0

Configuring VRRP

Introduction

Virtual Router Redundancy Protocol is an open standard protocol that is used to provide redundancy in a network. It is a network layer protocol.
If one router fails, you will need a secondary router that will forward packets to the next hop.

In this lab, we are going to configure VRRP on the two Distribution Layer switches. We have vlans 10,20,30 and 40. Both of these switches will act as primary and secondary to these vlans.
On the DLS-I switch, we are going to configure it to be the primary gateway for vlans 10 and 20 and be the secondary gateway for vlans 30 and 40.
On the DLS-II switch, we are going to configure it to be the primary gateway for vlans 30 and 40 and be the secondary gateway for vlans 10 and 20.
We will verify these configurations later on.

NB: In the below topology, i have already configured ospf, vlans and inter-vlan routing and therefore there is full connectivity across the network.

We can begin by configuring VRRP on the DLS-I switch as below. We shall make the gateways of vlans 10 and 20 to primary and gateways of vlans 30 and 40 to secondary by setting the correct priority values.

On DLS-I Switch, the configuration is as below:

DLS-I(config-if)#
DLS-I(config-if)#vrrp
DLS-I(config-if)#vrrp 10 prio
DLS-I(config-if)#vrrp 10 priority 150
DLS-I(config-if)#
DLS-I(config-if)#vrrp
DLS-I(config-if)#vrrp 10 ip 10.1.10.252
DLS-I(config-if)#
DLS-I(config-if)#vrr
*May  8 22:19:31.034: %VRRP-6-STATECHANGE: Vl10 Grp 10 state Init -> Backupp
DLS-I(config-if)#vrrp
DLS-I(config-if)#vrrp auth
DLS-I(config-if)#vrrp
*May  8 22:19:34.448: %VRRP-6-STATECHANGE: Vl10 Grp 10 state Backup -> Master1
DLS-I(config-if)#vrrp 10 auth
DLS-I(config-if)#vrrp 10 authentication tex
DLS-I(config-if)#vrrp 10 authentication text admin
DLS-I(config-if)#
DLS-I(config-if)#exit
DLS-I(config)#
DLS-I(config)#int vlan 20
DLS-I(config-if)#
DLS-I(config-if)#
DLS-I(config-if)#vrrp
DLS-I(config-if)#vrrp 20 pri
DLS-I(config-if)#vrrp 20 priority 150
DLS-I(config-if)#
DLS-I(config-if)#vrrp
DLS-I(config-if)#vrrp 20 ip 10.1.20.252
DLS-I(config-if)#
DLS-I(config-if)#vrrp
DLS-I(config-if)#vrrp
*May  8 22:20:24.272: %VRRP-6-STATECHANGE: Vl20 Grp 20 state Init -> Backup
DLS-I(config-if)#vrrp 20 auth
DLS-I(config-if)#vrrp 20 authentication tex
DLS-I(config-if)#vrrp 20 authentication text admin
DLS-I(config-if)#
*May  8 22:20:27.686: %VRRP-6-STATECHANGE: Vl20 Grp 20 state Backup -> Master
DLS-I(config-if)#exi
DLS-I(config)#

The gateways of vlans 10 and 20 have become Master meaning they are now the primary gateways.

DLS-I(config)#
DLS-I(config)#
DLS-I(config)#int vlan 30
DLS-I(config-if)#
DLS-I(config-if)#
DLS-I(config-if)#
DLS-I(config-if)#vrrp
DLS-I(config-if)#vrrp 30 prio
DLS-I(config-if)#vrrp 30 priority 100
DLS-I(config-if)#
DLS-I(config-if)#vrrp
DLS-I(config-if)#vrrp 30 ip 192.168.30.252
DLS-I(config-if)#vrrp
DLS-I(config-if)#vrrp
*May  8 22:22:39.773: %VRRP-6-STATECHANGE: Vl30 Grp 30 state Init -> Backup
DLS-I(config-if)#vrrp 30 auth
DLS-I(config-if)#vrrp 30 authentication te
*May  8 22:22:43.382: %VRRP-6-STATECHANGE: Vl30 Grp 30 state Backup -> Master
DLS-I(config-if)#vrrp 30 authentication tex
DLS-I(config-if)#vrrp 30 authentication text admin
DLS-I(config-if)#
DLS-I(config-if)#exit
DLS-I(config)#
DLS-I(config)#int vlan 40
DLS-I(config-if)#v
% Ambiguous command:  "v"
DLS-I(config-if)#
DLS-I(config-if)#vrrp
DLS-I(config-if)#vrrp 40 prio
DLS-I(config-if)#vrrp 40 priority 100
DLS-I(config-if)#vrrp
DLS-I(config-if)#vrrp 40 ip 192.168.40.252
DLS-I(config-if)#
DLS-I(config-if)#vrrp
DLS-I(config-if)#vrrp
*May  8 22:23:20.711: %VRRP-6-STATECHANGE: Vl40 Grp 40 state Init -> Backup
DLS-I(config-if)#vrrp 40 aut
DLS-I(config-if)#vrrp 40 authentication t
*May  8 22:23:24.337: %VRRP-6-STATECHANGE: Vl40 Grp 40 state Backup -> Master
DLS-I(config-if)#vrrp 40 authentication tex
DLS-I(config-if)#vrrp 40 authentication text admin
DLS-I(config-if)#
DLS-I(config-if)#
DLS-I(config-if)#exit
DLS-I(config)#
DLS-I(config)#

We can now proceed to DLS-II and configure the backup for vlans 10 and 20 and Master for vlans 30 and 40

DLS-II(config)#
DLS-II(config)#
DLS-II(config)#int vlan 10
DLS-II(config-if)#
DLS-II(config-if)#
DLS-II(config-if)#vrrp
DLS-II(config-if)#vrrp 10 prio
DLS-II(config-if)#vrrp 10 priority 100
DLS-II(config-if)#
DLS-II(config-if)#vrrp
DLS-II(config-if)#vrrp 10 ip 10.1.10.252
DLS-II(config-if)#
DLS-II(config-if)#vrr
DLS-II(config-if)#vrrp
*May  8 22:24:22.422: %VRRP-6-STATECHANGE: Vl10 Grp 10 state Init -> Backup
*May  8 22:24:22.426: %VRRP-6-STATECHANGE: Vl10 Grp 10 state Init -> Backup
DLS-II(config-if)#vrrp
*May  8 22:24:22.764: %VRRP-4-BADAUTHTYPE: Bad authentication from 10.1.10.254, group 10, type 1, expected 0
DLS-II(config-if)#vrrp 10 text
DLS-II(config-if)#vrrp 10 tex
*May  8 22:24:26.035: %VRRP-6-STATECHANGE: Vl10 Grp 10 state Backup -> Master
DLS-II(config-if)#vrrp 10 auth
DLS-II(config-if)#vrrp 10 authentication text
DLS-II(config-if)#vrrp 10 authentication text admin
DLS-II(config-if)#
DLS-II(config-if)#exit
DLS-II(config)#
DLS-II(config)#int
*May  8 22:24:32.785: %VRRP-6-STATECHANGE: Vl10 Grp 10 state Master -> Backupv
DLS-II(config)#int vlan 20
DLS-II(config-if)#
DLS-II(config-if)#
DLS-II(config-if)#vrrp
DLS-II(config-if)#vrrp 20 pri
DLS-II(config-if)#vrrp 20 priority 100
DLS-II(config-if)#
DLS-II(config-if)#vrrp
DLS-II(config-if)#vrrp 20 ip 10.1.20.252
DLS-II(config-if)#
DLS-II(config-if)#vrrp
DLS-II(config-if)#vrrp 2
*May  8 22:24:48.992: %VRRP-6-STATECHANGE: Vl20 Grp 20 state Init -> Backup
DLS-II(config-if)#vrrp 20 aut
DLS-II(config-if)#vrrp 20 authentication
*May  8 22:24:52.603: %VRRP-6-STATECHANGE: Vl20 Grp 20 state Backup -> Master
DLS-II(config-if)#vrrp 20 authentication text
*May  8 22:24:52.885: %VRRP-4-BADAUTHTYPE: Bad authentication from 10.1.20.254, group 20, type 1, expected 0
DLS-II(config-if)#vrrp 20 authentication text
DLS-II(config-if)#vrrp 20 authentication text admin
DLS-II(config-if)#
DLS-II(config-if)#
DLS-II(config-if)#exit
DLS-II(config)#
DLS-II(config)#
DLS-II(config)#
DLS-II(config)#
*May  8 22:24:56.615: %VRRP-6-STATECHANGE: Vl20 Grp 20 state Master -> Backup
DLS-II(config)#

Setting the primary gateways for vlans 30 and 40 on the DLS-II switch.

DLS-II(config)#
DLS-II(config)#
DLS-II(config)#int vlan 30
DLS-II(config-if)#
DLS-II(config-if)#
DLS-II(config-if)#
DLS-II(config-if)#vrrp
DLS-II(config-if)#vrrp 30 pri
DLS-II(config-if)#vrrp 30 priority 150
DLS-II(config-if)#
DLS-II(config-if)#vrrp
DLS-II(config-if)#vrrp
*May  8 22:25:42.715: %VRRP-4-BADAUTHTYPE: Bad authentication from 192.168.30.253, group 30, type 1, expected 0
DLS-II(config-if)#vrrp 30 ip 192.168.30.252
DLS-II(config-if)#
DLS-II(config-if)#vrrp
*May  8 22:25:53.829: %VRRP-6-STATECHANGE: Vl30 Grp 30 state Init -> Backup
DLS-II(config-if)#vrrp 30 auth
DLS-II(config-if)#vrrp 30 authentication te
*May  8 22:25:57.242: %VRRP-6-STATECHANGE: Vl30 Grp 30 state Backup -> Master
DLS-II(config-if)#vrrp 30 authentication text
DLS-II(config-if)#vrrp 30 authentication text admin
DLS-II(config-if)#
DLS-II(config-if)#
DLS-II(config-if)#exit
DLS-II(config)#
DLS-II(config)#int vlan 40
DLS-II(config-if)#
DLS-II(config-if)#
DLS-II(config-if)#vrr
DLS-II(config-if)#vrrp 40 prio
DLS-II(config-if)#vrrp 40 priority 150
DLS-II(config-if)#
DLS-II(config-if)#vrrp
DLS-II(config-if)#vrrp 40
*May  8 22:26:12.822: %VRRP-4-BADAUTHTYPE: Bad authentication from 192.168.40.253, group 40, type 1, expected 0
DLS-II(config-if)#vrrp 40 ip 192.168.40.252
DLS-II(config-if)#
DLS-II(config-if)#
DLS-II(config-if)#vrrp
DLS-II(config-if)#vrrp
*May  8 22:26:19.673: %VRRP-6-STATECHANGE: Vl40 Grp 40 state Init -> Backup
DLS-II(config-if)#vrrp 40 authe
*May  8 22:26:23.090: %VRRP-6-STATECHANGE: Vl40 Grp 40 state Backup -> Master
DLS-II(config-if)#vrrp 40 authe
DLS-II(config-if)#vrrp 40 authentication TEXT
DLS-II(config-if)#vrrp 40 authentication tex
DLS-II(config-if)#vrrp 40 authentication text admin
DLS-II(config-if)#
DLS-II(config-if)#
DLS-II(config-if)#exit
DLS-II(config)#
DLS-II(config)#

We have received messages regarding which one is a Backup and which one has been set as Master
We configured the priorities in order to get the Backup and Master.
DLS-I acts as the Master to vlans 10 and 20 and as a Backup to vlans 30 and 40. Whereas DLS-II acts as the Master to vlans 30 and 40 and as the Backup to vlans 10 and 20.

Verifying our configurations.
On both the switches we can verify our configurations as below;

DLS-I#show vrr
DLS-I#show vrrp brie
Interface          Grp Pri Time  Own Pre State   Master addr     Group addr
Vl10               10  150 3414       Y  Master  10.1.10.254     10.1.10.252
Vl20               20  150 3414       Y  Master  10.1.20.254     10.1.20.252
Vl30               30  100 3609       Y  Backup  192.168.30.254  192.168.30.252
Vl40               40  100 3609       Y  Backup  192.168.40.254  192.168.40.252
DLS-I#

On DLS-II

DLS-II#show vrrp
DLS-II#show vrrp brie
Interface          Grp Pri Time  Own Pre State   Master addr     Group addr
Vl10               10  100 3609       Y  Backup  10.1.10.254     10.1.10.252
Vl20               20  100 3609       Y  Backup  10.1.20.254     10.1.20.252
Vl30               30  150 3414       Y  Master  192.168.30.254  192.168.30.252
Vl40               40  150 3414       Y  Master  192.168.40.254  192.168.40.252
DLS-II#

If we shut down our DLS-II switch, the DLS-I switch will become the Master for vlans 30 and 40 as we can see below. Traffic from vlan 30 and 40 PCs will pass through DLS-I

DLS-I#
DLS-I#
DLS-I#
DLS-I#
*May  8 22:33:28.245: %VRRP-6-STATECHANGE: Vl30 Grp 30 state Backup -> Master
*May  8 22:33:28.449: %VRRP-6-STATECHANGE: Vl40 Grp 40 state Backup -> Master
DLS-I#show vrrp brie
Interface          Grp Pri Time  Own Pre State   Master addr     Group addr
Vl10               10  150 3414       Y  Master  10.1.10.254     10.1.10.252
Vl20               20  150 3414       Y  Master  10.1.20.254     10.1.20.252
Vl30               30  100 3609       Y  Master  192.168.30.253  192.168.30.252
Vl40               40  100 3609       Y  Master  192.168.40.253  192.168.40.252
DLS-I#

The DLS-I switch has become the Master for vlans 30 and 40.

As you can see, we now have redundancy in our network.

bl4ckwidow

Co-Founder of Labing Overload. I am a Web Developer/Network Engineer turned CyberSecurity Engineer. FOSS enthusiast. Cisco Technologies enthusiast. Network Penetration Tester.

Leave a Reply

Your email address will not be published. Required fields are marked *