Configuring VRRP

The Virtual Router Redundancy Protocol (VRRP) is an election protocol that dynamically assigns
responsibility for one or more virtual routers to the VRRP routers on a LAN, allowing several routers on a
multiaccess link to utilize the same virtual IP address. A VRRP router is configured to run the VRRP protocol
in conjunction with one or more other routers attached to a LAN. In a VRRP configuration, one router is
elected as the virtual router master, with the other routers acting as backups in case the virtual router master
fails.
This module explains the concepts related to VRRP and describes how to configure VRRP in a network.

• Finding Feature Information, page 1

• Restrictions for VRRP, page 2
• Information About VRRP, page 2
• How to Configure VRRP, page 7
• Configuration Examples for VRRP, page 14
• Additional References, page 16
• Feature Information for VRRP, page 18
• Glossary, page 22

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and
feature information, see Bug Search Tool and the release notes for your platform and software release. To
find information about the features documented in this module, and to see a list of the releases in which each
feature is supported, see the feature information table.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support.
To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

First Hop Redundancy Protocols Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
1
 Configuring VRRP
Restrictions for VRRP

Restrictions for VRRP

• VRRP is designed for use over multiaccess, multicast, or broadcast capable Ethernet LANs. VRRP is
not intended as a replacement for existing dynamic protocols.
• VRRP is supported on Ethernet, Fast Ethernet, Bridge Group Virtual Interface (BVI), and Gigabit
Ethernet interfaces, and on Multiprotocol Label Switching (MPLS) Virtual Private Networks (VPNs),
VRF-aware MPLS VPNs, and VLANs.
• Because of the forwarding delay that is associated with the initialization of a BVI interface, you must
configure the VRRP advertise timer to a value equal to or greater than the forwarding delay on the BVI
interface. This setting prevents a VRRP router on a recently initialized BVI interface from unconditionally
taking over the master role. Use the bridge forward-time command to set the forwarding delay on the
BVI interface. Use the vrrp timers advertise command to set the VRRP advertisement timer.

Information About VRRP

VRRP Operation
There are several ways a LAN client can determine which router should be the first hop to a particular remote
destination. The client can use a dynamic process or static configuration. Examples of dynamic router discovery
are as follows:
• Proxy ARP—The client uses Address Resolution Protocol (ARP) to get the destination it wants to reach,
and a router will respond to the ARP request with its own MAC address.
• Routing protocol—The client listens to dynamic routing protocol updates (for example, from Routing
Information Protocol [RIP]) and forms its own routing table.
• ICMP Router Discovery Protocol (IRDP) client—The client runs an Internet Control Message Protocol
(ICMP) router discovery client.

The drawback to dynamic discovery protocols is that they incur some configuration and processing overhead
on the LAN client. Also, in the event of a router failure, the process of switching to another router can be
slow.
An alternative to dynamic discovery protocols is to statically configure a default router on the client. This
approach simplifies client configuration and processing, but creates a single point of failure. If the default
gateway fails, the LAN client is limited to communicating only on the local IP network segment and is cut
off from the rest of the network.
VRRP can solve the static configuration problem. VRRP enables a group of routers to form a single virtual
router. The LAN clients can then be configured with the virtual router as their default gateway. The virtual
router, representing a group of routers, is also known as a VRRP group.
VRRP is supported on Ethernet, Fast Ethernet, BVI, and Gigabit Ethernet interfaces, and on MPLS VPNs,
VRF-aware MPLS VPNs, and VLANs.

First Hop Redundancy Protocols Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
2
Configuring VRRP
VRRP Operation

The figure below shows a LAN topology in which VRRP is configured. In this example, Routers A, B, and
C are VRRP routers (routers running VRRP) that comprise a virtual router. The IP address of the virtual router
is the same as that configured for the Ethernet interface of Router A (10.0.0.1).

Figure 1: Basic VRRP Topology

Because the virtual router uses the IP address of the physical Ethernet interface of Router A, Router A assumes
the role of the virtual router master and is also known as the IP address owner. As the virtual router master,
Router A controls the IP address of the virtual router and is responsible for forwarding packets sent to this IP
address. Clients 1 through 3 are configured with the default gateway IP address of 10.0.0.1.
Routers B and C function as virtual router backups. If the virtual router master fails, the router configured
with the higher priority will become the virtual router master and provide uninterrupted service for the LAN
hosts. When Router A recovers, it becomes the virtual router master again. For more detail on the roles that
VRRP routers play and what happens if the virtual router master fails, see the VRRP Router Priority and
Preemption section.

First Hop Redundancy Protocols Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
3
 Configuring VRRP
VRRP Benefits

The figure below shows a LAN topology in which VRRP is configured so that Routers A and B share the
traffic to and from clients 1 through 4 and that Routers A and B act as virtual router backups to each other if
either router fails.

Figure 2: Load Sharing and Redundancy VRRP Topology

In this topology, two virtual routers are configured. (For more information, see the Multiple Virtual Router
Support section.) For virtual router 1, Router A is the owner of IP address 10.0.0.1 and virtual router master,
and Router B is the virtual router backup to Router A. Clients 1 and 2 are configured with the default gateway
IP address of 10.0.0.1.
For virtual router 2, Router B is the owner of IP address 10.0.0.2 and virtual router master, and Router A is
the virtual router backup to Router B. Clients 3 and 4 are configured with the default gateway IP address of
10.0.0.2.

VRRP Benefits
Redundancy
VRRP enables you to configure multiple routers as the default gateway router, which reduces the possibility
of a single point of failure in a network.

Load Sharing
You can configure VRRP in such a way that traffic to and from LAN clients can be shared by multiple routers,
thereby sharing the traffic load more equitably among available routers.

Multiple Virtual Routers

Multiple IP Addresses
The virtual router can manage multiple IP addresses, including secondary IP addresses. Therefore, if you have
multiple subnets configured on an Ethernet interface, you can configure VRRP on each subnet.

First Hop Redundancy Protocols Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
4
 Configuring VRRP
Multiple Virtual Router Support

Preemption
The redundancy scheme of VRRP enables you to preempt a virtual router backup that has taken over for a
failing virtual router master with a higher priority virtual router backup that has become available.

Authentication
VRRP message digest 5 (MD5) algorithm authentication protects against VRRP-spoofing software and uses
the industry-standard MD5 algorithm for improved reliability and security.

Advertisement Protocol
VRRP uses a dedicated Internet Assigned Numbers Authority (IANA) standard multicast address (224.0.0.18)
for VRRP advertisements. This addressing scheme minimizes the number of routers that must service the
multicasts and allows test equipment to accurately identify VRRP packets on a segment. The IANA assigned
VRRP the IP protocol number 112.

VRRP Object Tracking

VRRP object tracking provides a way to ensure the best VRRP router is the virtual router master for the group
by altering VRRP priorities to the status of tracked objects such as the interface or IP route states.

Multiple Virtual Router Support

• Router processing capability
• Router memory capability
• Router interface support of multiple MAC addresses

In a topology where multiple virtual routers are configured on a router interface, the interface can act as a
master for one virtual router and as a backup for one or more virtual routers.

VRRP Router Priority and Preemption

An important aspect of the VRRP redundancy scheme is VRRP router priority. Priority determines the role
that each VRRP router plays and what happens if the virtual router master fails.
If a VRRP router owns the IP address of the virtual router and the IP address of the physical interface, this
router will function as a virtual router master.
Priority also determines if a VRRP router functions as a virtual router backup and the order of ascendancy to
becoming a virtual router master if the virtual router master fails. You can configure the priority of each virtual
router backup with a value of 1 through 254 using the vrrp priority command.
For example, if Router A, the virtual router master in a LAN topology, fails, an election process takes place
to determine if virtual router backups B or C should take over. If Routers B and C are configured with the
priorities of 101 and 100, respectively, Router B is elected to become virtual router master because it has the
higher priority. If Routers B and C are both configured with the priority of 100, the virtual router backup with
the higher IP address is elected to become the virtual router master.
By default, a preemptive scheme is enabled whereby a higher priority virtual router backup that becomes
available takes over for the virtual router backup that was elected to become virtual router master. You can
disable this preemptive scheme using the no vrrp preempt command. If preemption is disabled, the virtual

First Hop Redundancy Protocols Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
5
 Configuring VRRP
VRRP Advertisements

router backup that is elected to become virtual router master remains the master until the original virtual router
master recovers and becomes master again.

VRRP Advertisements
The virtual router master sends VRRP advertisements to other VRRP routers in the same group. The
advertisements communicate the priority and state of the virtual router master. The VRRP advertisements are
encapsulated in IP packets and sent to the IP Version 4 multicast address assigned to the VRRP group. The
advertisements are sent every second by default; the interval is configurable.
Although the VRRP protocol as per RFC 3768 does not support millisecond timers, Cisco routers allow you
to configure millisecond timers. You need to manually configure the millisecond timer values on both the
primary and the backup routers. The master advertisement value displayed in the show vrrp command output
on the backup routers is always 1 second because the packets on the backup routers do not accept millisecond
values.
You must use millisecond timers where absolutely necessary and with careful consideration and testing.
Millisecond values work only under favorable circumstances, and you must be aware that the use of the
millisecond timer values restricts VRRP operation to Cisco devices only.

VRRP Object Tracking

Object tracking is an independent process that manages creating, monitoring, and removing tracked objects
such as the state of the line protocol of an interface. Clients such as the Hot Standby Router Protocol (HSRP),
Gateway Load Balancing Protocol (GLBP), and VRRP register their interest with specific tracked objects and
act when the state of an object changes.
Each tracked object is identified by a unique number that is specified on the tracking CLI. Client processes
such as VRRP use this number to track a specific object.
The tracking process periodically polls the tracked objects and notes any change of value. The changes in the
tracked object are communicated to interested client processes, either immediately or after a specified delay.
The object values are reported as either up or down.
VRRP object tracking gives VRRP access to all the objects available through the tracking process. The tracking
process allows you to track individual objects such as a the state of an interface line protocol, state of an IP
route, or the reachability of a route.
VRRP provides an interface to the tracking process. Each VRRP group can track multiple objects that may
affect the priority of the VRRP device. You specify the object number to be tracked and VRRP is notified of
any change to the object. VRRP increments (or decrements) the priority of the virtual device based on the
state of the object being tracked.

How VRRP Object Tracking Affects the Priority of a Device

The priority of a device can change dynamically if it has been configured for object tracking and the object
that is being tracked goes down. The tracking process periodically polls the tracked objects and notes any
change of value. The changes in the tracked object are communicated to VRRP, either immediately or after
a specified delay. The object values are reported as either up or down. Examples of objects that can be tracked
are the line protocol state of an interface or the reachability of an IP route. If the specified object goes down,
the VRRP priority is reduced. The VRRP device with the higher priority can now become the virtual device

First Hop Redundancy Protocols Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
6
 Configuring VRRP
In Service Software Upgrade--VRRP

master if it has the vrrp preempt command configured. See the “VRRP Object Tracking” section for more
information on object tracking.

In Service Software Upgrade--VRRP

VRRP supports In Service Software Upgrade (ISSU). In Service Software Upgrade (ISSU) allows a
high-availability (HA) system to run in stateful switchover (SSO) mode even when different versions of
software are running on the active and standby Route Processors (RPs) or line cards.
ISSU provides the ability to upgrade or downgrade from one supported release to another while continuing
to forward packets and maintain sessions, thereby reducing planned outage time. The ability to upgrade or
downgrade is achieved by running different software versions on the active RP and standby RP for a short
period of time to maintain state information between RPs. This feature allows the system to switch over to a
secondary RP running upgraded (or downgraded) software and continue forwarding packets without session
loss and with minimal or no packet loss. This feature is enabled by default.
For detailed information about ISSU, see the In Service Software Upgrade Process document in the High
Availability Configuration Guide.

VRRP Support for Stateful Switchover

With the introduction of the VRRP Support for Stateful Switchover feature, VRRP is SSO aware. VRRP can
detect when a router is failing over to the secondary RP and continue in its current group state.
SSO functions in networking devices (usually edge devices) that support dual Route Processors (RPs). SSO
provides RP redundancy by establishing one of the RPs as the active processor and the other RP as the standby
processor. SSO also synchronizes critical state information between the RPs so that network state information
is dynamically maintained between RPs.
Prior to being SSO aware, if VRRP was deployed on a router with redundant RPs, a switchover of roles
between the active RP and the standby RP would result in the router relinquishing its activity as a VRRP
group member and then rejoining the group as if it had been reloaded. The SSO--VRRP feature enables VRRP
to continue its activities as a group member during a switchover. VRRP state information between redundant
RPs is maintained so that the standby RP can continue the router’s activities within the VRRP during and after
a switchover.
This feature is enabled by default. To disable this feature, use the no vrrp sso command in global configuration
mode.
For more information, see the Stateful Switchover document.

How to Configure VRRP

Customizing VRRP
Customizing the behavior of VRRP is optional. Be aware that as soon as you enable a VRRP group, that group
is operating. It is possible that if you first enable a VRRP group before customizing VRRP, the router could
take over control of the group and become the virtual router master before you have finished customizing the
feature. Therefore, if you plan to customize VRRP, it is a good idea to do so before enabling VRRP.

First Hop Redundancy Protocols Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
7
 Configuring VRRP
Customizing VRRP

SUMMARY STEPS

1. enable
2. configure terminal
3. interface type number
4. ip address ip-address mask
5. vrrp group description text
6. vrrp group priority level
7. vrrp group preempt [delay minimum seconds]
8. vrrp group timers learn
9. exit
10. no vrrp sso

DETAILED STEPS

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
• Enter your password if prompted.
Example:
Router> enable

Step 2 configure terminal Enters global configuration mode.

Example:
Router# configure terminal

Step 3 interface type number Enters interface configuration mode.

Example:
Router(config)# interface GigabitEthernet
0/0/0

Step 4 ip address ip-address mask Configures an IP address for an interface.

Example:
Router(config-if)# ip address 172.16.6.5
255.255.255.0

Step 5 vrrp group description text Assigns a text description to the VRRP group.

Example:
Router(config-if)# vrrp 10 description
working-group

Step 6 vrrp group priority level Sets the priority level of the router within a VRRP group.

First Hop Redundancy Protocols Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
8
 Configuring VRRP
Enabling VRRP

Command or Action Purpose

• The default priority is 100.
Example:
Router(config-if)# vrrp 10 priority 110

Step 7 vrrp group preempt [delay minimum seconds] Configures the router to take over as virtual router master for
a VRRP group if it has a higher priority than the current virtual
Example: router master.

Router(config-if)# vrrp 10 preempt delay • The default delay period is 0 seconds.

minimum 380
• The router that is IP address owner will preempt,
regardless of the setting of this command.

Step 8 vrrp group timers learn Configures the router, when it is acting as virtual router backup
for a VRRP group, to learn the advertisement interval used
Example: by the virtual router master.

Router(config-if)# vrrp 10 timers learn

Step 9 exit Exits interface configuration mode.

Example:
Router(config-if)# exit

Step 10 no vrrp sso (Optional) Disables VRRP support of SSO.

• VRRP support of SSO is enabled by default.
Example:
Router(config)# no vrrp sso

Enabling VRRP
SUMMARY STEPS

1. enable
2. configure terminal
3. interface type number
4. ip address ip-address mask
5. vrrp group ip ip-address [secondary]
6. end
7. show vrrp [brief] | group]
8. show vrrp interface type number [brief]

First Hop Redundancy Protocols Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
9
 Configuring VRRP
Enabling VRRP

DETAILED STEPS

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
• Enter your password if prompted.
Example:
Router> enable

Step 2 configure terminal Enters global configuration mode.

Example:
Router# configure terminal

Step 3 interface type number Enters interface configuration mode.

Example:
Router(config)# interface GigabitEthernet
0/0/0

Step 4 ip address ip-address mask Configures an IP address for an interface.

Example:
Router(config-if)# ip address 172.16.6.5
255.255.255.0

Step 5 vrrp group ip ip-address [secondary] Enables VRRP on an interface.

• After you identify a primary IP address, you can use the vrrp
Example: ip command again with the secondary keyword to indicate
Router(config-if)# vrrp 10 ip 172.16.6.1 additional IP addresses supported by this group.

Note All routers in the VRRP group must be configured with

the same primary address and a matching list of secondary
addresses for the virtual router. If different primary or
secondary addresses are configured, the routers in the
VRRP group will not communicate with each other and
any misconfigured router will change its state to master.
Step 6 end Returns to privileged EXEC mode.

Example:
Router(config-if)# end

Step 7 show vrrp [brief] | group] (Optional) Displays a brief or detailed status of one or all VRRP
groups on the router.
Example:
Router# show vrrp 10

First Hop Redundancy Protocols Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
10
 Configuring VRRP
Configuring VRRP Object Tracking

Command or Action Purpose

Step 8 show vrrp interface type number [brief] (Optional) Displays the VRRP groups and their status on a specified
interface.
Example:
Router# show vrrp interface
GigabitEthernet 0/0/0

Configuring VRRP Object Tracking

Note If a VRRP group is the IP address owner, its priority is fixed at 255 and cannot be reduced through object
tracking.

SUMMARY STEPS

1. enable
2. configure terminal
3. track object-number interface type number {line-protocol | ip routing}
4. interface type number
5. vrrp group ip ip-address
6. vrrp group priority level
7. vrrp group track object-number [decrement priority]
8. end
9. show track [object-number]

DETAILED STEPS

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
• Enter your password if prompted.
Example:
Router> enable

Step 2 configure terminal Enters global configuration mode.

Example:
Router# configure terminal

First Hop Redundancy Protocols Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
11
 Configuring VRRP
Configuring VRRP Object Tracking

Command or Action Purpose

Step 3 track object-number interface type number Configures an interface to be tracked where changes in the state
{line-protocol | ip routing} of the interface affect the priority of a VRRP group.
• This command configures the interface and corresponding
Example: object number to be used with the vrrp track command.
Router(config)# track 2 interface serial 6
line-protocol • The line-protocol keyword tracks whether the interface
is up. The ip routing keyword also checks that IP routing
is enabled and active on the interface.
• You can also use the track ip route command to track
the reachability of an IP route or a metric type object.

Step 4 interface type number Enters interface configuration mode.

Example:
Router(config)# interface Ethernet 2

Step 5 vrrp group ip ip-address Enables VRRP on an interface and identifies the IP address of
the virtual router.
Example:
Router(config-if)# vrrp 1 ip 10.0.1.20

Step 6 vrrp group priority level Sets the priority level of the router within a VRRP group.

Example:
Router(config-if)# vrrp 1 priority 120

Step 7 vrrp group track object-number [decrement Configures VRRP to track an object.
priority]

Example:
Router(config-if)# vrrp 1 track 2 decrement
15

Step 8 end Returns to privileged EXEC mode.

Example:
Router(config-if)# end

Step 9 show track [object-number] Displays tracking information.

Example:
Router# show track 1

First Hop Redundancy Protocols Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
12
 Configuring VRRP
Configuring VRRP Text Authentication

Configuring VRRP Text Authentication

Before You Begin
Interoperability with vendors that may have implemented the RFC 2338 method is not enabled.
Text authentication cannot be combined with MD5 authentication for a VRRP group at any one time. When
MD5 authentication is configured, the text authentication field in VRRP hello messages is set to all zeros on
transmit and ignored on receipt, provided the receiving router also has MD5 authentication enabled.

SUMMARY STEPS

1. enable
2. configure terminal
3. terminal interface type number
4. ip address ip-address mask [secondary]
5. vrrp group authentication text text-string
6. vrrp group ip ip-address
7. Repeat Steps 1 through 6 on each router that will communicate.
8. end

DETAILED STEPS

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
• Enter your password if prompted.
Example:
Router> enable

Step 2 configure terminal Enters global configuration mode.

Example:
Router# configure terminal

Step 3 terminal interface type number Configures an interface type and enters interface configuration
mode.
Example:
Router(config)# interface Ethernet 0/1

Step 4 ip address ip-address mask [secondary] Specifies a primary or secondary IP address for an interface.

Example:
Router(config-if)# ip address 10.0.0.1
255.255.255.0

First Hop Redundancy Protocols Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
13
 Configuring VRRP
Configuration Examples for VRRP

Command or Action Purpose

Step 5 vrrp group authentication text text-string Authenticates VRRP packets received from other routers in the
group.
Example: • If you configure authentication, all routers within the VRRP
Router(config-if)# vrrp 1 authentication group must use the same authentication string.
text textstring1
• The default string is cisco.

Note All routers within the VRRP group must be configured

with the same authentication string. If the same
authentication string is not configured, the routers in the
VRRP group will not communicate with each other and
any misconfigured router will change its state to master.
Step 6 vrrp group ip ip-address Enables VRRP on an interface and identifies the IP address of
the virtual router.
Example:
Router(config-if)# vrrp 1 ip 10.0.1.20

Step 7 Repeat Steps 1 through 6 on each router that will —

communicate.
Step 8 end Returns to privileged EXEC mode.

Example:
Router(config-if)# end

Configuration Examples for VRRP

Example: Configuring VRRP

In the following example, Router A and Router B each belong to three VRRP groups.
In the configuration, each group has the following properties:
• Group 1:
• Virtual IP address is 10.1.0.10.
• Router A will become the master for this group with priority 120.
• Advertising interval is 3 seconds.
• Preemption is enabled.

• Group 5:

First Hop Redundancy Protocols Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
14
 Configuring VRRP
Example: VRRP Object Tracking

• Router B will become the master for this group with priority 200.
• Advertising interval is 30 seconds.
• Preemption is enabled.

• Group 100:
• Router A will become the master for this group first because it has a higher IP address (10.1.0.2).
• Advertising interval is the default 1 second.
• Preemption is disabled.

Router A

Router(config)# interface GigabitEthernet 1/0/0

Router(config-if)# ip address 10.1.0.2 255.0.0.0
Router(config-if)# vrrp 1 priority 120
Router(config-if)# vrrp 1 authentication cisco
Router(config-if)# vrrp 1 timers advertise 3
Router(config-if)# vrrp 1 timers learn
Router(config-if)# vrrp 1 ip 10.1.0.10
Router(config-if)# vrrp 5 priority 100
Router(config-if)# vrrp 5 timers advertise 30
Router(config-if)# vrrp 5 timers learn
Router(config-if)# vrrp 5 ip 10.1.0.50
Router(config-if)# vrrp 100 timers learn
Router(config-if)# no vrrp 100 preempt
Router(config-if)# vrrp 100 ip 10.1.0.100
Router(config-if)# no shutdown

Router B

Router(config)# interface GigabitEthernet 1/0/0

Router(config-if)# ip address 10.1.0.1 255.0.0.0
Router(config-if)# vrrp 1 priority 100
Router(config-if)# vrrp 1 authentication cisco
Router(config-if)# vrrp 1 timers advertise 3
Router(config-if)# vrrp 1 timers learn
Router(config-if)# vrrp 1 ip 10.1.0.10
Router(config-if)# vrrp 5 priority 200
Router(config-if)# vrrp 5 timers advertise 30
Router(config-if)# vrrp 5 timers learn
Router(config-if)# vrrp 5 ip 10.1.0.50
Router(config-if)# vrrp 100 timers learn
Router(config-if)# no vrrp 100 preempt
Router(config-if)# vrrp 100 ip 10.1.0.100
Router(config-if)# no shutdown

Example: VRRP Object Tracking

In the following example, the tracking process is configured to track the state of the line protocol on serial
interface 0/1. VRRP on Ethernet interface 1/0 then registers with the tracking process to be informed of any
changes to the line protocol state of serial interface 0/1. If the line protocol state on serial interface 0/1 goes
down, then the priority of the VRRP group is reduced by 15.

Router(config)# track 1 interface Serial 0/1 line-protocol

Router(config-track)# exit

First Hop Redundancy Protocols Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
15
 Configuring VRRP
Example: VRRP Object Tracking Verification

Router(config)# interface Ethernet 1/0

Router(config-if)# ip address 10.0.0.2 255.0.0.0
Router(config-if)# vrrp 1 ip 10.0.0.3
Router(config-if)# vrrp 1 priority 120
Router(config-if)# vrrp 1 track 1 decrement 15

Example: VRRP Object Tracking Verification

The following examples verify the configuration shown in the Example: VRRP Object Tracking section:

Router# show vrrp

Ethernet1/0 - Group 1
State is Master
Virtual IP address is 10.0.0.3
Virtual MAC address is 0000.5e00.0101
Advertisement interval is 1.000 sec
Preemption is enabled
min delay is 0.000 sec
Priority is 105
Track object 1 state Down decrement 15
Master Router is 10.0.0.2 (local), priority is 105
Master Advertisement interval is 1.000 sec
Master Down interval is 3.531 sec
Router# show track

Track 1
Interface Serial0/1 line-protocol
Line protocol is Down (hw down)
1 change, last change 00:06:53
Tracked by:
VRRP Ethernet1/0 1

Example: VRRP Text Authentication

The following example shows how to configure VRRP text authentication using a text string:

Router(config)# interface GigabitEthernet 0/0/0

Router(config)# ip address 10.21.8.32 255.255.255.0
Router(config-if)# vrrp 10 authentication text stringxyz
Router(config-if)# vrrp 10 ip 10.21.8.10

Example: VRRP MIB Trap

Router(config)# snmp-server enable traps vrrp
Router(config)# snmp-server host 10.1.1.0 community abc vrrp

Additional References
Related Documents

Related Topic Document Title

Cisco IOS commands Cisco IOS Master Commands List, All Releases

First Hop Redundancy Protocols Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
16
Configuring VRRP
Additional References

Related Topic Document Title

VRRP commands Cisco IOS IP Application Services Command
Reference

Object tracking Configuring Enhanced Object Tracking

Hot Standby Routing Protocol (HSRP) Configuring HSRP

In Service Software Upgrace (ISSU) "In Service Software Upgrade Process" in the High
Availability Configuration Guide

Gateway Load Balancing Protocol (GLBP) Configuring GLBP

Stateful Switchover The Stateful Switchover section in theHigh

Availability Configuration Guide

Standards

Standards Title
No new or modified standards are supported by this —
feature, and support for existing standards has not
been modified by this feature.

MIBs

MIBs MIBs Link

VRRP MIB To locate and download MIBs for selected platforms,
Cisco software releases, and feature sets, use Cisco
MIB Locator found at the following URL:
http://www.cisco.com/go/mibs

RFCs

RFCs Title
RFC 2338 Virtual Router Redundancy Protocol

RFC 2787 Definitions of Managed Objects for the Virtual Router

Redundancy Protocol

RFC 3768 Virtual Router Redundancy Protocol (VRRP)

First Hop Redundancy Protocols Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
17
 Configuring VRRP
Feature Information for VRRP

Technical Assistance

Description Link
The Cisco Support and Documentation website http://www.cisco.com/cisco/web/support/index.html
provides online resources to download documentation,
software, and tools. Use these resources to install and
configure the software and to troubleshoot and resolve
technical issues with Cisco products and technologies.
Access to most tools on the Cisco Support and
Documentation website requires a Cisco.com user ID
and password.

Feature Information for VRRP

The following table provides release information about the feature or features described in this module. This
table lists only the software release that introduced support for a given feature in a given software release
train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support.
To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

First Hop Redundancy Protocols Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
18
Configuring VRRP
Feature Information for VRRP

Table 1: Feature Information for VRRP

Feature Name Releases Feature Configuration Information

ISSU—VRRP 15.2(1)S VRRP supports In Service
Software Upgrade (ISSU). ISSU
15.3(1)S
allows a high-availability (HA)
Cisco IOS XE Release 3.3 SE system to run in Stateful
Switchover (SSO) mode even when
different versions of Cisco IOS
software are running on the active
and standby Route Processors
(RPs) or line cards.
This feature provides customers
with the same level of HA
functionality for planned outages
due to software upgrades as is
available with SSO for unplanned
outages. That is, the system can
switch over to a secondary RP and
continue forwarding packets
without session loss and with
minimal or no packet loss.
This feature is enabled by default.
There are no new or modified
commands for this feature.
In Cisco IOS XE Release 3.3SE,
this feature is supported on Cisco
Catalyst 3850 Series Switches.
In Cisco IOS XE Release 3.3SE,
this feature is supported on Cisco
5700 Wireless LAN Controllers.

First Hop Redundancy Protocols Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
19
 Configuring VRRP
Feature Information for VRRP

Feature Name Releases Feature Configuration Information

SSO—VRRP 15.2(1)S VRRP is now SSO aware. VRRP
can detect when a router is failing
15.3(1)S
over to the secondary RP and
Cisco IOS XE Release 3.3 SE continue in its current VRRP group
state.
This feature is enabled by default.
The following commands were
introduced or modified by this
feature: debug vrrp ha,vrrp sso,
show vrrp.
In Cisco IOS XE Release 3.3SE,
this feature is supported on Cisco
Catalyst 3850 Series Switches.
In Cisco IOS XE Release 3.3SE,
this feature is supported on Cisco
5700 Wireless LAN Controllers.

Virtual Router Redundancy 15.2(1)S VRRP enables a group of routers

Protocol to form a single virtual router to
15.3(1)S
provide redundancy. The LAN
Cisco IOS XE Release 3.3 SE clients can then be configured with
the virtual router as their default
gateway. The virtual router,
representing a group of routers, is
also known as a VRRP group.
The following commands were
introduced by this feature: debug
vrrp all, debug vrrp error, debug
vrrp events, debug vrrp packets,
debug vrrp state, show vrrp,
show vrrp interface, vrrp
authentication, vrrp description,
vrrp ip, vrrp preempt, vrrp
priority, vrrp timers advertise,
vrrp timers learn.
In Cisco IOS XE Release 3.3SE,
this feature is supported on Cisco
Catalyst 3850 Series Switches.
In Cisco IOS XE Release 3.3SE,
this feature is supported on Cisco
5700 Wireless LAN Controllers.

First Hop Redundancy Protocols Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
20
Configuring VRRP
Feature Information for VRRP

Feature Name Releases Feature Configuration Information

VRRP Object Tracking 15.2(1)S The VRRP Object Tracking feature
extends the capabilities of the
15.3(1)S
VRRP to allow tracking of specific
Cisco IOS XE Release 3.3 SE objects within the router that can
alter the priority level of a virtual
router for a VRRP group.
The following command was
introduced by this feature: vrrp
track.
The following command was
modified by this feature: show
track.
In Cisco IOS XE Release 3.3SE,
this feature is supported on Cisco
Catalyst 3850 Series Switches.
In Cisco IOS XE Release 3.3SE,
this feature is supported on Cisco
5700 Wireless LAN Controllers.

VRRP MIB—RFC 2787 Cisco IOS XE Release 3.3 SE The VRRP MIB--RFC 2787
feature enables an enhancement to
the MIB for use with SNMP-based
network management. The feature
adds support for configuring,
monitoring, and controlling routers
that use VRRP.
The following command was
introduced by this feature: vrrp
shutdown.
The following commands were
modified by this feature:
snmp-server enable
trapsandsnmp-server host.
In Cisco IOS XE Release 3.3SE,
this feature is supported on Cisco
Catalyst 3850 Series Switches.
In Cisco IOS XE Release 3.3SE,
this feature is supported on Cisco
5700 Wireless LAN Controllers.

First Hop Redundancy Protocols Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
21
 Configuring VRRP
Glossary

Feature Name Releases Feature Configuration Information

FHRP—VRF Aware VRRP Cisco IOS XE Release 3.3 SE The FHRP—VRF Aware VRRP
feature enables VRRP support on
MPLS VPN.
There are no new or modified
commands for this feature.
In Cisco IOS XE Release 3.3SE,
this feature is supported on Cisco
Catalyst 3850 Series Switches.
In Cisco IOS XE Release 3.3SE,
this feature is supported on Cisco
5700 Wireless LAN Controllers.

Glossary
virtual IP address owner —The VRRP router that owns the IP address of the virtual router. The owner is
the router that has the virtual router address as its physical interface address.
virtual router —One or more VRRP routers that form a group. The virtual router acts as the default gateway
router for LAN clients. Also known as a VRRP group.
virtual router backup —One or more VRRP routers that are available to assume the role of forwarding
packets if the virtual router master fails.
virtual router master —The VRRP router that is currently responsible for forwarding packets sent to the IP
addresses of the virtual router. Usually the virtual router master also functions as the IP address owner.
VRRP router --A router that is running VRRP.

First Hop Redundancy Protocols Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
22