CCNPv7.1_SWITCH_Lab6-1_FHRP_HSRP_VRRP_INSTRUCTOR

CCNPv7.1 SWITCH:, First Hop Redundancy Protocols (HSRP, VRRP)

SWITCH

 

INSTRUCTOR VERSION

Topology

 

Objectives

• Configure inter-VLAN routing with HSRP

• Configure HSRP authentication

nterface tracking

Configure VRRP

Configure VRRP object tracking

Hot Standby Router Protocol (HSRP) is a Cisco-proprietary redundancy protocol for establishing a fault-tolerant default gateway. It is described in RFC 2281. HSRP provides a transparent failover mechanism to the end stations on the network. This provides users at the access layer with uninterrupted service to the network if the primary gateway becomes inaccessible.

The Virtual Router Redundancy Protocol (VRRP) is a standards-based alternative to HSRP and is defined in RFC 3768. The two technologies are similar but not compatible.

This lab will offer configuration experience with both of the protocols in a phased approach.

Some of the configurations in this lab will be used in subsequent labs. Please read carefully before clearing your devices.

. Other switches and Cisco IOS Software versions can be used if they have comparable capabilities and features. Depending on the switch model and Cisco IOS Software version, the commands available and output produced might vary from what is shown in this lab.

Required Resources

image or comparable)

2 switches (Cisco 3560v2image or comparable)

Ethernet and console cables

with Windows OS

Part 1: Prepare for the Lab

Step 1: Prepare the switches for the lab   

config. An example from DLS1:

 

reset.tcl

will remove all configuration files! Continue? [confirm]

[OK]

: complete

Reloading the switch in 1 minute, type reload cancel to halt

 

Proceed with reload? [confirm]

 

nvram

*Mar 7 18:41:41.141: %SYS-5-RELOAD: Reload requested by console. Reload Reason: Reload command.

<switch reloads — output omitted>

 

Would you like to enter the initial configuration dialog? [yes/no]: n

Switch> en

config

]?

184 bytes copied in 0.310 secs (594 bytes/sec)

Configure basic switch parameters.

Configure an IP address on the management VLAN according to the diagram. VLAN 1 is the default management VLAN, but following best practice, we will use a different VLAN. In this case, VLAN 99.

Enter basic configuration commands on each switch according to the diagram.

DLS1 example:

Enter configuration commands, one per line. End with CNTL/Z.

99

address 172.16.99.1 255.255.255.0

no shutdown

The interface VLAN 99 will not come up immediately, because the Layer 2 instance of the VLAN does not yet exist. This issue will be remedied in subsequent steps

(Optional) On each switch, create an enable secret password and configure the VTY lines to allow remote access from other network devices.

DLS1 example:

enable secret class

0 15

cisco

login

Note: The passwords configured here are required for NETLAB compatibility only and are NOT recommended for use in a live environment.

Note(2): For purely lab environment purposes, it is possible to configure the VTY lines so that they accept any Telnet connection immediately, without asking for a password, and place the user into the privileged EXEC mode directly. The configuration would be similar to the following example for DLS1:

enable secret class

0 15

no login

privilege level 15

 

.

ALS1(config default-gateway 172.16.99.5

Step 3: Configure trunks and EtherChannels between switches.

EtherChannel is used for the trunks because it allows you to utilize both Fast Ethernet interfaces that are available between each device, thereby doubling the bandwidth.

Note: It is good practice to shut down the interfaces on both sides of the link before a port channel is created and then re-enable them after the port channel is configured.

A sample configuration is provided. Not all of the commands listed below will be used on all devices. Repeat and reference chapter 2 labs if you still are having difficulty with implementing trunking between devices.

DLS1(config 0/x — x

DLS1(config trunk encapsulation dot1q

DLS1(config mode trunk

DLS1(config

DLS1(config-if-range)# no shut

Creating a port-channel interface Port-channel x

 

Note: Repeat configurations on the other three switches.

a. command on all switches.

b. Verify the EtherChannel configuration

c. Which EtherChannel negotiation protocol is in use here?

? ____________________________________________________________________________________

Step 4: Configure VTP on DLS2, ALS1 and ALS2.

A sample configuration is provided.

mode client

to VTP CLIENT mode for VLANS.

 

e. Verify the VTP changes.

Step 5: Configure VTP on DLS1 and create VLANs.

f. Create the VTP domain on VTP server DLS1 and create VLANs 10, 20, 30, 40 and 99 for the domain.

mode transparent.

DLS1(config)#SWLAB

DLS1(config)# version 2

DLS1(config)# mode server

Setting device to VTP Server mode for VLANS

 

vlan 10

DLS1(config-vlanname Finance

DLS1(config-vlan

DLS1(config-vlanname Engineering

DLS1(config-vlan 30

DLS1(config-vlanname Server-Farm1

DLS1(config-vlan 40

DLS1(config-vlanname Server-Farm2

DLS1(config-vlan 99

DLS1(config-vlanname Management

 

.

 

Step 6: Configure access ports.

A sample configuration is provided for you.

DLS2(config 0/6

DLS2(config mode access

DLS2(config 40

DLS2(configportfast

DLS2(configno shutdown

command can be used to configure individual access ports. This command automatically activates access mode, PortFast, and removes all associations of the physical switch port with the port-channel interfaces (if there are any).

ending in .5 as the gateway address for the respective VLANs.

i. . The ping should fail.

Are these results expected at this point? Why?

   

   

   

Step 7: Configure HSRP interfaces and enable routing.

routing command is used on DLS1 and DLS2 to activate routing capabilities on these Layer 3 switches.

Each route processor can route between the various SVIs configured on its switch. In addition to the real IP address assigned to each distribution switch SVI, assign a third IP address in each subnet to be used as a virtual gateway address. HSRP negotiates and determines which switch accepts information forwarded to the virtual gateway IP address.

is not used in the command syntax to implement HSRP.

In the following configur priority of 100.

Note: It is recommended that the HSRP group number be mapped to VLAN number.

DLS1(config routing

DLS1(configloopback 200

DLS1(config-if)# address 209.165.200.254 255.255.255.0

*NOTE: This loopback is used only for the purpose of testing HSRP state changes. Both DLS1 and DLS2 will have this loopback configured.

 

DLS1(config99

DLS1(config.1 255.255.255.0

DLS1(config5

DLS1(config preempt

DLS1(config0

DLS1(configexit

 

DLS1(config 10

DLS1(config 255.255.255.0

DLS1(config5

DLS1(configstandby 10 preempt

DLS1(config0

DLS1(configexit

 

DLS1(config 20

DLS1(config 255.255.255.0

DLS1(config5

DLS1(configstandby 20 preempt

DLS1(config0

DLS1(configexit

 

DLS1(config 30

DLS1(config 255.255.255.0

DLS1(config 172.16.30.5

DLS1(configstandby 30 preempt

DLS1(configexit

*NOTE: When the priority command is not present on the L3 interface, the HSRP priority value defaults to 100.

 

DLS1(config 40

DLS1(config 255.255.255.0

DLS1(config5

DLS1(configstandby 40 preempt

 

DLS2(config routing

 

DLS1(configinterface loopback 200

DLS1(config-if)# address 209.165.200.254 255.255.255.0

*NOTE: This loopback is used only for the purpose of testing HSRP state changes. Both DLS1 and DLS2 will have this loopback configured.

 

DLS2(config99

DLS2(config 255.255.255.0

DLS2(config5

DLS2(config preempt

DLS2(configexit

 

DLS2(config 10

DLS2(config 255.255.255.0

DLS2(config5

DLS2(configstandby 10 preempt

DLS2(configexit

 

DLS2(config 20

DLS2(config 255.255.255.0

DLS2(config5

DLS2(configstandby 20 preempt

DLS2(configexit

 

DLS2(config 30

DLS2(config 255.255.255.0

DLS2(config5

DLS2(configstandby 30 preempt

DLS2(config0

DLS2(configexit

 

DLS2(config 40

DLS2(config 255.255.255.0

DLS2(config5

DLS2(configstandby 40 preempt

DLS2(config0

 

A (VLAN 10) ping the HSRP virtual gateway address of 172.16.10.5.

C:\>

 

Pinging 172.16.10.5 with 32 bytes of data:

 

Reply from 172.16.10.5: bytes=32 time=1ms TTL=127

Reply from 172.16.10.5: bytes=32 time<1ms TTL=127

Reply from 172.16.10.5: bytes=32 time=1ms TTL=127

Reply from 172.16.10.5: bytes=32 time<1ms TTL=127

 

Ping statistics for 172.16.10.5:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 1ms, Average = 0ms

Now, start This continuous ping will be used to analyze the loss of connectivity experienced as result HSRP failover demonstration in coming in future steps.

C:\> -t

 

with 32 bytes of data:

 

Reply from 209.165.200.254: bytes=32 time=1ms TTL=127

Reply from 209.165.200.254: bytes=32 time<1ms TTL=127

Reply from 209.165.200.254: bytes=32 time=1ms TTL=127

Reply from 209.165.200.254: bytes=32 time<1ms TTL=127

<output omitted>

 

Step 8: Verify the HSRP configuration.

. The last two hexadecimal digits are 0a. These equate to decimal # 10. Our HSRP configuration is group 10.

command on both DLS1 and DLS2.

show standby

Vlan10 — Group 10

State is Active

2 state changes, last state change 00:01:36

Virtual IP address is 172.16.10.5

Active virtual MAC address is 0000.0c07.ac0a

Local virtual MAC address is 0000.0c07.ac0a (v1 default)

Hello time 3 sec, hold time 10 sec

Next hello sent in 0.560 secs

Preemption enabled

Active router is local

Standby router is 172.16.10.2, priority 100 (expires in 10.704 sec)

Priority 150 (configured 150)

Vlan20 — Group 20

State is Active

2 state changes, last state change 00:01:27

Virtual IP address is 172.16.20.5

Active virtual MAC address is 0000.0c07.ac14

Local virtual MAC address is 0000.0c07.ac14 (v1 default)

Hello time 3 sec, hold time 10 sec

Next hello sent in 2.192 secs

Preemption enabled

Active router is local

Standby router is 172.16.20.2, priority 100 (expires in 8.784 sec)

Priority 150 (configured 150)

Vlan30 — Group 30

State is Standby

1 state change, last state change 00:01:10

Virtual IP address is 172.16.30.5

Active virtual MAC address is 0000.0c07.ac1e

Local virtual MAC address is 0000.0c07.ac1e (v1 default)

Hello time 3 sec, hold time 10 sec

Next hello sent in 0.160 secs

Preemption enabled

Active router is 172.16.30.2, priority 150 (expires in 9.392 sec)

Standby router is local

Priority 100 (default 100)

Vlan40 — Group 40

State is Standby

1 state change, last state change 00:01:37

Virtual IP address is 172.16.40.5

Active virtual MAC address is 0000.0c07.ac28

Local virtual MAC address is 0000.0c07.ac28 (v1 default)

Hello time 3 sec, hold time 10 sec

Next hello sent in 0.624 secs

Preemption enabled

Active router is 172.16.40.2, priority 150 (expires in 7.920 sec)

Standby router is local

Priority 100 (default 100)

Vlan99 — Group 99

State is Active

2 state changes, last state change 00:10:23

Virtual IP address is 172.16.99.5

Active virtual MAC address is 0000.0c07.ac63

Local virtual MAC address is 0000.0c07.ac63 (v1 default)

Hello time 3 sec, hold time 10 sec

Next hello sent in 2.416 secs

Preemption enabled

Active router is local

Standby router is 172.16.99.2, priority 100 (expires in 9.216 sec)

Priority 150 (configured 150)

DLS1#

 

show standby

Vlan10 — Group 10

State is Standby

1 state change, last state change 00:05:09

Virtual IP address is 172.16.10.5

Active virtual MAC address is 0000.0c07.ac0a

Local virtual MAC address is 0000.0c07.ac0a (v1 default)

Hello time 3 sec, hold time 10 sec

Next hello sent in 1.488 secs

Preemption enabled

Active router is 172.16.10.1, priority 150 (expires in 8.624 sec)

Standby router is local

Priority 100 (default 100)

Vlan20 — Group 20

State is Standby

1 state change, last state change 00:05:03

Virtual IP address is 172.16.20.5

Active virtual MAC address is 0000.0c07.ac14

Local virtual MAC address is 0000.0c07.ac14 (v1 default)

Hello time 3 sec, hold time 10 sec

Next hello sent in 0.336 secs

Preemption enabled

Active router is 172.16.20.1, priority 150 (expires in 8.640 sec)

Standby router is local

Priority 100 (default 100)

Vlan30 — Group 30

State is Active

2 state changes, last state change 00:05:26

Virtual IP address is 172.16.30.5

Active virtual MAC address is 0000.0c07.ac1e

Local virtual MAC address is 0000.0c07.ac1e (v1 default)

Hello time 3 sec, hold time 10 sec

Next hello sent in 0.416 secs

Preemption enabled

Active router is local

Standby router is 172.16.30.1, priority 100 (expires in 9.120 sec)

Priority 150 (configured 150)

Vlan40 — Group 40

State is Active

2 state changes, last state change 00:12:58

Virtual IP address is 172.16.40.5

Active virtual MAC address is 0000.0c07.ac28

Local virtual MAC address is 0000.0c07.ac28 (v1 default)

Hello time 3 sec, hold time 10 sec

Next hello sent in 2.592 secs

Preemption enabled

Active router is local

Standby router is 172.16.40.1, priority 100 (expires in 8.800 sec)

Priority 150 (configured 150)

Vlan99 — Group 99

State is Standby

1 state change, last state change 00:05:29

Virtual IP address is 172.16.99.5

Active virtual MAC address is 0000.0c07.ac63

Local virtual MAC address is 0000.0c07.ac63 (v1 default)

Hello time 3 sec, hold time 10 sec

Next hello sent in 0.112 secs

Preemption enabled

Active router is 172.16.99.1, priority 150 (expires in 11.408 sec)

Standby router is local

Priority 100 (default 100)

DLS2#

 

command on both DLS1 and DLS2.

DLS1#bri

P indicates configured to preempt.

|

P State Active Standby Virtual IP

Vl10 10 150 P Active local 172.16.10.2 172.16.10.5

Vl20 20 150 P Active local 172.16.20.2 172.16.20.5

Vl30 30 100 P Standby 172.16.30.2 local 172.16.30.5

Vl40 40 100 Standby 172.16.40.2 local 172.16.40.5

5

 

DLS2#bri

P indicates configured to preempt.

|

P State Active Standby Virtual IP

Vl10 10 100 P Standby 172.16.10.1 local 172.16.10.5

Vl20 20 100 P Standby 172.16.20.1 local 172.16.20.5

Vl30 30 150 P Active local 172.16.30.1 172.16.30.5

Vl40 40 150 P Active local 172.16.40.1 172.16.40.5

Vl99 99 100 P Standby 172.16.99.1 local 172.16.99.5

 

for 30 and 40?

_______________________________________________________________________________

________________________________________________________________________________

 

What is the default hello time for each VLAN? What is the default hold time?

.________________________________________________________________________

________________________________________________________________________________

How is the active HSRP router selected?

The router with the highest priority is selected as the active HSRP router. If more routes share the highest priority, the HSRP router with the highest IP address on the segment becomes the active router.

____________________________________________________________________________________

____________________________________________________________________________________

 

c. command to verify routing on both DLS1 and DLS2.

route | begin Gateway

Gateway of last resort is not set

 

172.16.0.0/16 is variably subnetted, 10 subnets, 2 masks

C 172.16.10.0/24 is directly connected, Vlan10

L 172.16.10.1/32 is directly connected, Vlan10

C 172.16.20.0/24 is directly connected, Vlan20

L 172.16.20.1/32 is directly connected, Vlan20

C 172.16.30.0/24 is directly connected, Vlan30

L 172.16.30.1/32 is directly connected, Vlan30

C 172.16.40.0/24 is directly connected, Vlan40

L 172.16.40.1/32 is directly connected, Vlan40

C 172.16.99.0/24 is directly connected, Vlan99

L 172.16.99.1/32 is directly connected, Vlan99

209.165.200.0/24 is variably subnetted, 2 subnets, 2 masks

C 209.165.200.0/24 is directly connected, Loopback200

L 209.165.200.254/32 is directly connected, Loopback200

DLS1#

Step 9: Verify connectivity between VLANs.

Keep the ping running to evaluate loss of connectivity that will occur in Step 11.

C:\>-t

 

209.165.200.254 with 32 bytes of data:

 

Reply from 209.165.200.254: bytes=32 time=1ms TTL=127

Reply from 209.165.200.254: bytes=32 time<1ms TTL=127

Reply from 209.165.200.254: bytes=32 time=1ms TTL=127

Reply from 209.165.200.254: bytes=32 time<1ms TTL=127

<output omitted>

Step 10: Verify HSRP functionally.

command on those interfaces.

DLS2(config 0/7 — 12

DLS2(configshutdown

for VLANs 30 and 40.

b. command. DLS1 is now the active HSRP router for all VLANs and the standby router is unknown.

DLS1#bri

P indicates configured to preempt.

|

P State Active Standby Virtual IP

Vl10 10 150 P Active local unknown 172.16.10.5

Vl20 20 150 P Active local unknown 172.16.20.5

Vl30 30 100 P Active local unknown 172.16.30.5

Vl40 40 100 Active local unknown 172.16.40.5

Vl99 99 150 P Active local unknown 172.16.99.5

command to see the results.

Note: If both DLS1 and DLS2 have links to the Internet, failure of either switch will cause HSRP to redirect packets to the other switch. The functioning switch will take over as the default gateway to provide virtually uninterrupted connectivity for hosts at the access layer.

experience minimal service disruption as a result of the HSRP state change.

 

.

 

 

10

standby 10 authentication ?

 

WORD Plain text authentication string (8 chars max)

md5 Use MD5 authentication

text Plain text authentication

 

standby 10 authentication md5 ?

key-chain Set key chain

key-string Set key string

 

HSRP authentication using the key string option.

 

standby 10 authentication md5 key-string ?

0 Specifies an UNENCRYPTED key string will follow

7 Specifies a HIDDEN key string will follow

WORD Key string (64 chars max)

 

standby 10 authentication md5 key-string cisco123

 

*Mar 1 22:22:34.315: %HSRP-4-BADAUTH: Bad authentication from 172.16.10.2, group 10, remote state Active

 

.

 

bri

P indicates configured to preempt.

|

P State Active Standby Virtual IP

Vl10 10 110 P Active local unknown 172.16.10.5

Vl20 20 110 P Active local 172.16.20.2 172.16.20.5

Vl30 30 100 P Standby 172.16.30.2 local 172.16.30.5

Vl40 40 100 Standby 172.16.40.2 local 172.16.40.5

Vl99 99 110 P Active local 172.16.99.2 172.16.99.5

 

Now configure HSRP authentication for interface VLAN 10 on DLS2.

 

standby 10 authentication md5 key-string cisco123

 

*Mar 1 22:24:04.165: %HSRP-5-STATECHANGE: Vlan10 Grp 10 state Active -> Speak

*Mar 1 22:24:14.349: %HSRP-5-STATECHANGE: Vlan10 Grp 10 state Speak -> Standby

 

state changed.

 

for VLAN 10 while DLS2 is the standby.

 

bri

P indicates configured to preempt.

|

P State Active Standby Virtual IP

Vl10 10 110 P Active local 172.16.10.2 172.16.10.5

Vl20 20 110 P Active local 172.16.20.2 172.16.20.5

Vl30 30 100 P Standby 172.16.30.2 local 172.16.30.5

Vl40 40 100 Standby 172.16.40.2 local 172.16.40.5

Vl99 99 110 P Active local 172.16.99.2 172.16.99.5

 

on the remaining HSRP groups used in this lab scenario.

 

 

Step 12: Configure HSRP interface tracking.

 

Interface tracking enables the priority of a standby group router to be automatically adjusted, based on the availability of the router interfaces. When a tracked interface becomes unavailable, the HSRP priority of the router is decreased. When properly configured, the HSRP tracking features ensures that a router with an unavailable key interface will relinquish the active router role.

 

is used for testing HSRP interface tracking concepts.

 

HSRP can perform object and interface tracking. Configure an IP SLA reachability test on DLS1. Also create an object that tracks this SLA test. HSRP will then be configured to track this object and decrease the priority by a value that will cause an HSRP state change.

 

conf t

10

-echo 209.165.200.254

frequency 5

schedule 10 life forever start-time now

10

10

0

exit

 

 

command.

 

notice the HSRP state change that happened as a result of the failure of the SLA test.

 

lo 200

shut

*Mar 1 23:29:32.072: %TRACKING-5-STATE: 1 interface Lo200 line-protocol Up->Down

*Mar 1 23:29:34.077: %LINK-5-CHANGED: Interface Loopback200, changed state to administratively down

*Mar 1 23:29:35.084: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback200, changed state to down

10 state Up->Down

*Mar 1 23:29:46.207: %HSRP-5-STATECHANGE: Vlan10 Grp 10 state Active -> Speak

*Mar 1 23:29:57.691: %HSRP-5-STATECHANGE: Vlan10 Grp 10 state Speak -> Standby

 

Issue the show standby vlan 10 on DLS1 command to view how the new priority value.

 

10

Vlan10 — Group 10

State is Standby

4 state changes, last state change 01:33:49

Virtual IP address is 172.16.10.5

Active virtual MAC address is 0000.0c07.ac0a

Local virtual MAC address is 0000.0c07.ac0a (v1 default)

Hello time 3 sec, hold time 10 sec

Next hello sent in 0.752 secs

Authentication MD5, key-string

Preemption enabled

, priority 100 (expires in 9.488 sec)

Standby router is local

Priority 80 (configured 110)

Track object 100 state Down decrement 30

 

Part 1: Implement VRRP.

on the switched virtual interface (SVI) will remove all HSRP commands configured on that SVI.

In the next the HSRP active and standby respectively.

The next lab will demonstrate the commands necessary to run VRRP in a campus switched network.

.       

Assign the VRRP protocol to the switched virtual interfaces preferred.

interface Vlan10

address 172.16.10.1 255.255.255.0

172.16.10.5

10 priority 150

command on the interfaces in which you desire this switch to be the master forwarder.

on all SVIs on DLS1 and DLS2 switches.

Verify VRRP operation using the following show commands: the master for VLANs 30 and 40 and backup for VLANs 10, 20, and 99.

vrrp

Vlan10 — Group 10

State is Master

Virtual IP address is 172.16.10.5

irtual MAC address is 0000.5e00.010a

Advertisement interval is 1.000 sec

Preemption enabled

Priority is 150

aster Router is 172.16.10.1 (local), priority is 150

Master Down interval is 3.414 sec

 

Vlan20 — Group 20

State is Master

Virtual IP address is 172.16.20.5

Virtual MAC address is 0000.5e00.0114

Advertisement interval is 1.000 sec

Preemption enabled

Priority is 150

Master Router is 172.16.20.1 (local), priority is 150

Master Advertisement interval is 1.000 sec

Master Down interval is 3.414 sec

 

Vlan30 — Group 30

State is Backup

Virtual IP address is 172.16.30.5

Virtual MAC address is 0000.5e00.011e

Advertisement interval is 1.000 sec

Preemption enabled

Priority is 100

Master Router is 172.16.30.2, priority is 150

Master Advertisement interval is 1.000 sec

Master Down interval is 3.609 sec (expires in 3.475 sec)

 

Vlan40 — Group 40

State is Backup

Virtual IP address is 172.16.40.5

Virtual MAC address is 0000.5e00.0128

Advertisement interval is 1.000 sec

Preemption enabled

Priority is 100

Master Router is 172.16.40.2, priority is 150

Master Advertisement interval is 1.000 sec

Master Down interval is 3.609 sec (expires in 2.930 sec)

 

Vlan99 — Group 99

State is Master

Virtual IP address is 172.16.99.5

Virtual MAC address is 0000.5e00.0163

Advertisement interval is 1.000 sec

Preemption enabled

Priority is 150

Master Router is 172.16.99.1 (local), priority is 150

Master Advertisement interval is 1.000 sec

Master Down interval is 3.414 sec

 

.

 

vrrp

Vlan10 — Group 10

State is Backup

Virtual IP address is 172.16.10.5

Virtual MAC address is 0000.5e00.010a

Advertisement interval is 1.000 sec

Preemption enabled

Priority is 100

Master Router is 172.16.10.1, priority is 150

Master Advertisement interval is 1.000 sec

Master Down interval is 3.609 sec (expires in 3.097 sec)

 

Vlan20 — Group 20

State is Backup

Virtual IP address is 172.16.20.5

Virtual MAC address is 0000.5e00.0114

Advertisement interval is 1.000 sec

Preemption enabled

Priority is 100

Master Router is 172.16.20.1, priority is 150

Master Advertisement interval is 1.000 sec

Master Down interval is 3.609 sec (expires in 2.736 sec)

 

Vlan30 — Group 30

State is Master

Virtual IP address is 172.16.30.5

Virtual MAC address is 0000.5e00.011e

Advertisement interval is 1.000 sec

Preemption enabled

Priority is 150

Master Router is 172.16.30.2 (local), priority is 150

Master Advertisement interval is 1.000 sec

Master Down interval is 3.414 sec

 

Vlan40 — Group 40

State is Master

Virtual IP address is 172.16.40.5

Virtual MAC address is 0000.5e00.0128

Advertisement interval is 1.000 sec

Preemption enabled

Priority is 150

Master Router is 172.16.40.2 (local), priority is 150

Master Advertisement interval is 1.000 sec

Master Down interval is 3.414 sec

 

Vlan99 — Group 99

State is Backup

Virtual IP address is 172.16.99.5

Virtual MAC address is 0000.5e00.0163

Advertisement interval is 1.000 sec

Preemption enabled

Priority is 100

Master Router is 172.16.99.1, priority is 150

Master Advertisement interval is 1.000 sec

   

 

command to view a summary of the VRRP configuration.

 

ef

addr

Vl10 10 150 3414 Y Master 172.16.10.1 172.16.10.5

Vl20 20 150 3414 Y Master 172.16.20.1 172.16.20.5

Vl30 30 100 3609 Y Backup 172.16.30.2 172.16.30.5

Vl40 40 100 3609 Y Backup 172.16.40.2 172.16.40.5

Vl99 99 150 3414 Y Master 172.16.99.1 172.16.99.5

 

brief

addr

Vl10 10 100 3609 Y Backup 172.16.10.1 172.16.10.5

Vl20 20 100 3609 Y Backup 172.16.20.1 172.16.20.5

Vl30 30 150 3414 Y Master 172.16.30.2 172.16.30.5

Vl40 40 150 3414 Y Master 172.16.40.2 172.16.40.5

Vl99 99 100 3609 Y Backup 172.16.99.1 172.16.99.5

 

Configure VRRP tracking.

ackup devices priority defaults to 100. To cause the state change, we would need to decrease the priority by at least 60. A sample configuration is provided for you below.

DLS1(config loop 200 line-protocol

DLS1(config 99

DLS1(config

 

CHALLENGE:

Alternative option for VRRP configuration

the SVIs.

displayed here to show a complete configuration.

A sample configuration is provided for you below.

• Do not configure the VRRP priority.

interface Vlan10

255.255.255.0

172.16.10.1

interfaces VLAN 30.

0

255.255.255.0

and Backup for VLAN 30.

10.

Step 3: End of Lab

Do not save your configurations. The equipment will be reset for the next lab.

?

 

 

 

 

 

 

Below are the final configurations for each switch.

 

DLS1:

DLS1# show run | exclude !

Building configuration…

 

Current configuration : 3392 bytes

version 15.0

no service pad

msec

msec

no service password-encryption

hostname DLS1

boot-start-marker

boot-end-marker

enable secret 5 $1$iH7y$KmmpYHeHJXQezv2wRIctX/

new-model

routing 1500

routing

domain-lookup

domain-name CCNP.NET

key chain HSRP-CHAIN

key 1

key-string cisco456

pvst

spanning-tree extend system-id

vlan internal allocation policy ascending

track 1 interface Loopback200 line-protocol

10

interface Loopback200

address 209.165.200.254 255.255.255.0

interface Port-channel1

switchport trunk encapsulation dot1q

switchport mode trunk

interface Port-channel2

switchport trunk encapsulation dot1q

switchport mode trunk

interface Port-channel3

switchport trunk encapsulation dot1q

switchport mode trunk

interface FastEthernet0/1

shutdown

interface FastEthernet0/2

shutdown

interface FastEthernet0/3

shutdown

interface FastEthernet0/4

shutdown

interface FastEthernet0/5

shutdown

interface FastEthernet0/6

switchport access vlan 99

switchport mode access

portfast

interface FastEthernet0/7

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 1 mode desirable

interface FastEthernet0/8

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 1 mode desirable

interface FastEthernet0/9

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 2 mode desirable

interface FastEthernet0/10

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 2 mode desirable

interface FastEthernet0/11

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 3 mode desirable

interface FastEthernet0/12

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 3 mode desirable

interface FastEthernet0/13

shutdown

interface FastEthernet0/14

shutdown

interface FastEthernet0/15

shutdown

interface FastEthernet0/16

shutdown

interface FastEthernet0/17

shutdown

interface FastEthernet0/18

shutdown

interface FastEthernet0/19

shutdown

interface FastEthernet0/20

shutdown

interface FastEthernet0/21

shutdown

interface FastEthernet0/22

shutdown

interface FastEthernet0/23

shutdown

interface FastEthernet0/24

shutdown

interface GigabitEthernet0/1

shutdown

interface GigabitEthernet0/2

shutdown

interface Vlan1

address

shutdown

interface Vlan10

address 172.16.10.1 255.255.255.0

172.16.10.5

10 priority 150

interface Vlan20

address 172.16.20.1 255.255.255.0

172.16.20.5

20 priority 150

interface Vlan30

address 172.16.30.1 255.255.255.0

172.16.30.5

interface Vlan40

address 172.16.40.1 255.255.255.0

172.16.40.5

interface Vlan99

address 172.16.99.1 255.255.255.0

172.16.99.5

99 priority 150

99 track 1 decrement 60

http server

http secure-server

10

-echo 209.165.200.254

frequency 5

schedule 10 life forever start-time now

line con 0

exec-timeout 0 0

logging synchronous

line vty 0 4

password cisco

login

line vty 5 15

password cisco

login

end

 

DLS1#

 

DLS2:

DLS2# show run | exclude !

Building configuration…

 

Current configuration : 3175 bytes

version 15.0

no service pad

msec

msec

no service password-encryption

hostname DLS2

boot-start-marker

boot-end-marker

enable secret 5 $1$FNl5$.TMoHwkzsahidvlZImuBP0

new-model

routing 1500

routing

domain-lookup

domain-name CCNP.NET

key chain HSRP-CHAIN

key 1

key-string cisco456

pvst

spanning-tree extend system-id

vlan internal allocation policy ascending

interface Loopback200

address 209.165.200.254 255.255.255.0

interface Port-channel1

switchport trunk encapsulation dot1q

switchport mode trunk

interface Port-channel2

switchport trunk encapsulation dot1q

switchport mode trunk

interface Port-channel3

switchport trunk encapsulation dot1q

switchport mode trunk

interface FastEthernet0/1

shutdown

interface FastEthernet0/2

shutdown

interface FastEthernet0/3

shutdown

interface FastEthernet0/4

shutdown

interface FastEthernet0/5

shutdown

interface FastEthernet0/6

switchport access vlan 40

switchport mode access

portfast

interface FastEthernet0/7

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 1 mode desirable

interface FastEthernet0/8

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 1 mode desirable

interface FastEthernet0/9

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 2 mode desirable

interface FastEthernet0/10

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 2 mode desirable

interface FastEthernet0/11

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 3 mode desirable

interface FastEthernet0/12

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 3 mode desirable

interface FastEthernet0/13

shutdown

interface FastEthernet0/14

shutdown

interface FastEthernet0/15

shutdown

interface FastEthernet0/16

shutdown

interface FastEthernet0/17

shutdown

interface FastEthernet0/18

shutdown

interface FastEthernet0/19

shutdown

interface FastEthernet0/20

shutdown

interface FastEthernet0/21

shutdown

interface FastEthernet0/22

shutdown

interface FastEthernet0/23

shutdown

interface FastEthernet0/24

shutdown

interface GigabitEthernet0/1

shutdown

interface GigabitEthernet0/2

shutdown

interface Vlan1

address

shutdown

interface Vlan10

address 172.16.10.2 255.255.255.0

172.16.10.5

interface Vlan20

address 172.16.20.2 255.255.255.0

172.16.20.5

interface Vlan30

address 172.16.30.2 255.255.255.0

172.16.30.5

30 priority 150

interface Vlan40

address 172.16.40.2 255.255.255.0

172.16.40.5

40 priority 150

interface Vlan99

address 172.16.99.2 255.255.255.0

172.16.99.5

http server

http secure-server

line con 0

exec-timeout 0 0

logging synchronous

line vty 0 4

password cisco

login

line vty 5 15

password cisco

login

end

 

#

 

ALS1:

ALS1# show run | exclude !

Building configuration…

 

Current configuration : 2302 bytes

version 15.0

no service pad

msec

msec

no service password-encryption

hostname ALS1

boot-start-marker

boot-end-marker

enable secret 5 $1$XhgA$UgBJw/pOfDf.5XeSWE3Sw0

new-model

routing 1500

domain-lookup

domain-name CCNP.NET

pvst

spanning-tree extend system-id

vlan internal allocation policy ascending

interface Port-channel1

switchport mode trunk

interface Port-channel2

switchport mode trunk

interface Port-channel3

switchport mode trunk

interface FastEthernet0/1

shutdown

interface FastEthernet0/2

shutdown

interface FastEthernet0/3

shutdown

interface FastEthernet0/4

shutdown

interface FastEthernet0/5

shutdown

interface FastEthernet0/6

switchport access vlan 10

switchport mode access

portfast

interface FastEthernet0/7

switchport mode trunk

channel-group 1 mode desirable

interface FastEthernet0/8

switchport mode trunk

channel-group 1 mode desirable

interface FastEthernet0/9

switchport mode trunk

channel-group 2 mode desirable

interface FastEthernet0/10

switchport mode trunk

channel-group 2 mode desirable

interface FastEthernet0/11

switchport mode trunk

channel-group 3 mode desirable

interface FastEthernet0/12

switchport mode trunk

channel-group 3 mode desirable

interface FastEthernet0/13

shutdown

interface FastEthernet0/14

shutdown

interface FastEthernet0/15

shutdown

interface FastEthernet0/16

shutdown

interface FastEthernet0/17

shutdown

interface FastEthernet0/18

shutdown

interface FastEthernet0/19

shutdown

interface FastEthernet0/20

shutdown

interface FastEthernet0/21

shutdown

interface FastEthernet0/22

shutdown

interface FastEthernet0/23

shutdown

interface FastEthernet0/24

shutdown

interface GigabitEthernet0/1

shutdown

interface GigabitEthernet0/2

shutdown

interface Vlan1

address

interface Vlan99

address 172.16.99.3 255.255.255.0

default-gateway 172.16.99.5

http server

http secure-server

line con 0

exec-timeout 0 0

logging synchronous

line vty 0 4

password cisco

login

line vty 5 15

password cisco

login

end

 

ALS1#

 

ALS2:

ALS2# show run | exclude !

Building configuration…

 

Current configuration : 2312 bytes

version 15.0

no service pad

msec

msec

no service password-encryption

hostname ALS2

boot-start-marker

boot-end-marker

enable secret 5 $1$p6PN$sW8CgvvOPVCkyhezwxB720

new-model

routing 1500

domain-lookup

domain-name CCNP.NET

pvst

spanning-tree extend system-id

vlan internal allocation policy ascending

interface Port-channel1

switchport mode trunk

interface Port-channel2

switchport mode trunk

interface Port-channel3

switchport mode trunk

interface FastEthernet0/1

shutdown

interface FastEthernet0/2

shutdown

interface FastEthernet0/3

shutdown

interface FastEthernet0/4

shutdown

interface FastEthernet0/5

shutdown

interface FastEthernet0/6

switchport access vlan 20

switchport mode access

portfast

interface FastEthernet0/7

switchport mode trunk

channel-group 1 mode desirable

interface FastEthernet0/8

switchport mode trunk

channel-group 1 mode desirable

interface FastEthernet0/9

switchport mode trunk

channel-group 2 mode desirable

interface FastEthernet0/10

switchport mode trunk

channel-group 2 mode desirable

interface FastEthernet0/11

switchport mode trunk

channel-group 3 mode desirable

interface FastEthernet0/12

switchport mode trunk

channel-group 3 mode desirable

interface FastEthernet0/13

shutdown

interface FastEthernet0/14

shutdown

interface FastEthernet0/15

shutdown

interface FastEthernet0/16

shutdown

interface FastEthernet0/17

shutdown

interface FastEthernet0/18

shutdown

interface FastEthernet0/19

shutdown

interface FastEthernet0/20

shutdown

interface FastEthernet0/21

shutdown

interface FastEthernet0/22

shutdown

interface FastEthernet0/23

shutdown

interface FastEthernet0/24

shutdown

interface GigabitEthernet0/1

shutdown

interface GigabitEthernet0/2

shutdown

interface Vlan1

address

shutdown

interface Vlan99

address 172.16.99.4 255.255.255.0

default-gateway 172.16.99.5

http server

http secure-server

line con 0

exec-timeout 0 0

logging synchronous

line vty 0 4

password cisco

login

line vty 5 15

password cisco

login

end

 

ALS2#

 

 

 

 

 

 

 

28


Добавить комментарий

Ваш e-mail не будет опубликован. Обязательные поля помечены *