Home
Support
Product Support
Routers
Cisco SD-WAN
Configuration Guides

Cisco Catalyst SD-WAN Interfaces Configuration Guide, Releases 26.x and Later

What redundant gateway service does VRRP provide?
Where is VRRP configured within a service-side VPN?
Which command displays sample VRRP output?

View all Saved Content

PDF

Is this content helpful?

Helpful Unhelpful

Suggestions for Improvement

Thank you for your feedback. Your response has been recorded.

Ask about this content

Cisco Catalyst SD-WAN Interfaces Configuration Guide, Releases 26.x and Later

What redundant gateway service does VRRP provide?
Where is VRRP configured within a service-side VPN?
Which command displays sample VRRP output?

Expand all sections

About this content

Network Interfaces

Network Interfaces

Cellular Interfaces

Feature history for cellular interfaces
Cellular interfaces
Supported devices
Guidelines
Configure cellular interface
Reset the profile configuration of a cellular modem
Troubleshoot LTE modem crash

DSL IPoE

Configure DSL IPoE

DSL PPPoA

Configure DSL PPPoA

DSL PPPoE

Feature history for DSL PPPoe
Configure DSL PPPoE

Dynamic Interfaces

Feature history for dynamic interfaces
Configure dynamic interfaces

EtherChannels

Feature history for EtherChannels
EtherChannels on the service side
EtherChannels on the transport side
Monitor configured EtherChannel using CLI
Aggregate EtherChannel Quality of Service

IP Directed Broadcast

IP directed broadcast
Configure IP directed broadcast using CLI commands

Loopback Interfaces

Feature history for loopback interfaces
Loopback interfaces
Implicit ACLs on loopback interfaces
Loopback TLOC interface bound to a physical WAN interface
Loopback TLOC interface not bound to a physical WAN interface
Bind mode and unbind mode
Configure implicit ACL on loopback interfaces using CLI commands
Examples of implicit ACL configurations on loopback interfaces
Verify implicit ACL configurations on loopback interfaces

Subinterfaces

Subinterfaces
Configuration examples for subinterfaces
Verify configurations on subinterfaces

VPN Ethernet Interface

Configure VPN ethernet interface

VPN Interface Bridge

Configure VPN interface bridge

VPN Interface Ethernet PPPoE

Configure VPN interface ethernet PPPoE

VPN Interface GRE

Configure VPN interface GRE

VPN Interface IPsec

Feature history for VPN interface IPsec
Configure VPN interface IPsec
CLI configuration examples for VPN interface IPsec

VPN Interface Multilink

Configure VPN interface multilink

VPN Interface SVI

Feature history for VPN interface SVI
Configure VPN interface SVI

VPN Interface T1/E1

Configure VPN interface T1/E1

VRRP Interface Tracking

Feature history for VRRP interface tracking
VRRP
Restrictions for VRRP interface tracking
VRRP tracking use cases
Configure VRRP
Configure VRRP tracking using CLI templates
Configure VRRP tracking
Monitor VRRP configuration
Verify VRRP tracking

VRRP tracking use cases

Updated: April 24, 2026

Want to summarize with AI?

On this page

Zscaler Tunnel Use Case 1—Primary VRRP, Single Internet Provider

Zscaler Tunnel Use Case 2—VRRP Routers in TLOC Extension, Dual Internet Providers

TLOC Preference

Outlines various VRRP tracking use cases, demonstrating scenarios where VRRP interface tracking improves resilience and supports dynamic failover in real-world networks.

The VRRP state is determined based on the tunnel link status. If the tunnel or interface is down on the primary VRRP, then the traffic is directed to the secondary VRRP. The secondary VRRP router in the LAN segment becomes primary VRRP to provide gateway for the service-side traffic.

Zscaler Tunnel Use Case 1—Primary VRRP, Single Internet Provider

The primary and secondary Zscaler tunnels are connected through a single internet provider to the primary VRRP. The primary and secondary VRRP routers are connected using TLOC extension. In this scenario, the VRRP state transitions occurs if the primary and secondary tunnels go down on the primary VRRP. The predetermined priority value decrements when the tracking object is down, which triggers the VRRP state transition. To avoid asymmetric routing, VRRP notifies this change to the Overlay through OMP.

Zscaler Tunnel Use Case 2—VRRP Routers in TLOC Extension, Dual Internet Providers

The primary and secondary VRRP routers are configured in TLOC extension high availability mode. The primary and secondary Zscaler tunnels are directly connected with primary and secondary VRRP routers, respectively, using dual internet providers. In this scenario too, the VRRP state transition occurs if the primary and secondary tunnels go down on the primary VRRP. The predetermined priority value decrements when the tracking object is down, which triggers the VRRP state transition. VRRP notifies this change to the overlay through OMP.

TLOC Preference

Transport Locators (TLOCs) connect an OMP route to a physical location. A TLOC is directly reachable using an entry in the routing table of the physical network, or represented by a prefix beyond a NAT device.

In Cisco IOS XE Catalyst SD-WAN devices, the TLOC change increase preference value increases based on the configured value. You can configure the TLOC change increase preference value on both the active and the backup nodes.

Need help?

Open a support case

(Requires a Cisco Service Contract)

Bias-free language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.