XpressLearn Home

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...
Format this document for printing Print This Post
Router Gateway Redundancy using VRRP

Setting up a single gateway ip address to share between multiple routers is standard practice in the network environments of today. However, there are a few different ways to accomplish the task. This article will focus specifically on using the Virtual Router Redundancy Protocol.

VRRP is a standards based protocol, which means it is in use by multiple vendors. In an all Cisco environment, HSRP is the most commonly used. When you are talking about any other vendors gateway redundancy implementation, it is most likely VRRP. Cisco routers support VRRP also, which means if you want to use a single gateway redundancy protocol throughout your network – VRRP is answer to the requirement.

In the following example, we will configure VRRP on two routers to provide gateway redundancy on a network. The subnet used will be 10.10.10.0, which contains client workstations that have 10.10.10.1 defined as their default gateway. The goal is to provide redundancy of the default gateway address in the event of a single router failure.

LanRouter1(config)# interface Fastethernet0/1
LanRouter1(config-if)# ip address 10.10.10.2 255.255.255.0
LanRouter1(config-if)# vrrp 1 priority 110
LanRouter1(config-if)# vrrp 1 preempt
LanRouter1(config-if)# vrrp 1 ip 10.10.10.1
LanRouter1(config-if)# vrrp 1 authentication md5 key-string useaveryhardpasswordhere timeout 30
LanRouter2(config)# interface Fastethernet0/1
LanRouter2(config-if)# ip address 10.10.10.3 255.255.255.0
LanRouter2(config-if)# vrrp 1 priority 105
LanRouter2(config-if)# vrrp 1 preempt
LanRouter2(config-if)# vrrp 1 10.10.101.1
LanRouter2(config-if)# vrrp 1 authentication md5 key-string useaveryhardpasswordhere timeout 30

The previous example first configures both routers with a unique ip address. Next, VRRP is configured to provide a virtual address of 10.10.101.1. LanRouter1 is configured to be the primary router, with LanRouter2 in standby mode. This means that no traffic will pass though LanRouter2 unless the first one fails. The preempt statement tells the routers to reconsider priorities after a recovered failure. This allows the failed router to take primary responsibilities back over once it is back online. Security is also a good thing, the authentication statement prevents unauthorized members from joining the VRRP group. The timeout value at the end of the auth statement allows you to periodically change the password on the VRRP group by allowing the old password to work for 30 seconds on a router before dropping out of the group.

For verification of VRRP status:

LanRouter1#sh vrrp brief
Interface          Grp Pri Time  Own Pre State   Master addr     Group addr
Fa0/1              1   110 3570       Y  Master  10.10.10.2      10.10.10.1
LanRouter2#sh vrrp brief
Interface          Grp Pri Time  Own Pre State   Master addr     Group addr
Fa0/1              1   105 3589       Y  Backup  10.10.10.2      10.10.10.1

Dynagen Configuration File

Dynamips Configuration File containing VRRP configuration

Author Info:

 
 
Scott's profession is a Senior Network Engineer at a Healthcare related company in Nashville, TN. When he is not trying to secure a network or come up with a design for a new project, he enjoys spending time with his family. You can find out more at: http://www.scottp.net

Similar Posts:

 

Leave a Reply