Wednesday, September 28, 2016

Leave a Comment

VRRP Configuration

                  Let’s take a look how to Setup VRRP using this Topology. Here we using Multilayer on example. We got Switch SW2 and SW3, and we want to Setup SW2 to be the “Master VRRP Router(Switch)” and Switch SW3 to be the “Backup Router(Switch)”. This is gonna be very similar with HSRP Configuration.
           
VRRP initial Configuration on Multilayer Switch SW2: -
Ø  SW2(config)#interface fastethernet 0/3
Ø  SW2(config-if)#description CONNECTED WITH SW1
Ø  SW2(config-if)#vrrp 10 ip 10.1.1.1
ü  10:- VRRP Group Number
ü  10.1.1.1: -Virtual IP Address
ü  That will educate this interface about the Virtual IP address
Ø  SW2(config-if)#vrrp 10 priority 110
ü  Setting “Higher Priority” on SW2 will Master Switch
ü   “Preempt Option” enabled by Default.

VRRP initial Configuration on Multilayer Switch SW3: -
Ø  SW3(config)#interface fastEthernet 0/3
Ø  SW3(config-if)#description CONNECTED WITH SW1
Ø  SW3(config-if)#vrrp 10 ip 10.1.1.1
Now We done with initial VRRP Configuration

Verification: -
          1.      First use “tracert” Command on PC1 for verify the Path
          2.      Then run Continues Ping on PC using “ping 1.1.1.1 -t
          3.      Third Step Shutdown the Port on “SW2 fastetherent0/3
          4.      And then feel the change using “ping and tracert”

Troubleshooting and Verification command: -
                    Ø  SW#show vrrp brief
                    Ø  SW#show vrrp

VRRP Intervals -
   Ø  Advertisement Interval: -1 Second
   Ø  Down Time Interval: -3 Time greater than Advertisement Interval + Skew Time

Skew Time: -
Step 1.       256   -  110                     VRRP Priority (in this Case Switch SW2)  
                    Take The Value =                           146
Step 2.      Then Divide it to = 146/256    =   0.570
                                            Now Our Master Down interval is
Step 3.        3       +       0.570                   =    3.570
VRRP MAC Address: -
MAC Address     0000.5e00.01XX

0000.5e
Industry Standard
0001
VRRP ID
XX
VRRP Group Number

The Multicast address used to send VRRP messages has now changed
 VRRP
Multicast Address
VRRP
224.0.0.18

VRRP Tracking: -

Similar HSRP has “Interface Tracking” and “Object Tracking”
Technically VRRP does not do “Interface tracking” does do “Object and Enhanced Object Tracking”. one of object we track “Interface State
How we can essentially do “interface tracking” with VRRP

First Create the Tracking for interface State: -      
            Ø  SW2#track 1 interface fastethernet 0/1 line-protocol
Appling to VRRP: -
            Ø  SW2(config)#interface fastethernet 0/3
            Ø  SW2(config-if)#description CONNECTED WITH SW1
            Ø  SW2(config-if)#vrrp 10 track 1 decrement 20
ü  10 :- VRRP Group Number
ü  1:- Track Number
ü  20 :- Decrement Value
Verification: -
            Ø  SW2(config)#interface fastetherent 0/1
            Ø  SW2(config-if)#shutdown
            Ø  SW2(config-if)#do show vrrp brief                                           

VRRP Support couple of Authentication
                           VRRP industry standard “First Hop Redundancy Protocol”. Please be aware of authentication is no longer part of RFC. It still supports Cisco iOS. But it might not necessary be supported on third party device, if you are in mixed environment be sure that everyone agrees on whatever authentication type trying to use.
             1.      Text
             2.      MD5
                      We probably do not be sending plain text Authentication across the network, because if somebody capture those packets, can clearly read that packet.     
                        Usually better to MD5 because that’s gonna run a “Hashing Algorithm” on the string, and each side runs the “Hashing Algorithm”, and they compare Hash Values. If the Hash values equal, then they have some assurance that the other side or device has the same string. Let’s set this up on Switch SW2.

Text Authentication Setting in SW2: -
           Ø  SW2(config)#interface fastetherent 0/3
           Ø  SW2(config-if)#vrrp 10 authentication text $3cr3T
ü  10:- VRRP Group Number
ü  $3cr3T:- it is a Password
Text Authentication in SW3: -
           Ø  SW3(config)#interface fastetherent 0/3
           Ø  SW3(config-if)#vrrp 10 authentication text $3cr3T
ü  $3cr3T:- it is a Password

MD5 Authentication in SW2: -
           Ø  SW2(config)#interface fastetherent 0/3
           Ø  SW2(config-if)#vrrp 10 authentication md5 key-string $3cr3T

MD5 Authentication in SW3: -
           Ø  SW3(config)#interface fastetherent 0/3
           Ø  SW3(config-if)#vrrp 10 authentication md5 key-string $3cr3T

Verification: -
           Ø  SW#show vrrp



If You Like the Post. Don’t forget to “Subscribe/Share/Comment”. Thank You.

0 comments:

Post a Comment