Scribd
Upload
224 views

Lab Implement VRRP

The document describes configuring VRRP on two switches to provide redundancy for two VLANs. It includes configuration steps to set up the network topology and configure basic settings and interface IP addresses on each switch, including the VLAN interfaces and loopback interfaces.

Uploaded by

Juan Perez
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
224 views

Lab Implement VRRP

The document describes configuring VRRP on two switches to provide redundancy for two VLANs. It includes configuration steps to set up the network topology and configure basic settings and interface IP addresses on each switch, including the VLAN interfaces and loopback interfaces.

Uploaded by

Juan Perez
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 12

Lab - Implement VRRP

Topology

Addressing Table
Device Interface IP Address Default Gateway

D1 Lo 0 192.168.1.1/24 N/A

D1 Lo 0
2001:db8:acad:1000::1/64 N/A

D1
VLAN 11 10.11.0.1/24 N/A

D1 VLAN 11
2001:db8:acad:11::1/64 N/A

D1
VLAN 21 10.21.0.1/24 N/A

D1 VLAN 21
2001:db8:acad:21::1/64 N/A

D2 Lo 0 192.168.1.1/24 N/A

D2 Lo 0
2001:db8:acad:1000::1/64 N/A

D2
VLAN 11 10.11.0.2/24 N/A

D2 VLAN 11
2001:db8:acad:11::1/64 N/A

D2
VLAN 21 10.21.0.2/24 N/A

D2 VLAN 21
2001:db8:acad:21::2/64 N/A

© 2019 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 1 of 12 www.netacad.com
Lab - Implement VRRP

Device Interface IP Address Default Gateway

PC1 NIC 10.11.0.50/24 10.11.0.254

PC1 NIC
IPv6 SLAAC
PC2 NIC 10.21.0.50/24 10.21.0.254

PC2 NIC
IPv6 SLAAC

Objectives
Part 1: Build the Network and Configure Basic Device Settings and Interface Addressing
Part 2: Configure and Observe VRRP for IPv4 and IPv6
Part 3: Configure and Observe VRRP Object Tracking

Background / Scenario
The Virtual Router Redundancy Protocol (VRRP) is a standards-based alternative to HSRP and is defined in
RFC 3768 (VRRP) and RFC 5798 (VRRPv3). The two technologies are similar but not compatible. HSRP
elects an active and standby router to participate in the HSRP process, while VRRP elects a Master and
Backup. Although referred to by different names, the operational concepts of the VRRP master and backup
are similar to the HSRP active and standby respectively.
Both HSRP and VRRP operation requires the use of a virtual router IP address, but VRRP can use an
address assigned to an interface on the device. In this case, the device automatically assumes the master
role and ignores the priority value in its role election process. Recall that preemption in HSRP must be
explicitly configured. VRRP uses preempt by default.
Note: This lab is an exercise in deploying and verifying VRRP and does not necessarily reflect networking
best practices.
Note: The switches used with CCNP hands-on labs are Cisco 3650 with Cisco IOS XE release 16.9.4
(universalk9 image) and Cisco 2960+ with IOS release 15.2 (lanbase image). Other routers and Cisco IOS
versions can be used. Depending on the model and Cisco IOS version, the commands available and the
output produced might vary from what is shown in the labs.
Note: Ensure that the switches have been erased and have no startup configurations. If you are unsure
contact your instructor.
Note: The default Switch Database Manager (SDM) template on a Catalyst 3650 running IOS XE supports
dual-stacked operations and requires no additional configuration for our purposes.
If you are using a device, such as Cisco 2960, running Cisco IOS, check the SDM template with the privileged
EXEC command show sdm prefer.
S1# show sdm prefer
The default bias template used by the Switch Database Manager (SDM) does not provide IPv6 address
capabilities. Verify that SDM is using either the dual-ipv4-and-ipv6 template or the lanbase-routing
template. The new template will be used after reboot even if the configuration is not saved.
Use the following commands to assign the dual-ipv4-and-ipv6 template as the default SDM template.
S1# configure terminal
S1(config)# sdm prefer dual-ipv4-and-ipv6 default
S1(config)# end
S1# reload

© 2019 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 2 of 12 www.netacad.com
Lab - Implement VRRP

Required Resources
• 2 Switches (Cisco 3650 with Cisco IOS XE release 16.9.4 universal image or comparable)
• 1 Switch (Cisco 2960 with Cisco IOS Release 15.2(2) lanbasek9 image or comparable)
• 1 PC (Choice of operating system with a terminal emulation program installed)
• Console cables to configure the Cisco IOS devices via the console ports
• Ethernet cables as shown in the topology

Instructions

Part 1: Build the Network and Configure Basic Device Settings and Interface
Addressing
In Part 1, you will set up the network topology and configure basic settings and interface addressing.

Step 1: Cable the network as shown in the topology.


Attach the devices as shown in the topology diagram, and cable as necessary.

Step 2: Configure basic settings for each switch.


a. Console into each switch, enter global configuration mode, and apply the basic settings. A command list
for each switch is provided below for initial configurations.
Open configuration window

Switch D1
hostname D1
ip routing
ipv6 unicast-routing
no ip domain lookup
banner motd # D1, Implement VRRP #
line con 0
exec-timeout 0 0
logging synchronous
exit
line vty 0 4
privilege level 15
password cisco123
exec-timeout 0 0
logging synchronous
login
exit
interface range g1/0/1-24, g1/1/1-4, g0/0
shutdown
exit
interface range g1/0/1-6
switchport mode trunk
no shutdown
exit

© 2019 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 3 of 12 www.netacad.com
Lab - Implement VRRP

interface range g1/0/1-4


channel-group 12 mode active
exit
interface range g1/0/5-6
channel-group 1 mode active
exit
vlan 11
name FIRST_VLAN
exit
vlan 21
name SECOND_VLAN
exit
interface vlan 11
ip address 10.11.0.1 255.255.255.0
ipv6 address fe80::d1:1 link-local
ipv6 address 2001:db8:acad:11::1/64
no shutdown
exit
interface vlan 21
ip address 10.21.0.1 255.255.255.0
ipv6 address fe80::d1:2 link-local
ipv6 address 2001:db8:acad:21::1/64
no shutdown
exit
interface loopback 0
ip address 192.168.1.1 255.255.255.0
ipv6 address fe80::d1:3 link-local
ipv6 address 2001:db8:acad:1000::1/64
no shutdown
exit
Switch D2
hostname D2
ip routing
ipv6 unicast-routing
no ip domain lookup
banner motd # D2, Implement VRRP #
line con 0
exec-timeout 0 0
logging synchronous
exit
line vty 0 4
privilege level 15
password cisco123
exec-timeout 0 0
logging synchronous

© 2019 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 4 of 12 www.netacad.com
Lab - Implement VRRP

login
exit
interface range g1/0/1-24, g1/1/1-4, g0/0
shutdown
exit
interface range g1/0/1-6
!switchport trunk encapsulation dot1q
switchport mode trunk
no shutdown
exit
interface range g1/0/1-4
channel-group 12 mode active
exit
interface range g1/0/5-6
channel-group 2 mode active
exit
vlan 11
name FIRST_VLAN
exit
vlan 21
name SECOND_VLAN
exit
interface vlan 11
ip address 10.11.0.2 255.255.255.0
ipv6 address fe80::d2:1 link-local
ipv6 address 2001:db8:acad:11::2/64
no shutdown
exit
interface vlan 21
ip address 10.21.0.2 255.255.255.0
ipv6 address fe80::d2:2 link-local
ipv6 address 2001:db8:acad:21::2/64
no shutdown
exit
interface loopback 0
ip address 192.168.1.1 255.255.255.0
ipv6 address fe80::d2:3 link-local
ipv6 address 2001:db8:acad:1000::1/64
no shutdown
exit
Switch A1
hostname A1
banner motd # A1, Implement VRRP #
line con 0
exec-timeout 0 0

© 2019 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 5 of 12 www.netacad.com
Lab - Implement VRRP

logging synchronous
exit
line vty 0 4
privilege level 15
password cisco123
exec-timeout 0 0
logging synchronous
login
exit
interface range f0/1-24, g0/1-2
shutdown
exit
interface range f0/1-4
switchport mode trunk
no shutdown
exit
interface range f0/1-2
channel-group 1 mode active
exit
interface range f0/3-4
channel-group 2 mode active
exit
vlan 11
name FIRST_VLAN
exit
vlan 21
name SECOND_VLAN
exit
interface f0/23
switchport mode access
switchport access vlan 11
spanning-tree portfast
no shutdown
exit
interface f0/24
switchport mode access
switchport access vlan 21
spanning-tree portfast
no shutdown
exit
interface vlan 11
ip address 10.11.0.3 255.255.255.0
ipv6 address fe80::a1:1 link-local
ipv6 address 2001:db8:acad:11::3/64
no shutdown

© 2019 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 6 of 12 www.netacad.com
Lab - Implement VRRP

exit
ip default-gateway 10.11.0.254
b. Set the clock on each switch to UTC time.
c. Save the running configuration to startup-config.
Close configuration window

Step 3: Configure the PCs for network connectivity.


Configure PC1 and PC2 with the IPv4 address, subnet mask, and default gateway specified in the topology
diagram. The IPv6 address and default gateway information for the PCs will come from SLAAC.

Part 2: Configure and Observe VRRP for IPv4 and IPv6


In Part 2 you will configure and test VRRPv3 in support of IPv4 and IPv6.
Like HSRP, VRRP provides redundancy in the network. Traffic can be load-balanced by assigning different
gateway devices different priorities, spreading the load out amongst devices. Priority can be a value between
1 and 254. The default priority value is 100, and a higher priority value is preferable. Unlike HSRP,
preemption is enabled by default in VRRP.
To enable VRRP version 3, issue the command fhrp version vrrp v3.
VRRP version 3 is configured in a hierarchical manner, using address family configurations to support IPv4
and IPv6.
In the IPv6 address family configuration, the virtual link-local address must be manually configured, which is
unlike HSRP where the virtual address is dynamically generated.
In this lab, the group numbers will be 11 and 21 for IPv4, and 116 and 216 for IPv6.
In the following configurations, the priority for VLAN 11 on D1 is set to 150, making it the master virtual router
for VLAN 11. VLAN 21 has the default priority of 100 on D1, making D1 the backup virtual router for VLAN 21.
D2 is configured to be the master virtual router for VLAN 21 with a priority of 150, and the backup virtual
router for VLAN 11 with a default priority of 100.

Step 1: Configure VRRPv3 on switch D1.


Open configuration window

a. Enable VRRPv3 globally.


D1(config)# fhrp version vrrp v3
b. Configure vrrp group 11 on interface VLAN 11 with a vrrp IP address of 10.11.0.254 and a priority of 150.
D1(config)# interface vlan 11
D1(config-if)# vrrp 11 address-family ipv4
D1(config-if-vrrp)# address 10.11.0.254
D1(config-if-vrrp)# priority 150
D1(config-if-vrrp)# exit
c. Configure vrrp group 116 on interface vlan 11 with a primary vrrp IP address of fe80::11:1 and a priority of
150.
D1(config-if)# vrrp 116 address-family ipv6
D1(config-if-vrrp)# address fe80::11:1 primary
D1(config-if-vrrp)# priority 150
D1(config-if-vrrp)# exit
d. Configure vrrp group 21 on interface VLAN 21 with a vrrp IP address of 10.21.0.254.
D1(config-if)# interface vlan 21

© 2019 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 7 of 12 www.netacad.com
Lab - Implement VRRP

D1(config-if)# vrrp 21 address-family ipv4


D1(config-if-vrrp)# address 10.21.0.254
D1(config-if-vrrp)# exit
e. Configure vrrp group 216 on interface vlan 21 with a primary vrrp IP address of fe80::21:1.
D1(config-if)# vrrp 216 address-family ipv6
D1(config-if-vrrp)# address fe80::21:1 primary
D1(config-if-vrrp)# exit

Step 2: Verify VRRP is operational on switch D1.


a. Verify that VRRP is active and operating on switch D1 with the show vrrp command. Because D1 is the
only switch configured for VRRP, it is the master on all groups.
D1# show vrrp

Vlan11 - Group 11 - Address-Family IPv4


State is MASTER
State duration 14 mins 12.598 secs
Virtual IP address is 10.11.0.254
Virtual MAC address is 0000.5E00.010B
Advertisement interval is 1000 msec
Preemption enabled
Priority is 150
Master Router is 10.11.0.1 (local), priority is 150
Master Advertisement interval is 1000 msec (expires in 830 msec)
Master Down interval is unknown
FLAGS: 1/1

Vlan11 - Group 116 - Address-Family IPv6


State is MASTER
State duration 13 mins 24.216 secs
Virtual IP address is FE80::11:1
Virtual MAC address is 0000.5E00.0274
Advertisement interval is 1000 msec
Preemption enabled
Priority is 150
Master Router is FE80::D1:1 (local), priority is 150
Master Advertisement interval is 1000 msec (expires in 454 msec)
Master Down interval is unknown
FLAGS: 1/1

Vlan21 - Group 21 - Address-Family IPv4


State is MASTER
State duration 2 mins 7.926 secs
Virtual IP address is 10.21.0.254
Virtual MAC address is 0000.5E00.0115
Advertisement interval is 1000 msec
Preemption enabled
Priority is 100

© 2019 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 8 of 12 www.netacad.com
Lab - Implement VRRP

Master Router is 10.21.0.1 (local), priority is 100


Master Advertisement interval is 1000 msec (expires in 354 msec)
Master Down interval is unknown
FLAGS: 1/1

Vlan21 - Group 216 - Address-Family IPv6


State is MASTER
State duration 2 mins 6.695 secs
Virtual IP address is FE80::21:1
Virtual MAC address is 0000.5E00.02D8
Advertisement interval is 1000 msec
Preemption enabled
Priority is 100
Master Router is FE80::D1:2 (local), priority is 100
Master Advertisement interval is 1000 msec (expires in 323 msec)
Master Down interval is unknown
FLAGS: 1/1

b. You can also use the show vrrp brief command to get a less verbose status.
D1# show vrrp brief
Interface Grp A-F Pri Time Own Pre State Master addr/Group addr
Vl11 11 IPv4 150 0 N Y MASTER 10.11.0.1(local) 10.11.0.254
Vl11 116 IPv6 150 0 N Y MASTER FE80::D1:1(local) FE80::11:1
Vl21 21 IPv4 100 0 N Y MASTER 10.21.0.1(local) 10.21.0.254
Vl21 216 IPv6 100 0 N Y MASTER FE80::D1:2(local) FE80::21:1

c. Interface Loopback0 on D1 and D2 represent a destination on the internet. From PC1 and PC2, ping the
IPv4 and IPv6 address of interface Loopack0 on D1. A successful ping verifies that the gateway router is
working.
Close configuration window

Step 3: Configure VRRP on switch D2.


Open configuration window

a. Enable VRRPv3 globally.


D2(config)# fhrp version vrrp v3
b. Configure vrrp group 11 on interface VLAN 11 with a vrrp IP address of 10.11.0.254.
D2(config)# interface vlan 11
D2(config-if)# vrrp 11 address-family ipv4
D2(config-if-vrrp)# address 10.11.0.254
D2(config-if-vrrp)# exit
c. Configure vrrp group 116 on interface vlan 11 with a primary vrrp IP address of fe80::11:1.
D2(config-if)# vrrp 116 address-family ipv6
D2(config-if-vrrp)# address fe80::11:1 primary
D2(config-if-vrrp)# exit
d. Configure vrrp group 21 on interface VLAN 21 with a vrrp IP address of 10.21.0.254 and a priority of 150.
D2(config-if)# interface vlan 21
D2(config-if)# vrrp 21 address-family ipv4
D2(config-if-vrrp)# address 10.21.0.254
D2(config-if-vrrp)# priority 150

© 2019 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 9 of 12 www.netacad.com
Lab - Implement VRRP

D2(config-if-vrrp)# exit
e. Configure vrrp group 216 on interface vlan 21 with a primary vrrp IP address of fe80::21:1 and a priority of
150.
D2(config-if)# vrrp 216 address-family ipv6
D2(config-if-vrrp)# address fe80::21:1 primary
D2(config-if-vrrp)# priority 150
D2(config-if-vrrp)# exit

Step 4: Verify VRRP is operational on switch D2.


a. Verify that VRRP is active and operating on switch D2 with the show vrrp brief command. Based on the
configuration, D2 should be the master switch on interface VLAN 21 only.
D2# show vrrp brief
Interface Grp A-F Pri Time Own Pre State Master addr/Group addr
Vl11 11 IPv4 100 3609 N Y BACKUP 10.11.0.1 10.11.0.254
Vl11 116 IPv6 100 3609 N Y BACKUP FE80::D1:1 FE80::11:1
Vl21 21 IPv4 150 0 N Y MASTER 10.21.0.2(local) 10.21.0.254
Vl21 216 IPv6 150 0 N Y MASTER FE80::D2:2(local) FE80::21:1
Close configuration window

b. Interface Loopback0 on D1 and D2 represent a destination on the internet. From PC1 and PC2, ping the
IPv4 and IPv6 address of interface Loopack0 on D1. A successful ping verifies that the gateway router is
working.

Step 5: Observe and validate VRRP operation.


The whole point of VRRP is to help maintain gateway reachability in case of an outage. In this step, we will
simulate an outage to show how HSRP achieves this objective.
a. On PC1, start a continuous ping to 192.168.1.1 and 2001:db8:acad:1000::1.
b. On switch D1, issue the shutdown command on interface VLAN 11. Note that D2 takes over the master
role, and there is very little traffic loss in the running pings.
c. On switch D1, issue the no shutdown command on interface VLAN 11. Note that D1 takes back over as
the master router, and once again there is very little traffic loss experienced.
d. Stop the continuous ping running on PC1.

Part 3: Configure and Observe VRRP Object Tracking


VRRP can perform object tracking. This enables the priority of a virtual group router to be automatically
adjusted, based on the status of the tracked entity. When a tracked entity becomes unavailable, the VRRP
priority of the router is decreased. This might cause another router to take over as the master router for a
group based on its higher priority value. When properly configured, the VRRP tracking feature ensures that a
router with an unavailable key interface will relinquish the master router role.

Step 1: Create a tracked object.


Create an object on Switch D1 and D2 that tracks the line-protocol of interface Loopback 0.
Open configuration window

D1(config)# track 8 interface loopback 0 line-protocol


D1(config-track)# exit

Step 2: Configure HSRP to track the object status.


On D1, configure vrrp groups 11 and 116 to track the status of track 8. On D2, configure vrrp groups 21 and
216 to track the status of track 8. When the tracked object has failed, decrement the system priority by 60.
Open configuration window

© 2019 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 10 of 12 www.netacad.com
Lab - Implement VRRP

D1(config-track)# interface vlan 11


D1(config-if)# vrrp 11 address-family ipv4
D1(config-if-vrrp)# track 8 decrement 60
D1(config-if-vrrp)# exit
D1(config-if)# vrrp 116 address-family ipv6
D1(config-if-vrrp)# track 8 decrement 60
D1(config-if-vrrp)# exit

D2(config-track)# interface vlan 21


D2(config-if)# vrrp 21 address-family ipv4
D2(config-if-vrrp)# track 8 decrement 60
D2(config-if-vrrp)# exit
D2(config-if)# vrrp 216 address-family ipv6
D2(config-if-vrrp)# track 8 decrement 60
D2(config-if-vrrp)# exit
Close configuration window

Step 3: Verify the VRRP configuration.


Issue the command show vrrp on Switch D1. This is the full version of the command, and in the output, you
can see all the adjustments that have been made to this point.
Open configuration window

D1# show vrrp

Vlan11 - Group 11 - Address-Family IPv4


State is MASTER
State duration 18 mins 50.735 secs
Virtual IP address is 10.11.0.254
Virtual MAC address is 0000.5E00.010B
Advertisement interval is 1000 msec
Preemption enabled
Priority is 150
Track object 8 state UP decrement 60
Master Router is 10.11.0.1 (local), priority is 150
Master Advertisement interval is 1000 msec (expires in 583 msec)
Master Down interval is unknown
FLAGS: 1/1
<output omitted>

Step 4: Verify VRRP complies with the configuration.


a. On D1, shutdown interface Loopback 1. Switch D2 should take over as master for group 11. Verify D1’s
current priority value and D2’s status with the show vrrp brief command.
D1(config)# interface loopback 0
D1(config-if)# shutdown
D1(config-if)# end
D1#
*Jan 19 18:45:56.603: %TRACK-6-STATE: 8 interface Lo0 line-protocol Up -> Down
D1#

© 2019 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 11 of 12 www.netacad.com
Lab - Implement VRRP

*Jan 19 18:45:57.636: %SYS-5-CONFIG_I: Configured from console by console


*Jan 19 18:45:58.602: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0,
changed state to down
*Jan 19 18:45:58.603: %LINK-5-CHANGED: Interface Loopback0, changed state to
administratively down
D1#
*Jan 19 18:45:59.418: %VRRP-6-STATE: Vlan116 IPv6 group 116 state MASTER -> BACKUP
*Jan 19 18:45:59.418: %VRRP-6-STATE: Vlan11 IPv4 group 11 state MASTER -> BACKUP
D1#
D1# show vrrp brief
Interface Grp A-F Pri Time Own Pre State Master addr/Group addr
Vl11 11 IPv4 90 3648 N Y BACKUP 10.11.0.2 10.11.0.254
Vl11 116 IPv6 90 3648 N Y BACKUP FE80::D1:1(local) FE80::11:1
Vl21 21 IPv4 100 3609 N Y BACKUP 10.21.0.2 10.21.0.254
Vl21 216 IPv6 100 3609 N Y BACKUP FE80::D2:2 FE80::21:1

b. Examine the priority information in detail in the output of the show vrrp command.
D1# show vrrp

Vlan11 - Group 11 - Address-Family IPv4


State is BACKUP
State duration 1 mins 27.821 secs
Virtual IP address is 10.11.0.254
Virtual MAC address is 0000.5E00.010B
Advertisement interval is 1000 msec
Preemption enabled
Priority is 90 (Configured 150)
Track object 8 state DOWN decrement 60
Master Router is 10.11.0.2, priority is 100
Master Advertisement interval is 1000 msec (learned)
Master Down interval is 3648 msec (expires in 3636 msec)
FLAGS: 0/1
<output omitted>
Close configuration window
End of document

© 2019 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 12 of 12 www.netacad.com

You might also like