13-VRRP Commands
Chapters Download (76.93 KB)
l The term router in this document refers to a router in a generic sense or a Layer 3 switch.
l At present, the interfaces that VRRP involves can only be VLAN interfaces.
display vrrp [ verbose ] [ interface interface-type interface-number [ vrid virtual-router-id ] ]
View
Any view
Default Level
1: Monitor level
Parameters
verbose: Displays detailed state information of VRRP group(s).
interface interface-type interface-number: Displays VRRP group state information of the specified interface. interface-type interface-number specifies an interface by its type and number.
vrid virtual-router-id: Displays state information of the specified VRRP group. virtual-router-id specifies a VRRP group by its group number, in the range 1 to 255.
Description
Use the display vrrp command to display the state information of VRRP group(s).
If you do not specify verbose, only the brief state information of VRRP group is displayed.
If you specify both an interface and a VRRP group, only the state information of the specified VRRP group on the interface is displayed; if you only specify an interface, the state information of all the VRRP groups on the interface is displayed; if you specify neither, the state information of all the VRRP groups on the device is displayed.
Examples
# Display brief information about all VRRP groups on the device.
<Sysname> display vrrp
IPv4 Standby Information:
Run Mode : Standard
Run Method : Virtual MAC
Total number of virtual routers : 1
Interface VRID State Run Adver Auth Virtual
Pri Timer Type IP
---------------------------------------------------------------------
Vlan2 1 Master 140 1 Simple 1.1.1.1
# Display detailed information about all VRRP groups on the device.
<Sysname> display vrrp verbose
IPv4 Standby Information:
Run Mode : Standard
Run Method : Virtual MAC
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 1
Admin Status : Up State : Master
Config Pri : 150 Running Pri : 140
Preempt Mode : Yes Delay Time : 5
Auth Type : Simple Key : hello
Virtual IP : 1.1.1.1
Virtual MAC : 0000-5e00-0101
Master IP : 1.1.1.2
VRRP Track Information:
Track Interface: Vlan3 State : Down Pri Reduced : 10
Track Object : 1 State : Positive Pri Reduced : 50
Table 1-1 display vrrp command output description
|
Field |
Description |
|
Run Mode |
Current VRRP working mode, which must be l Standard: Standard protocol mode |
|
Run Method |
Current VRRP running mode, including l Real MAC: real MAC mode, that is, the virtual IP address of the VRRP group is associated with the real MAC address of the interface. l Virtual MAC: virtual MAC mode, that is, the virtual IP address of the VRRP group is associated with the virtual router MAC address. |
|
Total number of virtual routers |
Number of VRRP groups |
|
Interface |
Interface to which the VRRP group belongs |
|
VRID |
Serial number of the VRRP group |
|
Run Pri |
Running priority of the router, that is, the current priority of the router. After VRRP tracking is configured, if the state of the monitored interface or Track object changes, the priority of the router will change. |
|
Adver. Timer |
VRRP advertisement interval, in seconds |
|
Admin Status |
Administrative state, including l UP l DOWN |
|
State |
Status of the router in the VRRP group, including l Master l Backup l Initialize |
|
Config Pri |
Configured priority of the router, that is, the priority value specified by using the vrrp vrid priority command. |
|
Running Pri |
Running priority of the router, that is, the current priority of the router. After VRRP tracking is configured, if the state of the monitored interface or Track object changes, the priority of the router will change. |
|
Preempt Mode |
Preemptive mode, including l YES: The router in the VRRP group works in the preemptive mode l NO: The router in the VRRP group works in the non preemptive mode |
|
Delay Time |
Preemption delay, in seconds |
|
Auth Type |
Authentication type, including l None: No authentication l Simple: Simple text authentication l MD5: MD5 authentication |
|
Key |
Authentication key |
|
Virtual IP |
Virtual IP address of the VRRP group |
|
Virtual MAC |
Virtual MAC address corresponding to the virtual IP address of the VRRP group. It is displayed only when the router is in the state of master. |
|
Master IP |
Primary IP address of the interface where the router in the state of master resides |
|
VRRP Track Information |
Information of the tracked interface or object. It is displayed only after the execution of the vrrp vrid track command or the vrrp vrid track interface command. |
|
Track Interface |
The interface to be tracked. It is displayed only after the execution of the vrrp vrid track interface command. |
|
Track Object |
The object to be tracked. It is displayed only after the execution of the vrrp vrid track command. |
|
State |
State of the tracked interface or object. The state of a tracked interface includes l Up l Down The state of a Track object includes l Invalid l Negative l Positive |
|
Pri Reduced |
The priority value that is reduced when the monitored interface is down or when the status of the monitored Track object turns to negative. It is displayed only after the execution of the vrrp vrid track interface command or the vrrp vrid track command. |
|
Switchover |
Switchover mode. If the status of the monitored Track object turns to negative, the backup will switch to the master immediately. |
Syntax
display vrrp statistics [ interface interface-type interface-number [ vrid virtual-router-id ] ]
View
Any view
Default Level
1: Monitor level
Parameters
interface interface-type interface-number: Displays VRRP group statistics of the specified interface. interface-type interface-number specifies an interface by its type and number.
vrid virtual-router-id: Displays statistics of the specified VRRP group. virtual-router-id specifies a VRRP group by its group number, in the range 1 to 255.
Description
Use the display vrrp statistics command to display statistics about VRRP group(s).
If you specify both an interface and a VRRP group, only the statistics about the specified VRRP group on the interface are displayed; if you only specify an interface, the statistics about all the VRRP groups on the interface are displayed; if you specify neither, the statistics about all the VRRP groups on the device are displayed.
You can use the reset vrrp statistics command to clear the VRRP group statistics.
Related commands: reset vrrp statistics.
Examples
# Display the statistics about all VRRP groups.
<Sysname> display vrrp statistics
Interface : Vlan-interface2
VRID : 1
CheckSum Errors : 0 Version Errors : 0
Invalid Type Pkts Rcvd : 0 Advertisement Interval Errors : 0
IP TTL Errors : 0 Auth Failures : 0
Invalid Auth Type : 0 Auth Type Mismatch : 0
Packet Length Errors : 0 Address List Errors : 0
Become Master : 1 Priority Zero Pkts Rcvd : 0
Adver Rcvd : 0 Priority Zero Pkts Sent : 0
Adver Sent : 807
Global statistics
CheckSum Errors : 0
Version Errors : 0
VRID Errors : 0
Table 1-2 display vrrp statistics command output description
|
Field |
Description |
|
Interface |
Interface to which the VRRP group belongs |
|
VRID |
Serial number of the VRRP group |
|
CheckSum Errors |
Number of packets with checksum errors |
|
Version Errors |
Number of packets with version errors |
|
Invalid Type Pkts Rcvd |
Number of packets with incorrect packet type |
|
Advertisement Interval Errors |
Number of packets with advertisement interval errors |
|
IP TTL Errors |
Number of packets with TTL errors |
|
Auth Failures |
Number of packets with authentication failures |
|
Invalid Auth Type |
Number of packets with authentication failures due to invalid authentication types |
|
Auth Type Mismatch |
Number of packets with authentication failures due to mismatching authentication types |
|
Packet Length Errors |
Number of packets with VRRP packet length errors |
|
Address List Errors |
Number of packets with virtual IP address list errors |
|
Become Master |
Number of times that the router worked as the master |
|
Priority Zero Pkts Rcvd |
Number of received advertisements with the priority of 0 |
|
Advertise Rcvd |
Number of received advertisements |
|
Priority Zero Pkts Sent |
Number of advertisements with the priority of 0 sent |
|
Advertise Sent |
Number of advertisements sent |
|
Global statistics |
Global statistics about all VRRP groups |
|
CheckSum Errors |
Total number of packets with checksum errors |
|
Version Errors |
Total number of packets with version errors |
|
VRID Errors |
Total number of packets with VRID errors |
Syntax
reset vrrp statistics [ interface interface-type interface-number [ vrid virtual-router-id ] ]
View
User view
Default Level
1: Monitor level
Parameters
interface interface-type interface-number: Clears VRRP group statistics of a specified interface. interface-type interface-number specifies an interface by its type and number.
vrid virtual-router-id: Clears VRRP statistics of the specified VRRP group. virtual-router-id specifies a VRRP group by its group number, in the range 1 to 255.
Description
Use the reset vrrp statistics command to clear VRRP group statistics.
If you specify both an interface and a VRRP group, the statistics about the specified VRRP group on the specified interface are cleared; if you specify only the interface, the statistics about all the VRRP groups on the interface are cleared; if you specify neither, the statistics about all the VRRP groups on the device are cleared.
Related commands: display vrrp statistics.
Examples
# Clear the statistics about all the VRRP groups on the device.
<Sysname> reset vrrp statistics
Syntax
vrrp method { real-mac | virtual-mac }
undo vrrp method
View
System view
Default Level
2: System level
Parameters
real-mac: Associates the real MAC address of the interface with the virtual IP addresses of the VRRP groups.
virtual-mac: Associates the virtual MAC address of a VRRP group with the virtual IP address of the VRRP group.
Description
Use the vrrp method command to set the association between the virtual IP addresses and the MAC addresses of the VRRP groups.
Use the undo vrrp method command to restore the default association.
By default, the virtual MAC address of a VRRP group is associated with the virtual IP address of the VRRP group.
Note that: You need to configure the association between the virtual IP address and the MAC address before creating any VRRP group. Otherwise, your configuration will fail.
Related commands: display vrrp.
Examples
# Associate the virtual IP address of a VRRP group with the real MAC address of the interface.
<Sysname> system-view
[Sysname] vrrp method real-mac
Syntax
vrrp un-check ttl
undo vrrp un-check ttl
View
Interface view
Default Level
2: System level
Parameters
None
Description
Use the vrrp un-check ttl command to disable TTL check on VRRP packets.
Use the undo vrrp un-check ttl command to enable TTL check on VRRP packets.
By default, TTL check on VRRP packets is enabled.
The master of a VRRP group periodically sends VRRP advertisements to indicate its existence. The VRRP advertisements are multicast onto the local network segment and not forwarded by a router, and therefore the packet TTL value will not be changed. When the master of a VRRP group advertises VRRP packets, it sets the packet TTL to 255. After you configure to check the VRRP packet TTL, when the backups of the VRRP group receive VRRP packets, they check the packet TTL and drop the VRRP packets whose TTL is smaller than 255, so as to prevent attacks from other network segments.
As devices of different vendors may achieve VRRP in a different way, when the device is interoperating with devices of other vendors, VRRP packet TTL check may result in dropping packets that should not be dropped. In this case, you can use the command to disable TTL check on VRRP packets.
Examples
# Disable TTL check on VRRP packets.
<Sysname> system-view
[Sysname] interface vlan-interface 2
[Sysname-Vlan-interface2] vrrp un-check ttl
vrrp vrid virtual-router-id authentication-mode { md5 | simple } key
undo vrrp vrid virtual-router-id authentication-mode
View
Interface view
Default Level
2: System level
Parameters
virtual-router-id: VRRP group number, in the range 1 to 255.
simple: Plain text authentication mode.
md5: Authentication using the MD5 algorithm.
key: Authentication key, which is case sensitive.
l When simple authentication applies, the authentication key is in plain text with a length of 1 to 8 characters.
l When md5 authentication applies, the authentication key is in MD5 cipher text or in plain text and the length of the key depends on its input format. If the key is input in plain text, its length is 1 to 8 characters, such as 1234567; if the key is input in cipher text, its length must be 24 characters, such as _(TT8F]Y\5SQ=^Q`MAF4<1!!.
Description
Use the vrrp vrid authentication-mode command to configure authentication mode and authentication key for a VRRP group to send and receive VRRP packets.
Use the undo vrrp vrid authentication-mode command to restore the default.
By default, authentication is disabled.
Note that:
l Before executing the command, create a VRRP group on an interface and configure the virtual IP address of the VRRP group.
l You may configure different authentication modes and authentication keys for the VRRP groups on an interface. However, the members of the same VRRP group must use the same authentication mode and authentication key.
Related commands: display vrrp.
Examples
# Set the authentication mode to simple and authentication key to Sysname for VRRP group 1 on interface VLAN-interface 2 to send and receive VRRP packets.
<Sysname> system-view
[Sysname] interface vlan-interface 2
[Sysname-Vlan-interface2] vrrp vrid 1 virtual-ip 10.1.1.1
[Sysname-Vlan-interface2] vrrp vrid 1 authentication-mode simple Sysname
vrrp vrid virtual-router-id preempt-mode [ timer delay delay-value ]
undo vrrp vrid virtual-router-id preempt-mode [ timer delay ]
View
Interface view
Default Level
2: System level
Parameters
virtual-router-id: Virtual router ID or VRRP group number, in the range 1 to 255.
timer delay delay-value: Sets preemption delay. The delay-value argument is in the range of 0 to 255 seconds and defaults to 0 seconds.
Use the vrrp vrid preempt-mode command to enable preemption on the router and configure its preemption delay in the specified VRRP group.
Use the undo vrrp vrid preempt-mode command to disable preemption on the router in the specified VRRP group, that is, specify the router to work in the non-preemptive mode.
Use the undo vrrp vrid preempt-mode timer delay command to restore the default preemption delay, that is, zero seconds.
The default mode is immediate preemption without delay.
To avoid members in a VRRP group from changing their states frequently and make backups have enough time to collect information (such as routing information), each backup waits for a period of time (the preemption delay time) after it receives an advertisement with the priority lower than the local priority, then sends VRRP advertisements to start a new master election in the VRRP group and finally becomes the master.
Note that before executing the command, you need to create a VRRP group on an interface and configure the virtual IP address of the VRRP group.
Related commands: display vrrp.
Examples
# Enable preemption on the router in VRRP group 1, and set the preemption delay to five seconds.
<Sysname> system-view
[Sysname] interface vlan-interface 2
[Sysname-Vlan-interface2] vrrp vrid 1 virtual-ip 10.1.1.1
[Sysname-Vlan-interface2] vrrp vrid 1 preempt-mode timer delay 5
vrrp vrid virtual-router-id priority priority-value
undo vrrp vrid virtual-router-id priority
View
Interface view
Default Level
2: System level
Parameters
virtual-router-id: VRRP group number, in the range 1 to 255.
priority-value: Priority value of the router in the specified VRRP group, in the range 1 to 254, A higher number indicates a higher priority.
Use the vrrp vrid priority command to configure the priority of the router in the specified VRRP group.
Use the undo vrrp vrid priority command to restore the default.
By default, the priority of a router in a VRRP group is 100.
l Before executing the command, create a VRRP group on an interface and configure the virtual IP address of the VRRP group.
l In VRRP, the role that a router plays in a VRRP group depends on its priority. A higher priority means that the router is more likely to become the master. Note that priority 0 is reserved for special use and 255 for the IP address owner.
l If the router is the IP address owner, its priority is always 255. Therefore, it will be the master so long as it is functioning normally.
Related commands: display vrrp.
Examples
# Set the priority of VRRP group 1 on interface VLAN-interface 2 to 150.
<Sysname> system-view
[Sysname] interface vlan-interface 2
[Sysname-Vlan-interface2] vrrp vrid 1 virtual-ip 10.1.1.1
[Sysname-Vlan-interface2] vrrp vrid 1 priority 150
vrrp vrid virtual-router-id timer advertise adver-interval
undo vrrp vrid virtual-router-id timer advertise
View
Interface view
Default Level
2: System level
Parameters
virtual-router-id: VRRP group number, in the range 1 to 255.
adver-interval: Interval at which the master in the specified VRRP group sends VRRP advertisements. It ranges from 1 to 255 seconds.
Use the vrrp vrid timer advertise command to configure the Adver_Timer of the specified VRRP group.
Use the undo vrrp vrid timer advertise command to restore the default.
By default the Adver_Timer is 1 second.
The Adver_Timer controls the interval at which the master sends VRRP packets.
Note that:
l Before executing the command, create a VRRP group on an interface and configure the virtual IP address of the VRRP group.
l Routers in the same VRRP group must use the same Adver_Timer setting.
Related commands: display vrrp.
Examples
# Set the master in VRRP group 1 to send VRRP advertisements at intervals of five seconds.
<Sysname> system-view
[Sysname] interface vlan-interface 2
[Sysname-Vlan-interface2] vrrp vrid 1 virtual-ip 10.1.1.1
[Sysname-Vlan-interface2] vrrp vrid 1 timer advertise 5
Syntax
vrrp vrid virtual-router-id track track-entry-number [ reduced priority-reduced | switchover ]
undo vrrp vrid virtual-router-id track [ track-entry-number ]
View
Interface view
Default Level
2: System level
Parameters
virtual-router-id: VRRP group number, in the range 1 to 255.
track track-entry-number: Specifies a Track object to be monitored by its number. track-entry-number ranges from 1 to 1024.
reduced priority-reduced: Specifies the value by which the priority decreases. priority-reduced ranges from 1 to 255 and defaults to 10.
switchover: Switchover mode of a router. If the status of the monitored Track object turns to negative and the router is a backup in the VRRP group, it turns to the master immediately.
Description
Use the vrrp vrid track command to specify the Track object to be monitored. If the status of the monitored Track object changes to negative, the priority of the router decreases by a specified value or the router immediately switches to the master.
Use the undo vrrp vrid track command to cancel the specified Track object.
By default, no Track object is specified to be monitored.
Note that:
l Before executing the command, create a VRRP group on an interface and configure the virtual IP address of the VRRP group.
l When the router is the IP address owner, you cannot perform the configuration.
l When the status of the monitored Track object turns from negative to positive, the corresponding router restores its priority automatically.
l The Track object specified in this command can be nonexistent. You can use the vrrp vrid track command to specify a Track object, and then create the Track object using the track command.
For details of the Track object, refer to Track Configuration in the System Volume.
Related commands: display vrrp.
Examples
# Configure to monitor Track object 1, making the priority of VRRP group 1 on VLAN-interface 2 decrease by 50 when Track object 1 turns to negative.
<Sysname> system-view
[Sysname] interface vlan-interface 2
[Sysname-Vlan-interface2] vrrp vrid 1 virtual-ip 10.1.1.1
[Sysname-Vlan-interface2] vrrp vrid 1 track 1 reduced 50
vrrp vrid virtual-router-id track interface interface-type interface-number [ reduced priority-reduced ]
undo vrrp vrid virtual-router-id track [ interface interface-type interface-number ]
View
Interface view
Default Level
2: System level
Parameters
virtual-router-id: VRRP group number, in the range 1 to 255.
interface interface-type interface-number: Specifies an interface to be tracked by its type and number.
reduced priority-reduced: Value by which the priority decrements. priority-reduced ranges from 1 to 255 and defaults to 10.
Use the vrrp vrid track interface command to configure to track the specified interface.
Use the undo vrrp vrid track interface command to disable tracking the specified interface.
By default, no interface is tracked.
If the uplink interface of a router in a VRRP group fails, normally the VRRP group cannot be aware of the uplink failure. If the router is the master of the VRRP group, hosts on the LAN will not be able to access the external network because of the uplink failure. You can solve the problem through the function of tracing a specified interface. In this case, it is the uplink interface. After you configure to monitor the uplink interface, when the uplink interface goes down, the priority of the master is automatically decreased by a specified value, allowing a higher priority router in the VRRP group to become the master.
Note that:
l Before executing the command, create a VRRP group on an interface and configure the virtual IP address of the VRRP group.
l When the router is the owner of the IP address, you cannot perform the configuration.
l When the status of the tracked interface turns from down to up, the corresponding router restores its priority automatically.
l The interface specified in this command can only be a VLAN interface.
Related commands: display vrrp.
Examples
# On interface VLAN-interface 2, set the interface to be tracked as VLAN-interface 1, making the priority of VRRP group 1 on interface VLAN-interface 2 decrement by 50 when VLAN-interface 1 goes down.
<Sysname> system-view
[Sysname] interface vlan-interface 2
[Sysname-Vlan-interface2] vrrp vrid 1 virtual-ip 10.1.1.1
[Sysname-Vlan-interface2] vrrp vrid 1 track interface vlan-interface 1 reduced 50
vrrp vrid virtual-router-id virtual-ip virtual-address
undo vrrp vrid virtual-router-id [ virtual-ip virtual-address ]
View
Interface view
Default Level
2: System level
Parameters
virtual-router-id: VRRP group number, in the range 1 to 255.
virtual-address: Virtual IP address.
Use the vrrp vrid virtual-ip command to create a VRRP group, and configure a virtual IP address for it, or, add another virtual IP address for an existing VRRP group.
Use the undo vrrp vrid virtual-ip command to remove an existing VRRP group or the virtual IP address of the VRRP group.
By default, no VRRP group is created.
Note that:
l The system removes a VRRP group after you delete all the virtual IP addresses in it.
l The virtual IP address of the VRRP group cannot be 0.0.0.0, 255.255.255.255, loopback address, non A/B/C address and other illegal IP addresses such as 0.0.0.1.
l Only when the configured virtual IP address and the interface IP address belong to the same segment and are legal host addresses can the VRRP group operate normally. If they are not in the same network segment, or the configured IP address is the network address or network broadcast address of the network segment that the interface IP address belongs to, though you can perform the configuration successfully, the state of the VRRP group is always Initialize, that is, VRRP does not take effect in this case.
Related commands: display vrrp.
Examples
# Create VRRP group 1 and set its virtual IP address to 10.10.10.10.
<Sysname> system-view
[Sysname] interface vlan-interface 2
[Sysname-Vlan-interface2] vrrp vrid 1 virtual-ip 10.10.10.10
# Add virtual IP address 10.10.10.11 to VRRP group 1.
[Sysname-Vlan-interface2] vrrp vrid 1 virtual-ip 10.10.10.11
