Table Of Contents
sticky (firewall farm datagram protocol)
sticky (firewall farm TCP protocol)
weight (firewall farm real server)
standby preempt
To configure Hot Standby Router Protocol (HSRP) preemption and preemption delay, use the standby preempt command in interface configuration mode. To restore the default values, use the no form of this command.
standby [group-number] preempt [delay {minimum seconds | reload seconds | sync seconds}]
no standby [group-number] preempt [delay {minimum seconds | reload seconds | sync seconds}]
Syntax Description
Defaults
The default group number is 0.
The default delay is 0 seconds; if the router wants to preempt, it will do so immediately.
By default, the router that comes up later becomes the standby.Command Modes
Interface configuration (config-if)
Command History
Usage Guidelines
Note
Cisco IOS 12.2SX software releases earlier than Cisco IOS Release 12.2(33)SXH use the syntax from Cisco IOS Release 12.1, which supports preempt as a keyword for the standby priority command. Cisco IOS Release 12.2(33)SXH and later releases use Cisco IOS Release 12.2 syntax, which requires standby preempt and standby priority to be entered as separate commands.
When the standby preempt command is configured, the router is configured to preempt, which means that when the local router has a Hot Standby priority higher than the current active router, the local router should attempt to assume control as the active router. If preemption is not configured, the local router assumes control as the active router only if it receives information indicating no router is in the active state (acting as the designated router).
This command is separate from the standby delay minimum reload interface configuration command, which delays HSRP groups from initializing for the specified time after the interface comes up.
When a router first comes up, it does not have a complete routing table. If it is configured to preempt, it will become the active router, yet it is unable to provide adequate routing services. Solve this problem by configuring a delay before the preempting router actually preempts the currently active router.
When group number 0 is used, no group number is written to NVRAM, providing backward compatibility.
IP redundancy clients can prevent preemption from taking place. The standby preempt delay sync seconds command specifies a maximum number of seconds to allow IP redundancy clients to prevent preemption. When this expires, then preemption takes place regardless of the state of the IP redundancy clients.
The standby preempt delay reload seconds command allows preemption to occur only after a router reloads. This provides stabilization of the router at startup. After this initial delay at startup, the operation returns to the default behavior.
The no standby preempt delay command will disable the preemption delay but preemption will remain enabled. The no standby preempt delay minimum seconds command will disable the minimum delay but leave any synchronization delay if it was configured.
When the standby follow command is used to configure an HSRP group to become an IP redundancy client of another HSRP group, the client group takes its state from the master group it is following. Therefore, the client group does not use its timer, priority, or preemption settings. A warning is displayed if these settings are configured on a client group:
Router(config-if)# standby 1 preempt delay minimum 300% Warning: This setting has no effect while following another group.Examples
In the following example, the router will wait for 300 seconds (5 minutes) before attempting to become the active router:
interface ethernet 0standby ip 172.19.108.254standby preempt delay minimum 300standby priority
To configure Hot Standby Router Protocol (HSRP) priority, use the standby priority command in interface configuration mode. To restore the default values, use the no form of this command.
standby [group-number] priority priority
no standby [group-number] priority priority
Syntax Description
Defaults
The default group number is 0.
The default priority is 100.Command Modes
Interface configuration (config-if)
Command History
Usage Guidelines
Note
When group number 0 is used, the number 0 is written to NVRAM, providing backward compatibility.
The assigned priority is used to help select the active and standby routers. Assuming that preemption is enabled, the router with the highest priority becomes the designated active router. In case of ties, the primary IP addresses are compared, and the higher IP address has priority.
Note that the priority of the device can change dynamically if an interface is configured with the standby track command and another interface on the router or a tracked object goes down.
When the standby follow command is used to configure an HSRP group to become an IP redundancy client of another HSRP group, the client group takes its state from the master group it is following. Therefore, the client group does not use its timer, priority, or preemption settings. A warning is displayed if these settings are configured on a client group:
Router(config-if)# standby 1 priority 110%Warning: This setting has no effect while following another group.Examples
In the following example, the router has a priority of 120 (higher than the default value):
interface ethernet 0standby ip 172.19.108.254standby priority 120standby preempt delay 300Related Commands
standby track
Configures an interface so that the Hot Standby priority changes based on the availability of other interfaces.
standby redirect
To enable Hot Standby Router Protocol (HSRP) filtering of Internet Control Message Protocol (ICMP) redirect messages, use the standby redirect command in interface configuration mode. To disable the HSRP filtering of ICMP redirect messages, use the no form of this command.
standby redirect [timers advertisement holddown] [unknown]
no standby redirect [unknown]
Syntax Description
Command Default
HSRP filtering of ICMP redirect messages is enabled if HSRP is configured on an interface.
Command Modes
Interface configuration (config-if)
Command History
Usage Guidelines
The standby redirect command can be configured globally or on a per-interface basis. When HSRP is first configured on an interface, the setting for that interface will inherit the global value. If the filtering of ICMP redirects is explicitly disabled on an interface, then the global command cannot reenable this functionality.
With the standby redirect command enabled, the real IP address of a router can be replaced with a virtual IP address in the next hop address or gateway field of the redirect packet. HSRP looks up the next hop IP address in its table of real IP addresses versus virtual IP addresses. If HSRP does not find a match, the HSRP router allows the redirect packet to go out unchanged. The host HSRP router is redirected to a router that is unknown, that is, a router with no active HSRP groups. You can specify the no standby redirect unknown command to stop these redirects from being sent.
Examples
The following example shows how to allow HSRP to filter ICMP redirect messages on interface Ethernet 0:
interface ethernet 0ip address 10.0.0.1 255.0.0.0standby redirectstandby 1 ip 10.0.0.11The following example shows how to change the HSRP router advertisement interval to 90 seconds and the holddown timer to 270 seconds on interface Ethernet 0:
interface ethernet 0ip address 10.0.0.1 255.0.0.0standby redirect timers 90 270standby 1 ip 10.0.0.11Related Commands
show standby
Displays the HSRP information.
show standby redirect
Displays ICMP redirect information on interfaces configured with the HSRP.
standby send arp
To configure Hot Standby Router Protocol (HSRP) to send a single gratuitous ARP packet for each active HSRP group, use the standby send arp command in user EXEC or privileged EXEC mode.
standby send arp [interface-type interface-number [group-number]]
Syntax Description
Command Default
HSRP sends gratuitous ARP packets from an HSRP group when it changes to the Active state.
Command Modes
User EXEC
Privileged EXEC(#)Command History
Usage Guidelines
Use the standby send arp command to cause a single gratuitous ARP packet to be sent for each active group. HSRP checks that the virtual IP address is entered correctly in the ARP cache prior to sending a gratuitous ARP packet. If the ARP entry is incorrect then HSRP will try to re-add it. This enables you to ensure that a host ARP cache is updated prior to starting heavy CPU-usage processes or configurations.
Static or alias ARP entries cannot be overwritten by HSRP.
You can use the standby arp gratuitous command in interface configuration mode to configure the number of gratuitous ARP packets sent by an active HSRP group, and how often they are sent.
Examples
The following example shows how to configure HSRP to check that an ARP cache is refreshed prior to sending a gratuitous ARP packet:
Router# standby send arp ethernet0/0 1Related Commands
standby sso
To enable the Hot Standby Router Protocol (HSRP) Stateful Switchover (SSO), use the standby sso command in global configuration mode. To disable HSRP SSO, use the no form of this command.
standby sso
no standby sso
Syntax Description
This command has no arguments or keywords.
Command Default
HSRP SSO is enabled when redundancy mode SSO is configured.
Command Modes
Global configuration (config)
Command History
Usage Guidelines
Use the standby sso command to enable HSRP SSO. This is the default when redundancy mode SSO is configured. When standby SSO is enabled, traffic sent using an HSRP virtual IP address continues through the HSRP group member using the current path while a Route Processor (RP) switchover occurs. The HSRP state is maintained and kept synchronized across the redundant RPs within the chassis.
If you want the traffic to switch to a redundant device (another chassis) even though the redundant RP is capable of taking over, then the feature can be disabled by using the no form of the command. If the command is disabled and if the primary HSRP router fails, the HSRP state is not maintained across RP switchover and traffic targeted to the HSRP virtual IP address is handled by the standby HSRP router.
Examples
The following example shows how to reenable standby SSO for HSRP if it has been disabled:
standby ssoRelated Commands
debug standby events
Displays standby events related to HSRP.
show standby
Displays HSRP information.
standby timers
To configure the time between hello packets and the time before other routers declare the active Hot Standby or standby router to be down, use the standby timers command in interface configuration mode. To restore the timers to their default values, use the no form of this command.
standby [group-number] timers [msec] hellotime [msec] holdtime
no standby [group-number] timers [msec] hellotime [msec] holdtime
Syntax Description
Defaults
The default group number is 0.
The default hello interval is 3 seconds.
The default hold time is 10 seconds.Command Modes
Interface configuration (config-if)
Command History
Usage Guidelines
The standby timers command configures the time between standby hello packets and the time before other routers declare the active or standby router to be down. Routers or access servers on which timer values are not configured can learn timer values from the active or standby router. The timers configured on the active router always override any other timer settings. All routers in a Hot Standby group should use the same timer values. Normally, holdtime is greater than or equal to 3 times the value of hellotime. The range of values for holdtime force the holdtime to be greater than the hellotime. If the timer values are specified in milliseconds, the holdtime is required to be at least three times the hellotime value and not less than 50 milliseconds.
Some HSRP state flapping can occasionally occur if the holdtime is set to less than 250 milliseconds, and the processor is busy. It is recommended that holdtime values less than 250 milliseconds be used on Cisco 7200 platforms or better, and on Fast-Ethernet or FDDI interfaces or better. Setting the process-max-time command to a suitable value may also help with flapping.
The value of the standby timer will not be learned through HSRP hellos if it is less than 1 second.
When group number 0 is used, no group number is written to NVRAM, providing backward compatibility.
When the standby follow command is used to configure an HSRP group to become an IP redundancy client of another HSRP group, the client group takes its state from the master group it is following. Therefore, the client group does not use its timer, priority, or preemption settings. A warning is displayed if these settings are configured on a client group:
Router(config-if)# standby 1 timers 5 15% Warning: This setting has no effect while following another group.Examples
The following example sets, for group number 1 on Ethernet interface 0, the time between hello packets to 5 seconds, and the time after which a router is considered to be down to 15 seconds:
interface ethernet 0standby 1 ipstandby 1 timers 5 15The following example sets, for the Hot Router interface located at 172.19.10.1 on Ethernet interface 0, the time between hello packets to 300 milliseconds, and the time after which a router is considered to be down to 900 milliseconds:
interface ethernet 0standby ip 172.19.10.1standby timers msec 300 msec 900The following example sets, for the Hot Router interface located at 172.18.10.1 on Ethernet interface 0, the time between hello packets to 15 milliseconds, and the time after which a router is considered to be down to 50 milliseconds. Note that the holdtime is larger than three times the hellotime because the minimum holdtime value in milliseconds is 50.
interface ethernet 0standby ip 172.18.10.1standby timers msec 15 msec 50standby track
To configure the Hot Standby Router Protocol (HSRP) to track an object and change the Hot Standby priority on the basis of the state of the object, use the standby track command in interface configuration mode. To remove the tracking, use the no form of this command.
Cisco IOS XE Release 2.1 and Later Releases
standby track {object-number | interface-type interface-number [decrement priority-decrement]} [shutdown]
no standby track {object-number | interface-type interface-number}
Cisco IOS Release 12.2(33)SXH, 12.2(33)SRB and Later Releases
standby track {object-number | interface-type interface-number [decrement priority-decrement]} [shutdown]
no standby track {object-number | interface-type interface-number}
Cisco IOS Release 12.4(9)T and Later Releases
standby track {object-number [priority-decrement] | interface-type interface-number [decrement priority-decrement]} [shutdown]
no standby track {object-number | interface-type interface-number}
Cisco IOS Release 12.2(15)T and Later Releases
standby track {object-number [priority-decrement] | interface-type interface-number [decrement priority-decrement]}
no standby track {object-number | interface-type interface-number}
Cisco IOS Releases 12.2(13)T, 12.2(14)SX, 12.2(17dSXB), 12.2(33)SRA, and Earlier Releases
standby track interface-type interface-number [interface-priority]
no standby track interface-type interface-number [interface-priority]
Syntax Description
Command Default
There is no tracking.
Command Modes
Interface configuration (config-if)
Command History
Usage Guidelines
This command ties the Hot Standby priority of the router to the availability of its tracked objects. Use the track interface command or track ip route command to track an interface object or an IP-route object. The HSRP client can register its interest in the tracking process by using the standby track command and take action when the object changes.
When a tracked object goes down, the Hot Standby priority decreases by 10. If an object is not tracked, its state changes do not affect the Hot Standby priority. For each object configured for Hot Standby, you can configure a separate list of objects to be tracked.
The optional priority-decrement and interface-priority arguments specify how much to decrement the Hot Standby priority when a tracked object goes down. When the tracked object comes back up, the priority is incremented by the same amount.
When multiple tracked objects are down, the decrements are cumulative, whether configured with priority-decrement or interface-priority values or not.
The optional shutdown keyword configures the HSRP group to change to the Init state and become disabled rather than having its priority decremented when a tracked object goes down.
Use the no standby group-number track command to delete all tracking configuration for a group.
When group number 0 is used, no group number is written to NVRAM, providing backward compatibility.
The standby track command syntax prior to Cisco IOS Release 12.2(15)T is still supported. Using the older form of the command syntax will cause a tracked object to be created in the new tracking process. This tracking information can be displayed using the show track command.
Note
If you configure HSRP to track an interface, and that interface is physically removed as in the case of an Online Insertion and Removal (OIR) operation, then HSRP regards the interface as always down. You cannot remove the HSRP interface-tracking configuration. To prevent this situation, use the no standby track command before you physically remove the interface.
If an object is already being tracked by an HSRP group, you cannot change the configuration to use the HSRP Group Shutdown feature that disables the HSRP group. You must first remove the tracking configuration using the no standby track command and then reconfigure it using the standby track command with the shutdown keyword.
Examples
In the following example, the tracking process is configured to track the IP-routing capability of serial interface 1/0. HSRP on Ethernet interface 0/0 then registers with the tracking process to be informed of any changes to the IP-routing state of serial interface 1/0. If the IP state on serial interface 1/0 goes down, the priority of the HSRP group is reduced by 10.
If both serial interfaces are operational, Router A will be the HSRP active router because it has the higher priority. However, if IP routing on serial interface 1/0 in Router A fails, the HSRP group priority will be reduced and Router B will take over as the active router, thus maintaining a default virtual gateway service to hosts on the 10.1.0.0 subnet.
Router A Configuration
track 100 interface serial1/0 ip routing!interface Ethernet0/0ip address 10.1.0.21 255.255.0.0standby 1 ip 10.1.0.1standby 1 preemptstandby 1 priority 105standby 1 track 100 decrement 10Router B Configuration
track 100 interface serial1/0 ip routing!interface Ethernet0/0ip address 10.1.0.22 255.255.0.0standby 1 ip 10.1.0.1standby 1 preemptstandby 1 priority 11standby 1 track 100 decrement 10The following example shows how to change the configuration of a tracked object to include the HSRP Group Shutdown feature:
no standby 1 track 101 decrement 10standby 1 track 101 shutdownRelated Commands
standby use-bia
To configure the Hot Standby Router Protocol (HSRP) to use the burned-in address of the interface as its virtual MAC address, instead of the preassigned MAC address (on Ethernet and FDDI) or the functional address (on Token Ring), use the standby use-bia command in interface configuration mode. To restore the default virtual MAC address, use the no form of this command.
standby use-bia [scope interface]
no standby use-bia
Syntax Description
scope interface
(Optional) Specifies that this command is configured just for the subinterface on which it was entered, instead of the major interface.
Command Default
HSRP uses the preassigned MAC address on Ethernet and FDDI, or the functional address on Token Ring.
Command Modes
Interface configuration (config-if)
Command History
Usage Guidelines
Note
For an interface with this command configured, multiple standby groups can be configured. Hosts on the interface must have a default gateway configured. We recommend that you set the no ip proxy-arp command on the interface. It is desirable to configure the standby use-bia command on a Token Ring interface if there are devices that reject ARP replies with source hardware addresses set to a functional address.
When HSRP runs on a multiple-ring, source-routed bridging environment and the HRSP routers reside on different rings, configuring the standby use-bia command can prevent confusion about the routing information field.
Without the scope interface keywords, the standby use-bia command applies to all subinterfaces on the major interface. The standby use-bia command may not be configured both with and without the scope interface keywords at the same time.
Note
Examples
In the following example, the burned-in address of Token Ring interface 4/0 will be the virtual MAC address mapped to the virtual IP address:
Router(config)# interface token4/0Router(config-if)# standby use-biastandby version
To change the version of the Hot Standby Router Protocol (HSRP), use the standby version command in interface configuration mode. To change to the default version, use the no form of this command.
standby version {1 | 2}
no standby version
Syntax Description
Defaults
HSRP version 1 is the default HSRP version.
Command Modes
Interface configuration (config-if)
Command History
Usage Guidelines
HSRP version 2 addresses limitations of HSRP version 1 by providing an expanded group number range of 0 to 4095.
HSRP version 2 does not interoperate with HSRP version 1. An interface cannot operate both version 1 and version 2 because both versions are mutually exclusive. However, the different versions can be run on different physical interfaces of the same router. The group number range is from 0 to 255 for HSRP version 1 and from 0 to 4095 for HSRP version 2. You cannot change from version 2 to version 1 if you have configured groups above 255. Use the no standby version command to set the HSRP version to the default version, version 1.
If an HSRP version is changed, each group will reinitialize because it now has a new virtual MAC address.
Examples
The following example shows how to configure HSRP version 2 on an interface with a group number of 500:
!interface vlan500standby version 2standby 500 ip 172.20.100.10standby 500 priority 110standby 500 preemptstandby 500 timers 5 15Related Commands
start-forwarding-agent
To start the forwarding agent, use the start-forwarding-agent command in CASA-port configuration mode.
start-forwarding-agent port-number [password [seconds]]
Syntax Description
Defaults
The default initial number of affinities is 5000.
The default maximum number of affinities is 30,000.Command Modes
CASA-port configuration (config-casa)
Command History
Usage Guidelines
The forwarding agent must be started before you can configure any port information for the forwarding agent.
Examples
The following example specifies that the forwarding agent will listen for wildcard and fixed affinities on port 1637:
start-forwarding-agent 1637Related Commands
forwarding-agent
Specifies the port on which the forwarding agent will listen for wildcard and fixed affinities.
sticky (firewall farm datagram protocol)
To assign all connections from a client to the same firewall, use the sticky command in firewall farm datagram protocol configuration mode. To remove the client/server coupling, use the no form of this command.
sticky seconds[netmask netmask] [source | destination]
no sticky
Syntax Description
Defaults
Virtual servers are not associated with any groups.
Command Modes
Firewall farm datagram protocol configuration (config-slb-fw-udp)
Command History
Examples
The following example specifies that if a client's subsequent request for a firewall farm is made within 60 seconds of the previous request, then the same firewall is used for the connection:
Router(config)# ip slb firewallfarm FIRE1Router(config-slb-fw)# protocol datagramRouter(config-slb-fw-udp)# sticky 60Related Commands
sticky (firewall farm TCP protocol)
To assign all connections from a client to the same firewall, use the sticky command in firewall farm TCP protocol configuration mode. To remove the client/server coupling, use the no form of this command.
sticky seconds [netmask netmask] [source | destination]
no sticky
Syntax Description
Defaults
Virtual servers are not associated with any groups.
Command Modes
Firewall farm TCP protocol configuration (config-slb-fw-tcp)
Command History
Examples
The following example specifies that if a client's subsequent request for a firewall farm is made within 60 seconds of the previous request, then the same firewall is used for the connection:
Router(config)# ip slb firewallfarm FIRE1Router(config-slb-fw)# protocol tcpRouter(config-slb-fw-tcp)# sticky 60Related Commands
sticky (virtual server)
To assign all connections from a client to the same real server, use the sticky command in SLB virtual server configuration mode. To remove the client/server coupling, use the no form of this command.
sticky {duration [group group-id] [netmask netmask] | gtp imsi [group group-id] | radius calling-station-id | radius framed-ip [group group-id] | radius username [msid-cisco] [group group-id]}
no sticky {duration [group group-id] [netmask netmask] | gtp imsi [group group-id] | radius calling-station-id | radius framed-ip [group group-id] | radius username [msid-cisco] [group group-id]}
Syntax Description
Defaults
Sticky connections are not tracked.
Virtual servers are not associated with any groups.Command Modes
SLB virtual server configuration (config-slb-vserver)
Command History
Usage Guidelines
The last real server that was used for a connection from a client is stored for the set duration seconds. If a new connection from the client to the virtual server is initiated during that time, the same real server that was used for the previous connection is chosen for the new connection. If two virtual servers are placed in the same group, coincident connection requests for those services from the same IP address are handled by the same real server.
In Virtual Private Network (VPN) server load balancing, remember the following requirements:
•
•
•
In general packet radio service (GPRS) load balancing and the Home Agent Director, the sticky command is not supported.
In RADIUS load balancing, remember the following requirements:
•
•
•
•
•
For GTP load balancing:
•
•
Examples
The following example specifies that if a client's subsequent request for a virtual server is made within 60 seconds of the previous request, then the same real server is used for the connection. This example also places the virtual server in group 10.
Router(config)# ip slb vserver VS1Router(config-slb-vserver)# sticky 60 group 10Related Commands
synguard (virtual server)
To limit the rate of TCP SYNchronize sequence numbers (SYNs) handled by a virtual server to prevent a SYN flood denial-of-service attack, use the synguard command in SLB virtual server configuration mode. To remove the threshold, use the no form of this command.
synguard syn-count [interval]
no synguard
Syntax Description
Defaults
The default number of unacknowledged SYNs that are allowed to be outstanding to a virtual server is 0 (off).
The default interval is 100 ms.Command Modes
SLB virtual server configuration (config-slb-vserver)
Command History
Usage Guidelines
In general packet radio service (GPRS) load balancing and the Home Agent Director, the synguard command has no meaning and is not supported.
Examples
The following example sets the threshold of unacknowledged SYNs to 50:
Router(config)# ip slb vserver PUBLIC_HTTPRouter(config-slb-vserver)# synguard 50Related Commands
show ip slb vservers
Displays information about the virtual servers defined to IOS SLB.
virtual
Configures the virtual server attributes.
threshold metric
To set a threshold metric other than the default value, use the threshold metric command in tracking configuration mode. To disable the threshold metric, use the no form of this command.
threshold metric {up number [down number] | down number [up number]}
no threshold metric
Syntax Description
Command Default
No threshold is configured.
Command Modes
Tracking configuration (config-track)
Command History
Usage Guidelines
This command is available only to IP-route threshold metric objects tracked by the track ip route metric threshold global configuration command.
The default up and down threshold values are 254 and 255, respectively. With these values, IP-route threshold tracking gives the same result as IP-route reachability tracking.
Examples
In the following example, the tracking process is tracking the IP-route threshold metric. The metric default value is changed to 16 for the up threshold and to 20 for the down threshold.
track 1 ip route 10.22.0.0/16 metric thresholdthreshold metric up 16 down 20delay down 20Related Commands
track ip route
Tracks the state of IP routing and enters tracking configuration mode.
threshold percentage
To set a threshold percentage for a tracked object in a list of objects, use the threshold percentage command in tracking configuration mode. To disable the threshold percentage, use the no form of this command.
threshold percentage {up number [down number] | down number [up number]}
no threshold percentage
Syntax Description
up
Specifies the up threshold.
down
Specifies the down threshold.
number
Threshold value. The range is from 0 to 100.
Command Default
No threshold percentage is configured.
Command Modes
Tracking configuration (config-track)
Command History
Usage Guidelines
When you configure a tracked list using the track object-number list command, there are two keywords available: boolean and threshold. If you specify the threshold keyword, you can specify either the percentage or weight keywords. If you specify the percentage keyword, then the weight keyword is unavailable. If you specify the weight keyword, then the percentage keyword is unavailable.
You should configure the up percentage first. The valid range is from 1 to 100. The down percentage depends on what you have configured for up. For example, if you configure 50 percent for up, you will see a range from 0 to 49 percent for down.
Examples
In the following example, the tracked list 11 is configured to measure the threshold using an up percentage of 50 and a down percentage of 32:
track 11 list threshold percentageobject 1object 2threshold percentage up 50 down 32Related Commands
threshold weight
To set a threshold weight for a tracked object in a list of objects, use the threshold weight command in tracking configuration mode. To disable the threshold weight, use the no form of this command.
threshold weight {up number [down number] | down number [up number]}
no threshold weight [{up number [down number] | down number [up number]}]
Syntax Description
up
Specifies the up threshold.
down
Specifies the down threshold.
number
Threshold value. The range is from 1 to 255.
Command Default
No threshold weight is configured.
Command Modes
Tracking configuration (config-track)
Command History
Usage Guidelines
When you configure a tracked list of objects using the track object-number list command, there are two keywords available: boolean and threshold. If you specify the threshold keyword, you can specify either the percentage or weight keywords. If you specify the weight keyword, then the percentage keyword is unavailable. If you specify the percentage keyword, then the weight keyword is unavailable.
You should configure the up weight first. The valid range is from 1 to 255. The available down weight depends on what you have configured for the up weight. For example, if you configure 25 for up, you will see a range from 0 to 24 for down.
Examples
In the following example, the tracked list 12 is configured to measure a threshold using a specified weight:
track 12 list threshold weightobject 1object 2threshold weight up 35 down 22Related Commands
timeout (custom UDP probe)
To set a timeout for custom User Datagram Protocol (UDP) probes, use the timeout command in custom UDP probe configuration mode. To restore the default timeout, use the no form of this command.
timeout seconds
no timeout
Syntax Description
seconds
Time, in seconds, that IOS SLB waits for a response packet from the server after sending a custom UDP probe request packet. Valid range is 1 to 255. The default value is 30 seconds.
Defaults
The default custom UDP probe timeout is 30 seconds.
Command Modes
Custom UDP probe configuration
Command History
Examples
In the following example the custom UDP probe timeout is set to 20 seconds:
Router(config)# ip slb probe PROBE6 custom udpRouter(config-slb-probe)# timeout 20Related Commands
track
To configure an interface to be tracked where the Gateway Load Balancing Protocol (GLBP) weighting changes based on the state of the interface, use the track command in global configuration mode. To remove the tracking, use the no form of this command.
track object-number interface type number {line-protocol | ip routing}
no track object-number interface type number {line-protocol | ip routing}
Syntax Description
Command Default
The state of the interfaces is not tracked.
Command Modes
Global configuration (config)
Command History
Usage Guidelines
Use the track command in conjunction with the glbp weighting and glbp weighting track commands to configure parameters for an interface to be tracked. If a tracked interface on a GLBP router goes down, the weighting for that router is reduced. If the weighting falls below a specified minimum, the router will lose its ability to act as an active GLBP virtual forwarder.
Examples
In the following example, Fast Ethernet interface 0/0 tracks whether serial interfaces 2/0 and 3/0 are up. If either serial interface goes down, the GLBP weighting is reduced by the default value of 10. If both serial interfaces go down, the GLBP weighting will fall below the lower threshold and the router will no longer be an active forwarder. To resume its role as an active forwarder, the router must have both tracked interfaces back up, and the weighting must rise above the upper threshold.
track 1 interface serial 2/0 line-protocoltrack 2 interface serial 3/0 line-protocolinterface FastEthernet 0/0ip address 10.21.8.32 255.255.255.0glbp 10 weighting 110 lower 95 upper 105glbp 10 weighting track 1glbp 10 weighting track 2In the following example, Fast Ethernet interface 0/0 tracks whether serial interface 2/0 is enabled for IP routing, whether it is configured with an IP address, and whether the state of the interface is up. If serial interface 2/0 goes down, the GLBP weighting is reduced by a value of 20.
track 2 interface serial 2/0 ip routinginterface FastEthernet 0/0ip address 10.21.8.32 255.255.255.0glbp 10 weighting 110 lower 95 upper 105glbp 10 weighting track 2 decrement 20Related Commands
glbp weighting
Specifies the initial weighting value of a GLBP gateway.
glbp weighting track
Specifies an object to be tracked that affects the weighting of a GLBP gateway.
track application
To track the presence of Home Agent (HA), Gateway GPRS Support Node (GGSN), or Packet Data Serving Node (PDSN), traffic on a router and to enter tracking configuration mode, use the track application command in global configuration mode. To disable tracking of HA, General Packet Radio Service (GPRS), or GGSN traffic, use the no form of this command.
track object-number application {home-agent | ggsn | pdsn}
no track object-number application {home-agent | ggsn | pdsn}
Syntax Description
Command Default
Home Agent, GGSN, and PDSN traffic is not tracked.
Command Modes
Global configuration (config)
Command History
Usage Guidelines
Use this command to monitor the presence of Home Agent, PDSN, and GGSN traffic on a router for mobile wireless applications.
When a redundant pair of Home Agents running HSRP between them loses connectivity, both HSRP nodes become active. Once the connectivity is restored between the two nodes, a graceful way is needed to restore proper HSRP states without losing Home Agent bindings. During the time of no connectivity, one of the nodes will continue to process Home Agent, GGSN, or PDSN traffic while the other will not. The node that continues to process traffic needs to remain active once connectivity is restored. To ensure that the active node remains in the active state, the priority of the HSRP group member that does not process Home Agent traffic is reduced. Reducing the priority of the node that is not processing Home Agent traffic ensures that this node will become the standby after connectivity is restored. When connectivity is restored, the normal Home Agent state synchronization will get all bindings back into the inactive node and, depending on the preempt configuration, it may switch over again. This state synchronization ensures that no Mobile IP, GGSN or PDSN bindings are lost.
Note
Examples
The following example shows how to configure a router to track home agent traffic:
Router(config)# track 4 application home-agentRelated Commands
track interface
To configure an interface to be tracked and to enter tracking configuration mode, use the track interface command in global configuration mode. To remove the tracking, use the no form of this command.
track object-number interface type number {line-protocol | ip routing}
no track object-number interface type number {line-protocol | ip routing}
Syntax Description
Command Default
No interface is tracked.
Command Modes
Global configuration (config)
Command History
Usage Guidelines
This command reports a state value to clients. A tracked IP-routing object is considered up when the following criteria exist:
•
•
•
Interface IP routing will go down when one of the following criteria exist:
•
•
•
No space is required between the type number values.
Tracking the IP-routing state of an interface using the track interface ip routing command can be more useful in some situations than just tracking the line-protocol state using the track interface line-protocol command, especially on interfaces for which IP addresses are negotiated. For example, on a serial interface that uses the Point-to-Point Protocol (PPP), the line protocol could be up (link control protocol [LCP] negotiated successfully), but IP could be down (IPCP negotiation failed).
The track interface ip routing command supports the tracking of an interface with an IP address acquired through any of the following methods:
•
•
•
•
Examples
In the following example, the tracking process is configured to track the IP-routing capability of serial interface 1/0:
track 1 interface serial1/0 ip routingRelated Commands
track ip route
To track the state of an IP route and to enter tracking configuration mode, use the track ip route command in global configuration mode. To remove the tracking, use the no form of this command.
track object-number ip route ip-address/prefix-length {reachability | metric threshold}
no track object-number ip route ip-address/prefix-length {reachability | metric threshold}
Syntax Description
Command Default
The route to the subnet address is not tracked.
Command Modes
Global configuration (config)
Command History
Usage Guidelines
A tracked IP-route object is considered up and reachable when a routing-table entry exists for the route and the route is not inaccessible.
To provide a common interface to tracking clients, route metric values are normalized to the range of 0 to 255, where 0 is connected and 255 is inaccessible. The resulting value is compared against threshold values to determine the tracking state as follows:
•
•
The tracking process uses a per-protocol configurable resolution value to convert the real metric to the scaled metric. The metric value communicated to clients is always such that a lower metric value is better than a higher metric value.
Use the threshold metric tracking configuration command to specify a threshold metric other than the default threshold metric.
Examples
In the following example, the tracking process is configured to track the reachability of 10.22.0.0/16:
track 1 ip route 10.22.0.0/16 reachabilityIn the following example, the tracking process is configured to track the threshold metric using the default threshold metric values:
track 1 ip route 10.22.0.0/16 metric thresholdRelated Commands
show track
Displays HSRP tracking information.
threshold metric
Sets a threshold metric other than the default value.
track ip sla
To track the state of a Cisco IOS IP Service Level Agreements (SLAs) operation and to enter tracking configuration mode, use the track ip sla command in global configuration mode. To remove the tracking, use the no form of this command.
track object-number ip sla operation-number {state | reachability}
no track object-number ip sla operation-number {state | reachability}
Syntax Description
Defaults
IP SLAs tracking is disabled.
Command Modes
Global configuration (config)
Command History
Usage Guidelines
Every IP SLAs operation maintains an operation return-code value. This return code is interpreted by the tracking process. The return code may return OK, OverThreshold, and several other return codes. Different operations may have different return-code values, so only values common to all operation types are used.
Two aspects of an IP SLAs operation can be tracked: state and reachability. The difference between these aspects relates to the acceptance of the OverThreshold return code. Table 99 shows the state and reachability aspects of IP SLAs operations that can be tracked.
Table 99 Comparison of State and Reachability Operations
State
OK
(all other return codes)
Up
Down
Reachability
OK or over threshold
(all other return codes)
Up
Down
Examples
The following example shows how to configure the tracking process to track the state of IP SLAs operation 2:
track 1 ip sla 2 stateThe following example shows how to configure the tracking process to track the reachability of IP SLAs operation 3:
track 2 ip sla 3 reachabilitytrack list
To specify a list of objects to be tracked and the thresholds to be used for comparison, use the track list command in global configuration mode. To disable the tracked list, use the no form of this command.
track object-number list boolean {and | or} | threshold {weight | percentage}
no track object-number list boolean {and | or} | threshold {weight | percentage}
Syntax Description
Command Default
The list is not tracked.
Command Modes
Global configuration (config)
Command History
Examples
A track list object may be configured to track two serial interfaces when both serial interfaces are "up" and when either serial interface is "down," for example:
track 1 interface serial2/0 line-protocoltrack 2 interface serial2/1 line-protocoltrack 100 list boolean andobject 1object 2A track list object may be configured to track two serial interfaces when either serial interface is "up" and when both serial interfaces are "down," for example:
track 1 interface serial2/0 line-protocoltrack 2 interface serial2/1 line-protocoltrack 101 list boolean orobject 1object 2A track list object may be configured to track two serial interfaces when both serial interfaces are "up" and when both serial interface is "down," for example:
track 1 interface serial2/0 line-protocoltrack 2 interface serial2/1 line-protocoltrack 102 threshold weightobject 1 weight 10object 2 weight 10threshold weight up 20 down 0The configuration shown above provides some hysteresis in case one of the serial interfaces is flapping.
Related Commands
track resolution
To specify resolution parameters for a tracked object, use the track resolution command in global configuration mode. To disable this functionality, use the no form of this command.
track resolution ip route {eigrp resolution-value | isis resolution-value | ospf resolution-value | static resolution-value}
no track resolution ip route {eigrp resolution-value | isis resolution-value | ospf resolution-value | static resolution-value}
Syntax Description
Command Default
The track ip route metric resolution default values are used.
Command Modes
Global configuration (config)
Command History
Usage Guidelines
The track ip route command causes tracking of a route in the routing table. If a route exists in the table, the metric value is converted into a number in the range from 0 to 255. The metric resolution for the specified routing protocol is used to do the conversion. There are default values for the metric resolution but the track resolution command can be used to change the metric resolution default values.
Examples
In the following example, the EIGRP routing protocol has a resolution value of 280.
track resolution ip route eigrp 280Related Commands
track rtr
Note
To track the state of a Cisco IOS IP Service Level Agreements (SLAs) operation and to enter tracking configuration mode, use the track rtr command in global configuration mode. To remove the tracking, use the no form of this command.
track object-number rtr operation-number {state | reachability}
no track object-number rtr operation-number {state | reachability}
Syntax Description
Command Default
IP SLAs tracking is disabled.
Command Modes
Global configuration (config)
Command History
Usage Guidelines
Every IP SLAs operation maintains an operation return-code value. This return code is interpreted by the tracking process. The return code may return OK, OverThreshold, and several other return codes. Different operations may have different return-code values, so only values common to all operation types are used.
Two aspects of an IP SLAs operation can be tracked: state and reachability. The difference between these aspects relates to the acceptance of the OverThreshold return code. Table 99 shows the state and reachability aspects of IP SLAs operations that can be tracked.
Table 100 Comparison of State and Reachability Operations
State
OK
(all other return codes)
Up
Down
Reachability
OK or over threshold
(all other return codes)
Up
Down
Examples
The following example shows how to configure the tracking process to track the state of IP SLAs operation 2:
track 1 rtr 2 stateThe following example shows how to configure the tracking process to track the reachability of IP SLAs operation 3:
track 2 rtr 3 reachabilitytrack stub
To create a stub object that can be tracked by Embedded Event Manager (EEM) and to enter tracking configuration mode, use the track stub command in global configuration mode. To remove the stub object, use the no form of this command.
track object-number stub
no track object-number stub
Syntax Description
Command Default
No stub objects are created.
Command Modes
Global configuration (config)
Command History
Usage Guidelines
Use the track stub command to create a stub object, which is an object that can be tracked and manipulated by an external process, EEM. After the stub object is created, the default-state command can be used to set the default state of the stub object.
EEM is a distributed, scalable, and customized approach to event detection and recovery offered directly in a Cisco IOS device. EEM offers the ability to monitor events and take informational or corrective action when the monitored events occur or when a threshold is reached. An EEM policy is an entity that defines an event and the actions to be taken when that event occurs.
Examples
In the following example, stub object 1 is created and configured with a default state of up.
track 1 stubdefault-state upRelated Commands
default-state
Sets the default state for a stub object.
show track
Displays tracking information.
track timer
To specify the interval in which the tracking process polls the tracked object, use the track timer command in tracking configuration mode. To disable this functionality, use the no form of this command.
track timer {interface | ip route} seconds
no track timer {interface | ip route} seconds
Syntax Description
Command Default
If you do not use the track timer command to specify a polling interval, a tracked object will be tracked at the default polling interval.
Command Modes
Tracking configuration (config-track)
Command History
Examples
In the following example, the tracking process is configured to poll the tracked interface every 3 seconds:
track timer interface 3url (WSP probe)
To specify the URL path that a Wireless Session Protocol (WSP) probe is to request from the server, use the url command in WSP probe configuration mode. To restore the default settings, use the no form of this command.
url [path]
no url [path]
Syntax Description
Defaults
If no URL path is specified, the default is /.
Command Modes
WSP probe configuration (config-slb-probe)
Command History
Examples
The following example configures a ping probe named PROBE3, enters WSP probe configuration mode, and configures the probe to request URL path http://localhost/test.txt:
Router(config)# ip slb probe PROBE3 wspRouter(config-slb-probe)# url http://localhost/test.txtRelated Commands
username (IOS SLB)
To configure an ASCII regular expression string to be matched against the username attribute for RADIUS load balancing, use the username (IOS SLB) command in SLB RADIUS map configuration mode. To delete the username match string, use the no form of this command.
username string
no username string
Syntax Description
string
ASCII regular expression string to be matched against the username attribute in the RADIUS payload.
For information about regular expressions and how to use them in Cisco IOS software configurations, refer to the "Understanding Regular Expressions" section of the "Using the Cisco IOS Command-Line Interface" chapter of the Cisco IOS Configuration Fundamentals Configuration Guide:
http://www.cisco.com/en/US/docs/ios/fundamentals/configuration/guide/cf_cli-basics.html
Defaults
None
Command Modes
SLB RADIUS map configuration (config-slb-radius-map)
Command History
Usage Guidelines
For a given IOS SLB RADIUS map, you can configure a single calling-station-id command or a single username (IOS SLB) command, but not both.
Examples
The following example specifies that, for IOS SLB RADIUS map 1, string ...?525* is to be matched against the username attribute in the RADIUS payload:
Router(config)# ip slb map 1 radiusRouter(config-slb-radius-map)# username ...?525*Related Commands
virtual
To configure virtual server attributes, use the virtual command in SLB virtual server configuration mode. To remove the attributes, use the no form of this command.
Encapsulation Security Payload (ESP) and Generic Routing Encapsulation (GRE) Protocols
virtual ip-address [netmask [group]] {esp | gre | protocol}
no virtual ip-address [netmask [group]] {esp | gre | protocol}
TCP and User Datagram Protocol (UDP)
virtual ip-address [netmask [group]] {tcp | udp} [port | any] [service service]
no virtual ip-address [netmask [group]] {tcp | udp} [port | any] [service service]
Syntax Description
Defaults
No default behavior or values.
Command Modes
SLB virtual server configuration (config-slb-vserver)
Command History
Usage Guidelines
The no virtual command is allowed only if the virtual server was removed from service by the no inservice command.
For some applications, it is not feasible to configure all the virtual server TCP or UDP port numbers for IOS SLB. To support such applications, you can configure IOS SLB virtual servers to accept flows destined for all ports. To configure an all-port virtual server, specify a port number of 0 or any.
Note
Specifying port 9201 for connection-oriented WSP mode also activates the Wireless Application Protocol (WAP) finite state machine (FSM), which monitors WSP and drives the session FSM accordingly.
In RADIUS load balancing, IOS SLB maintains session objects in a database to ensure that re-sent RADIUS requests are load-balanced to the same real server.
Examples
The following example specifies that the virtual server with the IP address 10.0.0.1 performs load balancing for TCP connections for the port named www. The virtual server processes HTTP requests.
Router(config)# ip slb vserver PUBLIC_HTTPRouter(config-slb-vserver)# virtual 10.0.0.1 tcp wwwThe following example specifies that the virtual server with the IP address 10.0.0.13 performs load balancing for UDP connections for all ports. The virtual server processes HTTP requests.
Router(config)# ip slb vserver PUBLIC_HTTPRouter(config-slb-vserver)# virtual 10.0.0.13 udp 0Related Commands
ip slb vserver
Identifies a virtual server.
show ip slb vservers
Displays information about the virtual servers defined to IOS Server Load Balancing (IOS SLB).
vrrp authentication
To authenticate Virtual Router Redundancy Protocol (VRRP) packets received from other routers in the group, use the vrrp authentication command in interface configuration mode. To disable VRRP authentication, use the no form of this command.
vrrp group authentication {text-string | text text-string | md5 {key-chain key-chain | key-string [0 | 7] key-string [timeout seconds]}}
no vrrp group authentication {text-string | text text-string | md5 {key-chain key-chain | key-string [0 | 7] key-string [timeout seconds]}}
Syntax Description
Command Default
VRRP authentication is disabled.
Command Modes
Interface configuration (config-if)
Command History
Usage Guidelines
VRRP does not accept a virtual router group number 0 and never has an empty group. The valid range for the VRRP group is 1 to 255.
When a VRRP packet arrives from another router in the VRRP group, its authentication string is compared to the string configured on the local system. If the strings match, the message is accepted. If they do not match, the packet is discarded. The authentication string is sent unencrypted in all VRRP messages when using the vrrp authentication text text-string option.
All routers within the VRRP group must be configured with the same authentication string. If the same authentication string is not configured, the routers in the VRRP group will not communicate with each other and any misconfigured router in the group will change its state to master.
If password encryption is configured with the service password-encryption command, the software saves the key-string as encrypted text.
Note
The timeout seconds keyword and argument specify the duration that the VRRP group will accept message digests based on both the old and new keys. This option allows time for configuration of all routers in a group with the new key. VRRP route flapping can be minimized by changing the keys on all the routers, provided that the master router is changed last. The master router should have its key string changed no later than one holdtime period, specified by the vrrp timers advertise interface configuration command, after the backup routers. This procedure ensures that the backup routers do not time out the master router.
Examples
The following example shows how to configure an authentication text string of x30dn78k:
vrrp 1 authentication x30dn78kThe following example shows how to configure an MD5 key string:
interface Ethernet0/1description ed1-cat5a-7/10vrrp 1 ip 10.21.0.10vrrp 1 priority 110vrrp 1 authentication md5 key-string f00c4sThe key ID for key-string authentication is always zero. If a key chain is configured with a key ID of zero, then the following configuration will work:
Router 1
key chain vrrp1key 0key-string 54321098452103ab!interface Ethernet0/1vrrp 1 ip 10.21.0.10vrrp 1 authentication md5 key-chain vrrp1Router 2
interface Ethernet0/1vrrp 1 ip 10.21.0.10vrrp 1 authentication md5 key-string 54321098452103abRelated Commands
vrrp description
To assign a description to the Virtual Router Redundancy Protocol (VRRP) group, use the vrrp description command in interface configuration mode. To remove the description, use the no form of this command.
vrrp group description text
no vrrp group description
Syntax Description
group
Virtual router group number. The group number range is from 1 to 255.
text
Text (up to 80 characters) that describes the purpose or use of the group.
Command Default
There is no description of the VRRP group.
Command Modes
Interface configuration (config-if)
Command History
Examples
The following example enables VRRP on Ethernet interface 0. VRRP group 1 is described as Building A — Marketing and Administration.
interface ethernet 0ip address 10.0.1.1 255.255.255.0!vrrp 1 ip 10.0.1.20vrrp 1 description Building A - Marketing and AdministrationRelated Commands
vrrp ip
To enable the Virtual Router Redundancy Protocol (VRRP) on an interface and identify the IP address of the virtual router, use the vrrp ip command in interface configuration mode. To disable VRRP on the interface and remove the IP address of the virtual router, use the no form of this command.
vrrp group ip ip-address [secondary]
no vrrp group ip ip-address [secondary]
Syntax Description
Command Default
VRRP is not configured on the interface.
Command Modes
Interface configuration (config-if)
Command History
Usage Guidelines
The vrrp ip command activates VRRP on the configured interface. The first IP address specified in the VRRP configuration is used as the primary address for the virtual router. For VRRP to elect a designated router, at least one router on the cable must have been configured with the primary address of the virtual router. Configuration of the primary address on the master router always overrides a primary address that is currently in use.
VRRP does not support address learning. All addresses must be configured.
All routers in the VRRP group must be configured with the same primary address for the virtual router. If different primary addresses are configured, the routers in the VRRP group will not communicate with each other and any misconfigured routers in the group will change their state to master.
Configure this command once without the secondary keyword to indicate the virtual router IP address. If you want to indicate additional IP addresses supported by this group, then do so and include the secondary keyword.
Note
VRRP must be in the master state for proxy Address Resolution Protocol (ARP) to use the VRRP virtual MAC address.
Examples
The following example shows how to enable VRRP on Ethernet interface 0. The VRRP group is 1. IP address 10.0.1.20 is the address of the virtual router.
interface ethernet 0ip address 10.0.1.1 255.255.255.0ip address 10.0.2.1 255.255.255.0 secondary!vrrp 1 ip 10.0.1.20vrrp 1 ip 10.0.2.20 secondaryRelated Commands
show vrrp
Displays a summary or detailed status of one or all configured VRRP groups.
vrrp preempt
To configure the router to take over as master virtual router for a Virtual Router Redundancy Protocol (VRRP) group if it has higher priority than the current master virtual router, use the vrrp preempt command in interface configuration mode. To disable this function, use the no form of this command.
vrrp group preempt [delay minimum seconds]
no vrrp group preempt
Syntax Description
Defaults
This command is enabled.
Command Modes
Interface configuration (config-if)
Command History
Usage Guidelines
By default, the router being configured with this command will take over as master virtual router for the group if it has a higher priority than the current master virtual router. You can configure a delay, which will cause the VRRP router to wait the specified number of seconds before issuing an advertisement claiming master ownership.
Note
Examples
The following example configures the router to preempt the current master virtual router when its priority of 200 is higher than that of the current master virtual router. If the router preempts the current master virtual router, it waits 15 seconds before issuing an advertisement claiming it is the master virtual router.
vrrp 1 preempt delay minimum 15vrrp 1 priority 200Related Commands
vrrp ip
Enables VRRP and identifies the IP address of the virtual router.
vrrp priority
Sets the priority level of the router within a VRRP group.
vrrp priority
To set the priority level of the router within a Virtual Router Redundancy Protocol (VRRP) group, use the vrrp priority command in interface configuration mode. To remove the priority level of the router, use the no form of this command.
vrrp group priority level
no vrrp group priority level
Syntax Description
group
Virtual router group number. The group number range is from 1 to 255.
level
Priority of the router within the VRRP group. The range is from 1 to 254. The default is 100.
Defaults
level: 100
Command Modes
Interface configuration (config-if)
Command History
Usage Guidelines
Use this command to control which router becomes the master virtual router.
Examples
The following example configures the router with a priority of 254:
vrrp 1 priority 254Related Commands
vrrp shutdown
To disable the Virtual Router Redundancy Protocol (VRRP) group on an interface, use the vrrp shutdown command in interface configuration mode.
vrrp group shutdown
Syntax Description
Defaults
Enabled
Command Modes
Interface configuration (config-if)
Command History
12.3(11)T
This command was introduced.
Cisco IOS XE Release 2.1
This command was integrated into Cisco IOS XE Release 2.1.
Usage Guidelines
When a VRRP group has been configured using the vrrp group ip command, the protocol is fully operational. The vrrp shutdown command is not displayed on the router, and to disable the protocol for one group, you must explicitly specify the group using the vrrp shutdown command.
Examples
The following example shows how to disable one VRRP group on Ethernet interface 0/1 (group 1) while retaining the VRRP group on Ethernet interface 0/2 (group 2).
interface ethernet0/1ip address 10.0.1.1 255.255.255.0vrrp 1 ip 10.0.1.254vrrp 1 shutdown!interface ethernet0/2ip address 10.0.42.1 255.255.255.0vrrp 2 ip 10.0.42.254Related Commands
show vrrp
Displays a summary or detailed status of one or all configured VRRP groups.
vrrp sso
To enable Virtual Router Redundancy Protocol (VRRP) support of Stateful Switchover (SSO) if it has been disabled, use the vrrp sso command in global configuration mode. To disable VRRP support of SSO, use the no form of this command.
vrrp sso
no vrrp sso
Syntax Description
This command has no arguments or keywords.
Command Default
VRRP support of SSO is enabled by default.
Command Modes
Global configuration (config)
Command History
Usage Guidelines
Use this command to enable VRRP support of SSO if it has been manually disabled by the no vrrp sso command.
Examples
The following example shows how to disable VRRP support of SSO:
Router(config)# no vrrp ssoRelated Commands
vrrp timers advertise
To configure the interval between successive advertisements by the master virtual router in a Virtual Router Redundancy Protocol (VRRP) group, use the vrrp timers advertise command in interface configuration mode. To restore the default value, use the no form of this command.
vrrp group timers advertise [msec] interval
no vrrp group timers advertise [msec] interval
Syntax Description
Defaults
interval: 1 second
Command Modes
Interface configuration (config-if)
Command History
Usage Guidelines
The advertisements being sent by the master virtual router communicate the state and priority of the current master virtual router.
The vrrp timers advertise command configures the time between successive advertisement packets and the time before other routers declare the master router to be down. Routers or access servers on which timer values are not configured can learn timer values from the master router. The timers configured on the master router always override any other timer settings. All routers in a VRRP group must use the same timer values. If the same timer values are not set, the routers in the VRRP group will not communicate with each other and any misconfigured router will change its state to master.
Examples
The following example shows how to configure the master virtual router to send advertisements every 4 seconds:
vrrp 1 timers advertise 4Related Commands
vrrp timers learn
To configure the router, when it is acting as backup virtual router for a Virtual Router Redundancy Protocol (VRRP) group, to learn the advertisement interval used by the master virtual router, use the vrrp timers learn command in interface configuration mode. To prevent the local router from learning the advertisement interval of the master virtual router, use the no form of this command.
vrrp group timers learn
no vrrp group timers learn
Syntax Description
group
Virtual router group number to which the command applies. The group number range is from 1 to 255.
Defaults
Disabled; the local router calculates the downtime of the master virtual router based on the advertisement interval of the local router as configured by the vrrp timers advertise command.
Command Modes
Interface configuration (config-if)
Command History
Usage Guidelines
If this command is configured, when the local router is acting as a backup virtual router for the group, it will learn the advertisement interval of the current master virtual router from its master advertisements. The local router will use that value to calculate how long it should wait before deciding that the master virtual router has gone down. This command synchronizes timers with the current master virtual router.
Examples
The following example configures the router, when it is acting as backup virtual router, to learn the advertisement interval from the advertisements of the current master virtual router:
vrrp 1 timers learnRelated Commands
vrrp track
To configure the Virtual Router Redundancy Protocol (VRRP) to track an object, use the vrrp track command in interface configuration mode. To disable the tracking, use the no form of this command.
vrrp group track object-number [decrement priority]
no vrrp group track object-number [decrement priority]
Syntax Description
Defaults
The default decrement value is 10. The range is from 1 and 255.
Command Modes
Interface configuration (config-if)
Command History
Usage Guidelines
You can configure VRRP to track specific objects, such as an interface or IP route, that can alter the priority level of a virtual router for a VRRP group. The tracked objects are first defined using the track interface or track ip route global configuration command. The client process, in this case VRRP, registers interest in tracking these objects and can then be notified when the tracked object changes state.
Examples
In the following example, the tracking process is configured to track the IP routing capability of serial interface 1/0. VRRP on Ethernet interface 0/0 then registers with the tracking process to be informed of any changes to the IP routing state of serial interface 1/0. If the IP state on serial interface 1/0 goes down, then the priority of the VRRP group is reduced by 10.
If both serial interfaces are operational, then Router A will be the master virtual router because it has the higher priority.
However, if IP routing on serial interface 1/0 in Router A fails, then the HSRP group priority will be reduced and Router B will take over as the master virtual router, thus maintaining a default virtual gateway service to hosts on the 10.1.0.0 subnet.
Router A Configuration
!track 100 interface serial1/0 ip routing!interface Ethernet0/0ip address 10.1.0.21 255.255.0.0vrrp 1 ip 10.1.0.1vrrp 1 priority 105vrrp 1 track 100 decrement 10Router B Configuration
!track 100 interface serial1/0 ip routing!interface Ethernet0/0ip address 10.1.0.22 255.255.0.0vrrp 1 ip 10.1.0.1vrrp 1 priority 100vrrp 1 track 100 decrement 10Related Commands
track interface
Configures an interface to be tracked.
track ip route
Tracks the state of an IP route.
weight (firewall farm real server)
To specify a real server's capacity, relative to other real servers in the firewall farm, use the weight command in firewall farm real server configuration mode. To restore the default weight value, use the no form of this command.
weight setting
no weight
Syntax Description
setting
Weight setting to use for the real server predictor algorithm. Valid settings range from 1 to 255. The default weight setting is 8.
Defaults
The default setting to use for the real server predictor algorithm is 8.
Command Modes
Firewall farm real server configuration (config-slb-fw-real)
Command History
Examples
The following example specifies the relative weights of three real servers as 16, 8 (by default), and 24, respectively:
Router(config)# ip slb firewallfarm FIRE1Router(config-slb-fw)# real 10.10.1.1Router(config-slb-fw-real)# weight 16Router(config-slb-fw-real)# inserviceRouter(config-slb-fw-real)# exitRouter(config-slb-fw)# real 10.10.1.2Router(config-slb-fw-real)# inserviceRouter(config-slb-fw-real)# exitRouter(config-slb-fw)# real 10.10.1.3Router(config-slb-fw-real)# weight 24Related Commands
weight (real server)
To specify a real server's capacity, relative to other real servers in the server farm, use the weight command in SLB real server configuration mode. To restore the default weight value, use the no form of this command.
weight setting
no weight
Syntax Description
setting
Weight setting to use for the real server predictor algorithm. Valid settings range from 1 to 255. The default weight setting is 8.
Defaults
The default setting to use for the real server predictor algorithm is 8.
Command Modes
SLB real server configuration (config-slb-sfarm)
Command History
Usage Guidelines
The static weights you define using this command are overridden by the weights calculated by Dynamic Feedback Protocol (DFP). If DFP is removed from the network, IOS Server Load Balancing (IOS SLB) reverts to these static weights.
Examples
The following example specifies the relative weights of three real servers as 16, 8 (by default), and 24, respectively:
Router(config)# ip slb serverfarm PUBLIC!-----First real serverRouter(config-slb-sfarm)# real 10.10.1.1!-----Assigned weight of 16Router(config-slb-real)# weight 16!-----EnabledRouter(config-slb-real)# inserviceRouter(config-slb-real)# exit!-----Second real serverRouter(config-slb-sfarm)# real 10.10.1.2!-----Enabled with default weightRouter(config-slb-real)# inserviceRouter(config-slb-real)# exit!-----Third real serverRouter(config-slb-sfarm)# real 10.10.1.3!-----Assigned weight of 24, not enabledRouter(config-slb-real)# weight 24Related Commands
