Cisco IOS First Hop Redundancy Protocols Command Reference
vrrp authentication through vrrs mac-address
Downloads: This chapterpdf (PDF - 1.34MB) The complete bookPDF (PDF - 2.97MB) | The complete bookePub (ePub - 282.0KB) | Feedback

vrrp authentication through vrrs mac-address

vrrp authentication through vrrs mac-address

vrrp authentication

To authenticate Virtual Router Redundancy Protocol (VRRP) packets received from other routers in the group, use the vrrp authentication command in interface configuration mode. To disable VRRP authentication, use the no form of this command.

vrrp group authentication { text-string | text text-string | md5 { key-chain key-chain | key-string [ 0 | 7 ] key-string [ timeout seconds ] } }

no vrrp group authentication { text-string | text text-string | md5 { key-chain key-chain | key-string [ 0 | 7 ] key-string [ timeout seconds ] } }

Syntax Description

group

Virtual router group number for which authentication is being configured. The group number is configured with the vrrp ip command. The valid range is 1 to 255.

text-string

Plain text authentication. There is no default value.

text text-string

Plain text authentication. The text-string argument is the authentication string and can be up to eight alphanumeric characters. There is no default value.

md5

Message digest 5 (MD5) authentication. The arguments and keywords are as follows:

  • key-chain —Authentication using a live key and key ID. The key-chain argument specifies a string and must match the assigned key-chain name using the key chain command.
  • key-string —Specifies the secret key for the MD5 authentication string. The arguments and keywords are as follows:
    • 0—(Optional) The key is unencrypted.
    • 7—(Optional) The key is encrypted.
    • key-string—Up to 64 characters. It is recommended that the string be at least 16 characters. No prefix to the key-string argument means that the key is unencrypted.
    • timeout seconds—(Optional) Duration in seconds that VRRP will accept message digests based on both the old and new keys.
Note   

The key-string authentication method is encrypted if the service password-encryption command has been specified.

Command Default

VRRP authentication is disabled.

Command Modes

Interface configuration (config-if)

Command History

Release

Modification

12.0(18)ST

This command was introduced.

12.0(22)S

This command was integrated into Cisco IOS Release 12.0(22)S.

12.2(15)T

This command was integrated into Cisco IOS Release 12.2(15)T.

12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

12.3(14)T

The md5, key-string, 0, 7, and key-chain keywords were added. The text-string, key-string, and key-chain arguments were added.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2(31)SB2

This command was integrated into Cisco IOS Release 12.2(31)SB2.

12.2(31)SG

This command was integrated into Cisco IOS Release 12.2(31)SG.

12.2(17d)SXB

This command was integrated into Cisco IOS Release 12.2(17d)SXB.

Cisco IOS XE Release 2.1

This command was integrated into Cisco IOS XE Release 2.1.

Usage Guidelines

VRRP does not accept a virtual router group number 0 and never has an empty group. The valid range for the VRRP group is 1 to 255.

When a VRRP packet arrives from another router in the VRRP group, its authentication string is compared to the string configured on the local system. If the strings match, the message is accepted. If they do not match, the packet is discarded. The authentication string is sent unencrypted in all VRRP messages when using the vrrp authentication text text-string option.

All routers within the VRRP group must be configured with the same authentication string. If the same authentication string is not configured, the routers in the VRRP group will not communicate with each other and any misconfigured router in the group will change its state to master.

If password encryption is configured with the service password-encryption command, the software saves the key-string as encrypted text.


Note


Plain text authentication is not meant to be used for security. It simply provides a way to prevent a router that does not belong to a configured VRRP group from participating in it.


The timeout seconds keyword and argument specify the duration that the VRRP group will accept message digests based on both the old and new keys. This option allows time for configuration of all routers in a group with the new key. VRRP route flapping can be minimized by changing the keys on all the routers, provided that the master router is changed last. The master router should have its key string changed no later than one holdtime period, specified by the vrrp timers advertise interface configuration command, after the backup routers. This procedure ensures that the backup routers do not time out the master router.

Examples

The following example shows how to configure an authentication text string of x30dn78k:

Router(config-if)# vrrp 1 authentication x30dn78k

The following example shows how to configure an MD5 key string:

Router(config)# interface Ethernet0/1
Router(config-if)# description ed1-cat5a-7/10
Router(config-if)# vrrp 1 ip 10.21.0.10
Router(config-if)# vrrp 1 priority 110
Router(config-if)# vrrp 1 authentication md5 key-string f00c4s

The key ID for key-string authentication is always zero. If a key chain is configured with a key ID of zero, then the following configuration will work:

Examples

Router(config)# key chain vrrp1
Router(config-keychain)# key 0
Router(config-keychain-key)# key-string 54321098452103ab
!
Router(config)# interface Ethernet0/1
Router(config-if)# vrrp 1 ip 10.21.0.10
Router(config-if)# vrrp 1 authentication md5 key-chain vrrp1

Examples

Router(config)# interface Ethernet0/1
Router(config-if)# vrrp 1 ip 10.21.0.10
Router(config-if)# vrrp 1 authentication md5 key-string 54321098452103ab

Related Commands

Command

Description

key chain

Enables authentication for routing protocols.

service password-encryption

Encrypts passwords.

vrrp ip

Enables VRRP and identifies the IP address of the virtual router.

vrrp timers advertise

Configures the interval between successive advertisements by the master virtual router in a VRRP group.

vrrp delay

To configure the delay period before the initialization of all Virtual Router Redundancy Protocol (VRRP) groups on an interface, use the vrrp delay command in interface configuration mode. To remove all configured delays, use the no form of this command.

vrrp delay { minimum seconds [ reload seconds ] | reload seconds }

no vrrp delay { minimum seconds [ reload seconds ] | reload seconds }

Syntax Description

minimum seconds

The minimum time, in seconds, to delay VRRP group initialization after an interface comes up. Valid range is 1-10000.

reload reload-seconds

Time, in seconds, to delay after the router has reloaded. Valid range is 0-10000.

Command Default

No delay value is used.

Command Modes

Interface configuration (config-if)

Command History

Release

Modification

Cisco IOS XE Release 2.6

This command was introduced.

Usage Guidelines

Use the vrrp delay command to configure the delay period before the initialization of VRRP groups. This command applies to all VRRP groups on an interface. This command cannot be configured per-VRRP group.

The minimum seconds value is the minimum time (in seconds) to delay VRRP group initialization after an interface comes up. This minimum delay period applies to all subsequent interface events.

The reload seconds value is the time period to delay after the router has reloaded. This delay period applies only to the first interface-up event after the router has reloaded.

The recommended minimum seconds value is 30 seconds and the recommended reload seconds value is 60 seconds.

The no vrrp delay command removes all delays, and is equivalent to configuring 0 for each argument. When the no vrrp delay command is configure, there is no appreciable delay between the interface coming up and the VRRP groups on that interface becoming operational.

Examples

The following example shows how to configure a minimum delay of 30 seconds and a reload delay of 60 seconds:

Router(config)# interface gigabitethernet0/0/0
Router(config-if)# vrrp delay minimum 30 reload 60

Related Commands

Command

Description

vrrp name

Links a VRRS client to a VRRP group.

vrrp description

To assign a description to the Virtual Router Redundancy Protocol (VRRP) group, use the vrrp description command in interface configuration mode. To remove the description, use the no form of this command.

vrrp group description text

no vrrp group description

Syntax Description

group

Virtual router group number. The group number range is from 1 to 255.

text

Text (up to 80 characters) that describes the purpose or use of the group.

Command Default

There is no description of the VRRP group.

Command Modes

Interface configuration (config-if)

Command History

Release

Modification

12.0(18)ST

This command was introduced.

12.0(22)S

This command was integrated into Cisco IOS Release 12.0(22)S.

12.2(13)T

This command was integrated into Cisco IOS Release 12.2(13)T.

12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2(31)SB2

This command was integrated into Cisco IOS Release 12.2(31)SB2.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Cisco IOS XE Release 2.1

This command was integrated into Cisco IOS XE Release 2.1.

Examples

The following example enables VRRP on Ethernet interface 0. VRRP group 1 is described as Building A – Marketing and Administration.

Router(config)# interface ethernet 0
Router(config-if)# ip address 10.0.1.1 255.255.255.0
!
Router(config-if)# vrrp 1 ip 10.0.1.20
Router(config-if)# vrrp 1 description Building A - Marketing and Administration

Related Commands

Command

Description

vrrp ip

Enables VRRP and identifies the IP address of the virtual router.

vrrp ip

To enable the Virtual Router Redundancy Protocol (VRRP) on an interface and identify the IP address of the virtual router, use the vrrp ip command in interface configuration mode. To disable VRRP on the interface and remove the IP address of the virtual router, use the no form of this command.

vrrp group ip ip-address [secondary]

no vrrp group ip ip-address [secondary]

Syntax Description

group

Virtual router group number. The group number range is from 1 to 255.

ip-address

IP address of the virtual router.

secondary

(Optional) Indicates additional IP addresses supported by this group.

Command Default

VRRP is not configured on the interface.

Command Modes

Interface configuration (config-if)

Command History

Release

Modification

12.0(18)ST

This command was introduced.

12.0(22)S

This command was integrated into Cisco IOS Release 12.0(22)S.

12.2(15)T

This command was integrated into Cisco IOS Release 12.2(15)T.

12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2(31)SB2

This command was integrated into Cisco IOS Release 12.2(31)SB2.

12.2(31)SG

This command was integrated into Cisco IOS Release 12.2(31)SG.

12.2(17d)SXB

This command was integrated into Cisco IOS Release 12.2(17d)SXB.

Cisco IOS XE Release 2.1

This command was integrated into Cisco IOS XE Release 2.1.

Usage Guidelines

The vrrp ip command activates VRRP on the configured interface. The first IP address specified in the VRRP configuration is used as the primary address for the virtual router. For VRRP to elect a designated router, at least one router on the cable must have been configured with the primary address of the virtual router. Configuration of the primary address on the master router always overrides a primary address that is currently in use.

VRRP does not support address learning. All addresses must be configured.

All routers in the VRRP group must be configured with the same primary address for the virtual router. If different primary addresses are configured, the routers in the VRRP group will not communicate with each other and any misconfigured routers in the group will change their state to master.

Configure this command once without the secondary keyword to indicate the virtual router IP address. If you want to indicate additional IP addresses supported by this group, then do so and include the secondary keyword.


Note


You can configure the primary IP address of a VRRP group with the same address as the interface. When VRRP is configured in this manner, the router that has the interface IP address is always the master router. Removing the VRRP configuration from a router configured in this way and leaving the IP address of the interface active is considered a misconfiguration because duplicate IP addresses on the LAN will result. If you have configured VRRP in this way and need to remove the VRRP configuration, you can change the interface address to a different value. Alternately, you can also remove all VRRP group members that are using the virtual address equal to the interface address on the router. To avoid a period of duplicate address warnings, deconfigure all VRRP routers in the group. This leaves the address owner router the last to be deconfigured, which avoids duplicate address warnings.


VRRP must be in the master state for proxy Address Resolution Protocol (ARP) to use the VRRP virtual MAC address.

Examples

The following example shows how to enable VRRP on Ethernet interface 0. The VRRP group is 1. IP address 10.0.1.20 is the address of the virtual router.

Router(config)# interface ethernet 0
Router(config-if)# ip address 10.0.1.1 255.255.255.0
Router(config-if)# ip address 10.0.2.1 255.255.255.0 secondary
!
Router(config-if)# vrrp 1 ip 10.0.1.20
Router(config-if)# vrrp 1 ip 10.0.2.20 secondary

Related Commands

Command

Description

show vrrp

Displays a summary or detailed status of one or all configured VRRP groups.

vrrp name

To link a Virtual Router Redundancy Service (VRRS) client to a Virtual Router Redundancy Protocol (VRRP) group, use the vrrp name command in interface configuration mode. To disassociate a VRRS group from VRRS, use the no form of this command.

vrrp group-number name [vrrp-group-name]

no vrrp group-number name [vrrp-group-name]

Syntax Description

group-number

Virtual router group number. The group number range is from 1 to 255.

vrrp-group-name

(Optional) VRRP group name.

Command Default

VRRS clients are not linked to VRRP groups.

Command Modes

Interface configuration (config-if)

Command History

Release

Modification

Cisco IOS XE Release 2.6

This command was introduced.

Usage Guidelines

Use the vrrp name command to link VRRS clients to VRRP groups. VRRP provides stateless redundancy for IP routing. VRRP by itself is limited to maintaining its own state. Linking a VRRS client to a VRRP group allows client applications to implement stateful failover. IP redundancy clients are other Cisco IOS processes or applications that use VRRP to provide or withhold a service or resource dependent upon the state of the group.

Use the no vrrp name command to dissociates a VRRP group from VRRS. After this, the same VRRP group can be attached to a different VRRP name; or the VRRS name can be applied to a different VRRP group.

Examples

The following example shows how to link VRRS clients to a VRRP group named VRRP-Partition-1:

Router(config)# interface gigabitethernet0/0/0
Router(config-if)# vrrp 1 name VRRP-Partition-1

Related Commands

Command

Description

vrrs follow

Configures a name association between VRRS plug-ins and the VRRS server.

vrrp name

Links a VRRS client to a VRRP group.

vrrp preempt

To configure the router to take over as master virtual router for a Virtual Router Redundancy Protocol (VRRP) group if it has higher priority than the current master virtual router, use the vrrp preempt command in interface configuration mode. To disable this function, use the no form of this command.

vrrp group preempt [ delay minimum seconds ]

no vrrp group preempt

Syntax Description

group

Virtual router group number of the group for which preemption is being configured. The group number is configured with the vrrp ip command. The group number range is from 1 to 255.

delay minimum seconds

(Optional) Number of seconds that the router will delay before issuing an advertisement claiming master ownership. The default delay is 0 seconds.

Command Default

This command is enabled.

Command Modes

Interface configuration (config-if)

Command History

Release

Modification

12.0(18)ST

This command was introduced.

12.0(22)S

This command was integrated into Cisco IOS Release 12.0(22)S.

12.2(15)T

This command was integrated into Cisco IOS Release 12.2(15)T.

12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2(31)SB2

This command was integrated into Cisco IOS Release 12.2(31)SB2.

12.2(31)SG

This command was integrated into Cisco IOS Release 12.2(31)SG.

12.2(17d)SXB

This command was integrated into Cisco IOS Release 12.2(17d)SXB.

Cisco IOS XE Release 2.1

This command was integrated into Cisco IOS XE Release 2.1.

Usage Guidelines

By default, the router being configured with this command will take over as master virtual router for the group if it has a higher priority than the current master virtual router. You can configure a delay, which will cause the VRRP router to wait the specified number of seconds before issuing an advertisement claiming master ownership.


Note


The router that is the IP address owner will preempt, regardless of the setting of this command.


Examples

The following example configures the router to preempt the current master virtual router when its priority of 200 is higher than that of the current master virtual router. If the router preempts the current master virtual router, it waits 15 seconds before issuing an advertisement claiming it is the master virtual router.

Router(config-if)# vrrp 1 preempt delay minimum 15
Router(config-if)# vrrp 1 priority 200

Related Commands

Command

Description

vrrp ip

Enables VRRP and identifies the IP address of the virtual router.

vrrp priority

Sets the priority level of the router within a VRRP group.

vrrp priority

To set the priority level of the router within a Virtual Router Redundancy Protocol (VRRP) group, use the vrrp priority command in interface configuration mode. To remove the priority level of the router, use the no form of this command.

vrrp group priority level

no vrrp group priority level

Syntax Description

group

Virtual router group number. The group number range is from 1 to 255.

level

Priority of the router within the VRRP group. The range is from 1 to 254. The default is 100.

Command Default

The priority level is set to the default value of 100.

Command Modes

Interface configuration (config-if)

Command History

Release

Modification

12.0(18)ST

This command was introduced.

12.0(22)S

This command was integrated into Cisco IOS Release 12.0(22)S.

12.2(13)T

This command was integrated into Cisco IOS Release 12.2(13)T.

12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2(31)SB2

This command was integrated into Cisco IOS Release 12.2(31)SB2.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Cisco IOS XE Release 2.1

This command was integrated into Cisco IOS XE Release 2.1.

Usage Guidelines

Use this command to control which router becomes the master virtual router.

Examples

The following example configures the router with a priority of 254:

Router(config-if)# vrrp 1 priority 254

Related Commands

Command

Description

vrrp ip

Enables VRRP and identifies the IP address of the virtual router.

vrrp preempt

Configures the router to take over as master virtual router for a VRRP group if it has higher priority than the current master virtual router.

vrrp shutdown

To disable the Virtual Router Redundancy Protocol (VRRP) group on an interface, use the vrrp shutdown command in interface configuration mode.

vrrp group-number shutdown

Syntax Description

group-number

Virtual router group number. The group number range is from 1 to 255.

Command Default

VRRP groups configured by the vrrp group-number ip command are enabled by default.

Command Modes

Interface configuration (config-if)

Command History

Release

Modification

12.3(11)T

This command was introduced.

Cisco IOS XE Release 2.6

This command was integrated into Cisco IOS XE Release 2.6.

Usage Guidelines

When a VRRP group has been configured using the vrrp group-number ip command, the protocol is fully operational. The vrrp shutdown command is not displayed on the router, and to disable the protocol for one group, you must explicitly specify the group using the vrrp shutdown command.

Examples

The following example shows how to disable one VRRP group on Ethernet interface 0/1 (group 1) while retaining the VRRP group on Ethernet interface 0/2 (group 2):

Router(config)# interface ethernet0/1
Router(config-if)# ip address 10.0.1.1 255.255.255.0
Router(config-if)# vrrp 1 ip 10.0.1.254
Router(config-if)# vrrp 1 shutdown
!
Router(config)# interface ethernet0/2
Router(config-if)# ip address 10.0.42.1 255.255.255.0
Router(config-if)# vrrp 2 ip 10.0.42.254

Related Commands

Command

Description

show vrrp

Displays a summary or detailed status of one or all configured VRRP groups.

vrrp ip

Enables the VRRP on an interface and identify the IP address of the virtual router.

vrrp sso

To enable Virtual Router Redundancy Protocol (VRRP) support of Stateful Switchover (SSO) if it has been disabled, use the vrrp sso command in global configuration mode. To disable VRRP support of SSO, use the no form of this command.

vrrp sso

no vrrp sso

Syntax Description

This command has no arguments or keywords.

Command Default

VRRP support of SSO is enabled by default.

Command Modes

Global configuration (config)

Command History

Release

Modification

12.2(33)SRC

This command was introduced.

Cisco IOS XE Release 2.1

This command was integrated into Cisco IOS XE Release 2.1.

12.2(33)SXI

This command was integrated into Cisco IOS Release 12.2(33)SXI.

Usage Guidelines

Use this command to enable VRRP support of SSO if it has been manually disabled by the no vrrp sso command.

Examples

The following example shows how to disable VRRP support of SSO:

Router(config)# no vrrp sso

Related Commands

Command

Description

debug vrrp all

Displays debugging messages for VRRP errors, events, and state transitions.

debug vrrp ha

Displays debugging messages for VRRP high availability.

show vrrp

Displays a brief or detailed status of one or all configured VRRP groups.

vrrp timers advertise

To configure the interval between successive advertisements by the master virtual router in a Virtual Router Redundancy Protocol (VRRP) group, use the vrrp timers advertise command in interface configuration mode. To restore the default value, use the no form of this command.

vrrp group timers advertise [msec] interval

no vrrp group timers advertise [msec] interval

Syntax Description

group

Virtual router group number. The group number range is from 1 to 255.

msec

(Optional) Changes the unit of the advertisement time from seconds to milliseconds. Without this keyword, the advertisement interval is in seconds.

interval

Time interval between successive advertisements by the master virtual router. The unit of the interval is in seconds, unless the msec keyword is specified. The default is 1 second. The valid range is 1 to 255 seconds. When the msec keyword is specified, the valid range is 50 to 999 milliseconds.

Command Default

The default interval of 1 second is configured.

Command Modes

Interface configuration (config-if)

Command History

Release

Modification

12.0(18)ST

This command was introduced.

12.0(22)S

This command was integrated into Cisco IOS Release 12.0(22)S.

12.2(15)T

This command was integrated into Cisco IOS Release 12.2(15)T.

12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2(31)SB2

This command was integrated into Cisco IOS Release 12.2(31)SB2.

12.2(31)SG

This command was integrated into Cisco IOS Release 12.2(31)SG.

12.2(17d)SXB

This command was integrated into Cisco IOS Release 12.2(17d)SXB.

Cisco IOS XE Release 2.1

This command was integrated into Cisco IOS XE Release 2.1.

Usage Guidelines

The advertisements being sent by the master virtual router communicate the state and priority of the current master virtual router.

The vrrp timers advertise command configures the time between successive advertisement packets and the time before other routers declare the master router to be down. Routers or access servers on which timer values are not configured can learn timer values from the master router. The timers configured on the master router always override any other timer settings. All routers in a VRRP group must use the same timer values. If the same timer values are not set, the routers in the VRRP group will not communicate with each other and any misconfigured router will change its state to master.

Examples

The following example shows how to configure the master virtual router to send advertisements every 4 seconds:

Router(config-if)# vrrp 1 timers advertise 4

Related Commands

Command

Description

vrrp ip

Enables VRRP and identifies the IP address of the virtual router.

vrrp timers learn

Configures the router, when it is acting as backup virtual router for a VRRP group, to learn the advertisement interval used by the master virtual router.

vrrp timers learn

To configure the router when it is acting as backup virtual router for a Virtual Router Redundancy Protocol (VRRP) group to learn the advertisement interval used by the master virtual router, use the vrrp timers learn command in interface configuration mode. To prevent the local router from learning the advertisement interval of the master virtual router, use the no form of this command.

vrrp group timers learn

no vrrp group timers learn

Syntax Description

group

Virtual router group number to which the command applies. The group number range is from 1 to 255.

Command Default

Disabled; the local router calculates the downtime of the master virtual router based on the advertisement interval of the local router as configured by the vrrp timers advertise command.

Command Modes

Interface configuration (config-if)

Command History

Release

Modification

12.0(18)ST

This command was introduced.

12.0(22)S

This command was integrated into Cisco IOS Release 12.0(22)S.

12.2(15)T

This command was integrated into Cisco IOS Release 12.2(15)T.

12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2(31)SB2

This command was integrated into Cisco IOS Release 12.2(31)SB2.

12.2(31)SG

This command was integrated into Cisco IOS Release 12.2(31)SG.

12.2(17d)SXB

This command was integrated into Cisco IOS Release 12.2(17d)SXB.

Cisco IOS XE Release 2.1

This command was integrated into Cisco IOS XE Release 2.1.

Usage Guidelines

If this command is configured, when the local router is acting as a backup virtual router for the group, it will learn the advertisement interval of the current master virtual router from its master advertisements. The local router will use that value to calculate how long it should wait before deciding that the master virtual router has gone down. This command synchronizes timers with the current master virtual router.

Examples

The following example configures the router, when it is acting as backup virtual router, to learn the advertisement interval from the advertisements of the current master virtual router:

Router(config-if)# vrrp 1 timers learn

Related Commands

Command

Description

vrrp ip

Enables VRRP and identifies the IP address of the virtual router.

vrrp timers advertise

Configures the interval between successive advertisements by the master virtual router in a VRRP group.

vrrp track

To configure Virtual Router Redundancy Protocol (VRRP) to track an object, use the vrrp track command in interface configuration mode. To disable the tracking, use the no form of this command.

vrrp group track object-number [ decrement priority ]

no vrrp group track object-number [ decrement priority ]

Syntax Description

group

Group number to which the tracking applies. The group number range is from 1 to 255.

object-number

Object number in the range from 1 to 500 representing the object to be tracked.

decrement priority

(Optional) Amount by which the priority for the router is decremented (or incremented) when the tracked object goes down (or comes back up). The default value is 10. Decrements can be set to any value between 1 and 255.

Command Default

The default decrement value is 10. The range is from 1 and 255.

Command Modes

Interface configuration (config-if)

Command History

Release

Modification

12.3(2)T

This command was introduced.

12.2(25)S

This command was integrated into Cisco IOS Release 12.2(25)S.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Usage Guidelines

You can configure VRRP to track specific objects, such as an interface or IP route, that can alter the priority level of a virtual router for a VRRP group. The tracked objects are first defined using the track interface or track ip route global configuration command. The client process, in this case VRRP, registers interest in tracking these objects and can then be notified when the tracked object changes state.

Examples

In the following example, the tracking process is configured to track the IP routing capability of serial interface 1/0. VRRP on Ethernet interface 0/0 then registers with the tracking process to be informed of any changes to the IP routing state of serial interface 1/0. If the IP state on serial interface 1/0 goes down, then the priority of the VRRP group is reduced by 10.

If both serial interfaces are operational, then Router A will be the master virtual router because it has the higher priority.

However, if IP routing on serial interface 1/0 in Router A fails, then the HSRP group priority will be reduced and Router B will take over as the master virtual router, thus maintaining a default virtual gateway service to hosts on the 10.1.0.0 subnet.

Examples

Router(config)# track 100 interface serial1/0 ip routing
!
Router(config)# interface Ethernet0/0
Router(config-if)# ip address 10.1.0.21 255.255.0.0
Router(config-if)# vrrp 1 ip 10.1.0.1
Router(config-if)# vrrp 1 priority 105
Router(config-if)# vrrp 1 track 100 decrement 10

Examples

Router(config)# track 100 interface serial1/0 ip routing
!
Router(config)# interface Ethernet0/0
Router(config-if)# ip address 10.1.0.22 255.255.0.0
Router(config-if)# vrrp 1 ip 10.1.0.1
Router(config-if)# vrrp 1 priority 100
Router(config-if)# vrrp 1 track 100 decrement 10

Related Commands

Command

Description

track interface

Configures an interface to be tracked.

track ip route

Tracks the state of an IP route.

vrrs

To specify a distinct AAA accounting method list to use, a non-zero delay time for accounting-off messages, and additional attributes other than the default for a Virtual Router Redundancy Protocol (VRRP) group, enter the vrrs command in the global configuration mode. To return to the default values, use the no form of this command.

vrrs vrrs-group-name

no vrrs name

Syntax Description

vrrs-group-name

Name of a VRRS group.

Command Default

Accounting-on and accounting-off messages for a VRRP group are set with default accounting attributes, without any delay for accounting-off messages, and using the VRRS default accounting method list.

Command Modes

Global configuration (config)

Command History

Release

Modification

Cisco IOS XE Release 2.6

This command was introduced.

Usage Guidelines

The VRRS group name specified by the vrrs-group-name argument should match a VRRP group as configured by the vrrp name command in interface configuration mode.


Note


VRRS does not perform a cross-check of the VRRS group name between the vrrs global configuration command and the vrrp name interface configuration command. Any string entered is accepted.


The following RADIUS attributes are included in accounting messages by default:

  • Attribute 4, NAS-IP-Address
  • Attribute 26, Cisco VSA Type 1, vrrs
  • Attribute 40, Acct-Status-Type
  • Attribute 41, Acct-Delay-Type
  • Attribute 44 Acct-Session-Id

Examples

The following example shows how to configure a VRRS group named vrrp-group-1:

Router(config)# vrrs vrrp-group-1
Router(config-vrrs)# exit
Router(config)# interface gigabitethernet 1/0/0 
Router(config-if)# ip address 10.1.0.2 255.0.0.0
Router(config-if)# vrrp 1 ip 10.1.0.10
Router(config-if)# vrrp 1 name vrrp-group-1

Related Commands

Command

Description

vrrp ip

Enables the VRRP on an interface and identifies the IP address of the virtual router.

vrrp name

Links a VRRS client to a VRRP group.

vrrs follow

To configure a name association between Virtual Router Redundancy Service (VRRS) plug-ins and the VRRS server, use the vrrs follow command in subinterface configuration mode. To disassociate the VRRS plug-ins from a server, use the no form of this command.

vrrs follow name

no vrrs follow name

Syntax Description

name

A name that associates the VRRS plug-ins with a First Hop Redundancy Protocol (FHRP) server, via VRRS, that shares the same name.

Command Default

VRRS plug-ins remain detached and in the DOWN state.

Command Modes

Subinterface configuration (config-subif)

Command History

Release

Modification

Cisco IOS XE Release 2.6

This command was introduced.

Usage Guidelines

This command can be applied only to subinterfaces.

The no vrrs follow command disassociate the VRRS plug-ins from a server. The VRRS plug-ins are disabled after this, and are forced to the DOWN state until they are reattached to a new name.

Examples

The following example configures a name association between the VRRS interface-state and mac-address plug-ins and the VRRS server:

Router(config)# interface gigabitethernet0/0/0.1
Router(config-subif)# ip address 172.24.1.1 255.255.255.0
Router(config-subif)# vrrs follow name1
Router(config-subif)# vrrs interface-state
Router(config-subif)# vrrs mac-address 

Related Commands

Command

Description

vrrs interface-state

Configures the VRRP shutdown plug-in on an interface.

vrrs mac-address

Configures the VRRS mac-address plug-in on an interface.

vrrs interface-state

To configure the Virtual Router Redundancy Protocol (VRRP) shutdown plug-in on an interface, use the vrrs interface-state command in subinterface configuration mode. To disable the shutdown plug-in, use the no form of this command.

vrrs interface-state

no vrrs interface-state

Syntax Description

This command has no arguments or keywords.

Command Default

The VRRS shutdown plug-in remains detached and in the DOWN state.

Command Modes

Subinterface configuration (config-subif)

Command History

Release

Modification

Cisco IOS XE Release 2.6

This command was introduced.

Usage Guidelines

Use the vrrs interface-state command to configure the VRRP shutdown plug-in on an interface. When the line protocol is configured, and the Virtual Router Redundancy Service (VRRS) is in a nonactive state, the line protocol state of the interface is transitioned to down.

The vrrs follow command associates the interface-state plug-in with a First Hop Redundancy Protocol (FHRP) that is using the same name with VRRS. Removal of the vrrs interface-state command, or a change in the VRRS state to an active state, causes the line protocol state of the interface to transition to UP.

Examples

The following example shows how to configure the VRRP shutdown plug-in on an interface:

Router(config)# interface gigabitethernet0/0/1.1
Router(config-subif)# ip address 10.0.0.0 255.255.255.0
Router(config-subif)# vrrs follow vrrp-partition-1
Router(config-subif)# vrrs interface-state
Router(config-subif)# vrrs mac-address arp interval 5 duration 60

Related Commands

Command

Description

vrrs follow

Configures a name association between VRRS plug-ins and the VRRS server.

vrrs mac-address

Configures the VRRS mac-address plug-in on an interface.

vrrs mac-address

To configure the Virtual Router Redundancy Service (VRRS) mac-address plug-in on an interface, use the vrrs mac-address command in subinterface configuration mode. To disable the mac-address plug-in, use the no form of this command.

vrrs mac-address [ arp [ interval seconds ] [ duration seconds ] ]

no vrrs mac-address [ arp [ interval seconds ] [ duration seconds ] ]

Syntax Description

arp

(Optional) Enables sending gratuitous ARP messages.

interval seconds

(Optional) Specifies, the interval, in seconds, at which gratuitous ARPs are sent by the VRRS mac-address plug-in.

duration seconds

(Optional) Specifies, in seconds, how long the gratuitous ARP repeats continue. A value of 0 means indefinitely, but use of this option should be carefully considered because it may have a detrimental effect on the performance of the router or network.

Command Default

The VRRS mac-address plug-in remains detached and in the DOWN state.

Command Modes

Subinterface configuration (config-subif)

Command History

Release

Modification

Cisco IOS XE Release 2.6

This command was introduced.

Usage Guidelines

Use the vrrs mac-address command to configure the VRRS mac-address plug-in on an interface. When a virtual-MAC is configured, and VRRS is in an ACTIVE state, a virtual-MAC is added to the interface that is to be associated with the Primary IP address configured on that interface. Use the vrrs follow command to associate the mac-address plug-in with a First Hop Redundancy Protocol (FHRP) that is using the same name as VRRS. The mac-address plug-in can be enabled with all defaults by configuring the vrrs mac-address command with no optional keywords or arguments.

Examples

The following example shows how to configure the VRRS mac-address plug-in on an interface:

Router(config)# interface gigabitethernet0/0/1.1
Router(config-subif)# ip address 10.0.0.0 255.255.255.0
Router(config-subif)# vrrs follow vrrp-partition-1
Router(config-subif)# vrrs interface-state
Router(config-subif)# vrrs mac-address arp interval 5 duration 60

Related Commands

Command

Description

vrrs follow

Configures a name association between VRRS plug-ins and the VRRS server.

vrrs interface-state

Configures the VRRP shutdown plug-in on an interface.