of the virtual IP address list errors
Become Master	Number of the occasions where the current switch operates as the master
Priority Zero Pkts Rcvd	Number of the received VRRP advertisements with the priority of 0
Advertise Rcvd	Number of the received VRRP advertisements
Priority Zero Pkts Sent	Number of the sent advertisements with the priority of 0
Invalid Type Pkts Rcvd	Number of the packet type errors

 

reset vrrp statistics

Syntax

reset vrrp statistics [ interface vlan-interface vlan-id [ vrid virtual-router-id ] ]

View

User view

Parameters

vlan-interface vlan-id: Specifies a VLAN interface by its ID. vlan-id is the ID of a VLAN interface.

vrid virtual-router-id: Specifies a VRRP group. virtual-router-id is the VRRP group ID, ranging from 1 to 255.

Description

Use the reset vrrp statistics command to clear the VRRP statistics information.

When you execute this command,

l          If neither a VLAN interface nor a VRRP group is specified, the statistics information about all the VRRP groups on the switch is cleared.

l          If only a VLAN interface is specified, the statistics information about all the VRRP groups on the specified VLAN interface is cleared.

l          If both a VLAN interface and a VRRP group are specified, the statistics information about the specified VRRP group on the specified VLAN interface is cleared.

You can view the current VRRP statistics by using the display vrrp statistics command.

Related commands: display vrrp statistics

Examples

# Clear the VRRP statistics information about all the interfaces on the switch.

<Sysname> reset vrrp statistics

vrrp method

Syntax

vrrp method { real-mac | virtual-mac }

undo vrrp method

View

System view

Parameters

real-mac: Maps the real MAC address of the switch to the virtual IP address of the VRRP group.

virtual-mac: Maps the virtual MAC address of the VRRP group to the virtual IP address of the VRRP group.

Description

Use the vrrp method command to configure the MAC-Virtual IP address mapping for VRRP groups. You can configure to map the real MAC address of the switch to the virtual IP address of a VRRP group or configure to map the virtual MAC address of a VRRP group to the virtual IP address of the VRRP group.

Use the undo vrrp method command to restore the default.

By default, the virtual MAC address of a VRRP group is mapped to the virtual IP address of the VRRP group.

Note that the mapping relationship between the MAC address and the virtual IP address must be configured before any VRRP group is created. If a VRRP group already exists on the switch, you are not allowed to modify the mapping relationship.

Examples

# Map the MAC address of a VLAN interface to the virtual IP address of the VRRP group.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] vrrp method real-mac

vrrp ping-enable

Syntax

vrrp ping-enable

undo vrrp ping-enable

View

System view

Parameters

None

Description

Use the vrrp ping-enable command to enable a VRRP group to respond to ping packets destined for its virtual router IP address.

Use the undo vrrp ping-enable command to restore the default.

By default, a VRRP group does not respond to ping packets destined for its virtual router IP address.

Note that this command must be configured before any VRRP group is created. If a VRRP group already exists on the switch, you are not allowed to execute the command.

Examples

# Enable a VRRP group to respond to ping packets destined for its virtual router IP address.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] vrrp ping-enable

vrrp vlan-interface vrid track

Syntax

vrrp vlan-interface vlan-id vrid virtual-router-id track [ reduced value-reduced ]

undo vrrp vlan-interface vlan-id vrid virtual-router-id track

View

Ethernet port view

Parameters

virtual-router-id: VRRP group ID, ranging from 1 to 255.

vlan-id: VLAN ID.

value-reduced: Value by which the priority of a switch is to decrease. This argument ranges from 1 to 255, and defaults to 10.

Description

Use the vrrp vlan-interface vrid track command to enable the port tracking function of a VRRP group on a physical port.

Use the undo vrrp vlan-interface vrid track command to disable the port tracking function.

After the port tracking function of a VRRP group is enabled on a port, this function will track the link status of the port. If a fault occurs on the port, the function decreases the priority of the switch where the port resides by a specified value.

Usually, this function is used to track the status of the uplink port of the master in a VRRP group. Thereby, when the uplink port of the master fails, the master’s priority will decrease by a specified value, so as to trigger a new master election in the VRRP group.

 

 

Examples

# Configure that the priority of the switch decreases by 50 if its Ethernet 1/0/1 port fails.

<Sysname> system-view

[Sysname] vlan 2

[Sysname-vlan2] port Ethernet1/0/1

[Sysname-vlan2] quit

[Sysname] interface Ethernet 1/0/1

[Sysname-Ethernet1/0/1] vrrp vlan-interface 2 vrid 1 track reduced 50

vrrp vrid authentication-mode

Syntax

vrrp vrid virtual-router-id authentication-mode authentication-type authentication-key

undo vrrp vrid virtual-router-id authentication-mode

View

VLAN interface view

Parameters

virtual-router-id: VRRP group ID, ranging from 1 to 255.

authentication-type: Authentication type, which can be:

l          simple: Indicates to perform simple text authentication.

l          md5: Indicates to perform the authentication by using MD5 algorithm.

authentication-key: Authentication key, which can be:

l          When the authentication type is simple, the authentication key is in plain text and can contain one to eight characters.

l          When the authentication type is md5, the authentication key can be a string of one to eight characters in plain text, such as 1234567, or a 24-character MD5 encrypted string, such as _(TT8F]Y\5SQ=^Q`MAF4<1!!.

Description

Use the vrrp vrid authentication-mode command to specify the authentication type and the authentication key for a VRRP group to receive and send VRRP packets.

Use the undo vrrp vrid authentication-mode command to restore the default.

By default, no VRRP authentication is configured.

Note that:

l          The authentication key is case sensitive.

l          Before configuring VRRP authentication on a VLAN interface, you need to create a VRRP group and configure the virtual IP address of it on the VLAN interface.

l          This command sets the authentication type and authentication key for all the VRRP groups on an interface. This is determined by the protocol, which defines that all the VRRP groups on an interface share the same authentication type and authentication key. Besides, all the members joining the same VRRP group should also share the same authentication type and authentication key.

Examples

# Set the authentication type of VRRP group 1 on VLAN-interface 2 to simple and the authentication key for it to aabbcc.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] interface Vlan-interface 2

[Sysname-Vlan-interface2] vrrp vrid 1 virtual-ip 10.1.1.1

[Sysname-Vlan-interface2] vrrp vrid 1 authentication-mode simple aabbcc

vrrp vrid preempt-mode

Syntax

vrrp vrid virtual-router-id preempt-mode [ timer delay delay-value ]

undo vrrp vrid virtual-router-id preempt-mode

View

VLAN interface view

Parameters

virtual-router-id: VRRP group ID, ranging from 1 to 255.

delay-value: Preemption delay period (in seconds), ranging from 0 to 255.

Description

Use the vrrp vrid preempt-mode command to configure a switch to operate in the preemptive mode and set the preemption delay period.

Use the undo vrrp vrid preempt-mode command to cancel the configuration, that is, configure the switch to work in the non-preemptive mode.

By default, switches in a VRRP group operate in the preemptive mode, with the preemption delay period set to 0 seconds.

If you want a switch with high priority to preempt the master, configure the switch to operate in the preemptive mode. You can also set the delay period for preemption as needed.

For S3600 series, you can enable the preemptive mode for switches in a VRRP group:

l          In a VRRP group where the preemptive mode is not enabled, once a switch in the VRRP group becomes the master, other switches, even if they are with a higher priority later, do not preempt the master as long as the master is not down.

l          In a VRRP group where switches are enabled with the preemptive mode, a backup sends out VRRP advertisements to trigger a new master election if it finds its priority is higher than that of the current master, and finally becomes the new master. The former master becomes a backup accordingly.

You can also set the preemptive delay for the switches in a VRRP group. Setting a preemption delay period aims at:

l          In an unstable network, backups in a VRRP group possibly cannot receive VRRP advertisements from the master in time due to network congestions. This causes the master of the VRRP group to be determined frequently. In this case, the backup considers itself as the master and sends out VRRP advertisements to elect the master. This causes the master of the VRRP group to be determined frequently.

l          With the configuration of preemption delay, if a backup does not receive VRRP advertisements from the master in time, it waits for a while before switching to a new master. The backup does not send VRRP advertisements if it receives VRRP advertisements from the master during the specified delay period.

Examples

# Configure the switch to operate in the preemptive mode.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] interface Vlan-interface 2

[Sysname-Vlan-interface2] vrrp vrid 1 preempt-mode

# Set the preemption delay period.

[Sysname-Vlan-interface2] vrrp vrid 1 preempt-mode timer delay 5

# Configure the switch to operate in non-preemptive mode.

[Sysname-Vlan-interface2] undo vrrp vrid 1 preempt-mode

vrrp vrid priority

Syntax

vrrp vrid virtual-router-id priority priority

undo vrrp vrid virtual-router-id priority

View

VLAN interface view

Parameters

virtual-router-id: VRRP group ID, ranging from 1 to 255.

priority: Switch priority to be set. This argument ranges from 1 to 254.

Description

Use the vrrp vrid priority command to set the priority of a switch in a VRRP group.

Use the undo vrrp vrid priority command to restore the default priority.

By default, the priority of a switch in a VRRP group is 100.

Switch priority determines the possibility for the switch to become a master. A switch with higher priority is more likely to become a master. Switch priority ranges from 0 to 255 (a larger number indicates a higher switch priority) and defaults to 100. Note that only 1 through 254 are available to users. Switch priority 0 and 255 are reserved for special uses and IP address owner respectively. If a switch is an IP address owner, its priority is always 255 and not configurable. So if an IP address owner exists in a VRRP group, the switch (the IP address owner) is the master of the VRRP group as along as it can work properly.

Examples

# Set the priority to 120 on VLAN-interface 2 for the switch in the VRRP group.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] interface Vlan-interface 2

[Sysname-Vlan-interface2] vrrp vrid 1 priority 120

vrrp vrid timer advertise

Syntax

vrrp vrid virtual-router-id timer advertise adver-interval

undo vrrp vrid virtual-router-id timer advertise

View

VLAN interface view

Parameters

virtual-router-id: VRRP group ID, ranging from 1 to 255.

adver-interval: Interval (in seconds) at which the master of a VRRP group sends VRRP advertisement packets, in seconds. This argument ranges from 1 to 255 and defaults to 1.

Description

Use the vrrp vrid timer advertise command to set the interval for the master of a VRRP group to send VRRP advertisements.

Use the undo vrrp vrid timer advertise command to restore to the default interval.

By default, the interval for the master in a VRRP group to send VRRP advertisements is 1 second.

The master of a VRRP group will send VRRP advertisements at a specified interval to inform backups of the VRRP group that it works normally. If backups receive no VRRP advertisement packet after waiting for a period three times of the advertisement interval, they send VRRP advertisements to other members of the VRRP group to elect a new master.

Note that configuration error occurs if switches of the same VRRP group are configured with different adver-interval values.

Examples

# Set the interval for the master to send VRRP advertisements to 15 seconds.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] interface Vlan-interface 2

[Sysname-Vlan-interface2] vrrp vrid 1 timer advertise 15

vrrp vrid track interface

Syntax

vrrp vrid virtual-router-id track interface vlan-interface vlan-id [ reduced value-reduced ]

undo vrrp vrid virtual-router-id track interface vlan-interface vlan-id

View

VLAN interface view

Parameters

virtual-router-id: VRRP group ID, ranging from 1 to 255.

vlan-id: A VLAN interface ID to be tracked.

value-reduced: Value by which the priority decreases. This argument ranges from 1 to 255 and defaults to 10.

Description

Use the vrrp vrid track interface command to set a VLAN interface to be tracked.

Use the undo vrrp vrid track interface command to disable a VLAN interface from being tracked.

The VLAN interface tracking function extends the use of the backup function. With this function enabled on a switch, the backup function can take effect not only when the VLAN interface where a VRRP group resides fails, but also when some other VLAN interfaces on the switch fail. You can utilize the VLAN interface tracking function by specifying monitored VLAN interfaces.

When the tracked VLAN interface on the master of a VRRP group is down, the priority of the master decreases by the value set by the value-reduced argument, allowing a switch with the highest priority in the VRRP group becomes the master.

 

 

Examples

# On VLAN-interface 2, configure to track VLAN-interface 1 and configure the priority of the master of VRRP group 1 (on VLAN-interface 2) to decrease by 50 when VLAN-interface 1 goes down.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] interface Vlan-interface 2

[Sysname-Vlan-interface2] vrrp vrid 1 track interface vlan-interface 1 reduced 50

vrrp vrid track detect-group

Syntax

vrrp vrid virtual-router-id track detect-group group-number [ reduced value-reduced ]

undo vrrp vrid virtual-router-id track detect-group group-number

View

VLAN interface view

Parameters

virtual-router-id: Virtual VRRP group ID, ranging from 1 to 255.

group-number: Detected group number, ranging from 1 to 25.

value-reduced: Value by which the priority decreases. This argument ranges from 1 to 255 and defaults to 10.

Description

Use the vrrp vrid track detect-group command to enable the auto detect function when employing VRRP.

Use the undo vrrp vrid track detect-group command to disable the auto detect implementation in VRRP.

The auto detect result of the detected group can control the priority of a switch in a VRRP group. In this way, the automatic switching between the master and the backup is implemented.

l          Decrease the priority of a switch in a VRRP group when the result of the detected group is unreachable.

l          Restore the priority of the switch in the VRRP group when the result of the detected group is reachable.

 

 

Examples

# Create detected group 10 and specify to detect the IP address of 202.12.1.55.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] detect-group 10

[Sysname-detect-group-10] detect-list 1 ip address 202.12.1.55

# Specify to decrease the priority of the master of VRRP group 1 by 20 when detected group 10 is unreachable.

[Sysname] interface vlan-interface 2

[Sysname- Vlan-interface2] vrrp vrid 1 track detect-group 10 reduced 20

vrrp vrid virtual-ip

Syntax

vrrp vrid virtual-router-id virtual-ip virtual-address

undo vrrp vrid virtual-router-id [ virtual-ip virtual-address ]

View

VLAN interface view

Parameters

virtual-router-id: VRRP group ID, ranging from 1 to 255.

virtual-address: Virtual IP address to be configured.

Description

Use the vrrp vrid virtual-ip command to create a VRRP group and configure the virtual IP address for the VRRP group, or add a virtual IP address to the virtual IP address list of an existing VRRP group. You can add up to 16 virtual IP addresses for a VRRP group.

Use the undo vrrp vrid virtual-ip command to remove an existing VRRP group, or remove a virtual IP address from the virtual IP address list of an existing VRRP group. A VRRP group is removed if all its virtual IP addresses are removed.

By default, no VRRP group is created.

Note that:

l          A virtual IP address cannot be an all-zero address (0.0.0.0), a broadcast address (255.255.255.255), a loopback interface, a non-A/B/C class address, or an illegal IP address, such as 0.0.0.1.

l          Virtual IP addresses of a VRRP group must be in the same network segment with the IP address of the interface where the VRRP group is configured. Otherwise, the VRRP group cannot work normally.

 

 

Examples

# Create a VRRP group.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] interface Vlan-interface 2

[Sysname-Vlan-interface2] vrrp vrid 1 virtual-ip 10.10.10.10

# Add a virtual IP address to an existing VRRP group.

[Sysname-Vlan-interface2] vrrp vrid 1 virtual-ip 10.10.10.11

# Remove a virtual IP address from a VRRP group.

[Sysname-Vlan-interface2] undo vrrp vrid 1 virtual-ip 10.10.10.10

# Remove a VRRP group.

[Sysname-Vlan-interface2] undo vrrp vrid 1