15.1.4 Lab – Implement VRRP Answers

 15.1.4 Lab – Implement VRRP Answers

Lab – Implement VRRP (Answers Version)

Answers Note: Red font color or gray highlights indicate text that appears in the instructor copy only.

Topology

This topology has 3 switches and 2 PCs. D1 G1/0/1 is connected to D2 G1/0/1. D1 G1/0/2 is connected to D2 G1/0/2. D1 G1/0/3 is connected to D2 G1/0/3. D1 G1/0/4 is connected to D2 G1/0/4. D1 G1/0/5 is connected to A1 F0/1. D1 G1/0/6 is connected to A1 F0/2. D2 G1/0/5 is connected to A1 F0/3. D2 G1/0/6 is connected to A1 F0/4. PC1 is connected to A1 F0/23. PC2 is connected to A1 F0/24.

Addressing Table

Device

Interface

IP Address

Default Gateway

D1

Lo 0

192.168.1.1/24

N/A

D1

Lo 0

2001:db8:acad:1000::1/64

N/A

D1

VLAN 11

10.11.0.1/24

N/A

D1

VLAN 11

2001:db8:acad:11::1/64

N/A

D1

VLAN 21

10.21.0.1/24

N/A

D1

VLAN 21

2001:db8:acad:21::1/64

N/A

D2

Lo 0

192.168.1.1/24

N/A

D2

Lo 0

2001:db8:acad:1000::1/64

N/A

D2

VLAN 11

10.11.0.2/24

N/A

D2

VLAN 11

2001:db8:acad:11::1/64

N/A

D2

VLAN 21

10.21.0.2/24

N/A

D2

VLAN 21

2001:db8:acad:21::2/64

N/A

PC1

NIC

10.11.0.50/24

10.11.0.254

PC1

NIC

IPv6 SLAAC

 

PC2

NIC

10.21.0.50/24

10.21.0.254

PC2

NIC

IPv6 SLAAC

 

Objectives

Part 1: Build the Network and Configure Basic Device Settings and Interface Addressing

Part 2: Configure and Observe VRRP for IPv4 and IPv6

Part 3: Configure and Observe VRRP Object Tracking

Background / Scenario

The Virtual Router Redundancy Protocol (VRRP) is a standards-based alternative to HSRP and is defined in RFC 3768 (VRRP) and RFC 5798 (VRRPv3). The two technologies are similar but not compatible. HSRP elects an active and standby router to participate in the HSRP process, while VRRP elects a Master and Backup. Although referred to by different names, the operational concepts of the VRRP master and backup are similar to the HSRP active and standby respectively.

Both HSRP and VRRP operation requires the use of a virtual router IP address, but VRRP can use an address assigned to an interface on the device. In this case, the device automatically assumes the master role and ignores the priority value in its role election process. Recall that preemption in HSRP must be explicitly configured. VRRP uses preempt by default.

Note: This lab is an exercise in deploying and verifying VRRP and does not necessarily reflect networking best practices.

Note: The switches used with CCNP hands-on labs are Cisco 3650 with Cisco IOS XE release 16.9.4 (universalk9 image) and Cisco 2960+ with IOS release 15.2 (lanbase image). Other routers and Cisco IOS versions can be used. Depending on the model and Cisco IOS version, the commands available and the output produced might vary from what is shown in the labs.

Note: Ensure that the switches have been erased and have no startup configurations. If you are unsure contact your instructor.

Answers Note: Refer to the Answers Lab Manual for the procedures to initialize and reload devices.

Note: The default Switch Database Manager (SDM) template on a Catalyst 3650 running IOS XE supports dual-stacked operations and requires no additional configuration for our purposes.

If you are using a device, such as Cisco 2960, running Cisco IOS, check the SDM template with the privileged EXEC command show sdm prefer.

S1# show sdm prefer

The default bias template used by the Switch Database Manager (SDM) does not provide IPv6 address capabilities. Verify that SDM is using either the dual-ipv4-and-ipv6 template or the lanbase-routing template. The new template will be used after reboot even if the configuration is not saved.

Use the following commands to assign the dual-ipv4-and-ipv6 template as the default SDM template.

S1# configure terminal

S1(config)# sdm prefer dual-ipv4-and-ipv6 default

S1(config)# end

S1# reload

Required Resources

  • 2 Switches (Cisco 3650 with Cisco IOS XE release 16.9.4 universal image or comparable)
  • 1 Switch (Cisco 2960 with Cisco IOS Release 15.2(2) lanbasek9 image or comparable)
  • 1 PC (Choice of operating system with a terminal emulation program installed)
  • Console cables to configure the Cisco IOS devices via the console ports
  • Ethernet cables as shown in the topology

Instructions

Part 1:  Build the Network and Configure Basic Device Settings and Interface Addressing

In Part 1, you will set up the network topology and configure basic settings and interface addressing.

Step 1:  Cable the network as shown in the topology.

Attach the devices as shown in the topology diagram, and cable as necessary.

Step 2:  Configure basic settings for each switch.

  1. Console into each switch, enter global configuration mode, and apply the basic settings. A command list for each switch is provided below for initial configurations.

Open configuration window

Switch D1

hostname D1

ip routing

ipv6 unicast-routing

no ip domain lookup

banner motd # D1, Implement VRRP #

line con 0

 exec-timeout 0 0

 logging synchronous

 exit

line vty 0 4

 privilege level 15

 password cisco123

 exec-timeout 0 0

 logging synchronous

 login

 exit

interface range g1/0/1-24, g1/1/1-4, g0/0

 shutdown

 exit

interface range g1/0/1-6

 switchport mode trunk

 no shutdown

 exit

interface range g1/0/1-4

 channel-group 12 mode active

 exit

interface range g1/0/5-6

 channel-group 1 mode active

 exit

vlan 11

 name FIRST_VLAN

 exit

vlan 21

 name SECOND_VLAN

 exit

interface vlan 11

 ip address 10.11.0.1 255.255.255.0

 ipv6 address fe80::d1:1 link-local

 ipv6 address 2001:db8:acad:11::1/64

 no shutdown

 exit

interface vlan 21

 ip address 10.21.0.1 255.255.255.0

 ipv6 address fe80::d1:2 link-local

 ipv6 address 2001:db8:acad:21::1/64

 no shutdown

 exit

interface loopback 0

 ip address 192.168.1.1 255.255.255.0

 ipv6 address fe80::d1:3 link-local

 ipv6 address 2001:db8:acad:1000::1/64

 no shutdown

 exit

Switch D2

hostname D2

ip routing

ipv6 unicast-routing

no ip domain lookup

banner motd # D2, Implement VRRP #

line con 0

 exec-timeout 0 0

 logging synchronous

 exit

line vty 0 4

 privilege level 15

 password cisco123

 exec-timeout 0 0

 logging synchronous

 login

 exit

interface range g1/0/1-24, g1/1/1-4, g0/0

 shutdown

 exit

interface range g1/0/1-6

 !switchport trunk encapsulation dot1q

 switchport mode trunk

 no shutdown

 exit

interface range g1/0/1-4

 channel-group 12 mode active

 exit

interface range g1/0/5-6

 channel-group 2 mode active

 exit

vlan 11

 name FIRST_VLAN

 exit

vlan 21

 name SECOND_VLAN

 exit

interface vlan 11

 ip address 10.11.0.2 255.255.255.0

 ipv6 address fe80::d2:1 link-local

 ipv6 address 2001:db8:acad:11::2/64

 no shutdown

 exit

interface vlan 21

 ip address 10.21.0.2 255.255.255.0

 ipv6 address fe80::d2:2 link-local

 ipv6 address 2001:db8:acad:21::2/64

 no shutdown

 exit

interface loopback 0

 ip address 192.168.1.1 255.255.255.0

 ipv6 address fe80::d2:3 link-local

 ipv6 address 2001:db8:acad:1000::1/64

 no shutdown

 exit

Switch A1

hostname A1

banner motd # A1, Implement VRRP #

line con 0

 exec-timeout 0 0

 logging synchronous

 exit

line vty 0 4

 privilege level 15

 password cisco123

 exec-timeout 0 0

 logging synchronous

 login

 exit

interface range f0/1-24, g0/1-2

 shutdown

 exit

interface range f0/1-4

 switchport mode trunk

 no shutdown

 exit

interface range f0/1-2

 channel-group 1 mode active

 exit

interface range f0/3-4

 channel-group 2 mode active

 exit

vlan 11

 name FIRST_VLAN

 exit

vlan 21

 name SECOND_VLAN

 exit

interface f0/23

 switchport mode access

 switchport access vlan 11

 spanning-tree portfast

 no shutdown

 exit

interface f0/24

 switchport mode access

 switchport access vlan 21

 spanning-tree portfast

 no shutdown

 exit

interface vlan 11

 ip address 10.11.0.3 255.255.255.0

 ipv6 address fe80::a1:1 link-local

 ipv6 address 2001:db8:acad:11::3/64

 no shutdown

 exit

ip default-gateway 10.11.0.254

  1. Set the clock on each switch to UTC time.
  2. Save the running configuration to startup-config.

Close configuration window

Step 3:  Configure the PCs for network connectivity.

Configure PC1 and PC2 with the IPv4 address, subnet mask, and default gateway specified in the topology diagram. The IPv6 address and default gateway information for the PCs will come from SLAAC.

Part 2:  Configure and Observe VRRP for IPv4 and IPv6

In Part 2 you will configure and test VRRPv3 in support of IPv4 and IPv6.

Like HSRP, VRRP provides redundancy in the network. Traffic can be load-balanced by assigning different gateway devices different priorities, spreading the load out amongst devices. Priority can be a value between 1 and 254. The default priority value is 100, and a higher priority value is preferable. Unlike HSRP, preemption is enabled by default in VRRP.

To enable VRRP version 3, issue the command fhrp version vrrp v3.

VRRP version 3 is configured in a hierarchical manner, using address family configurations to support IPv4 and IPv6.

In the IPv6 address family configuration, the virtual link-local address must be manually configured, which is unlike HSRP where the virtual address is dynamically generated.

In this lab, the group numbers will be 11 and 21 for IPv4, and 116 and 216 for IPv6.

In the following configurations, the priority for VLAN 11 on D1 is set to 150, making it the master virtual router for VLAN 11. VLAN 21 has the default priority of 100 on D1, making D1 the backup virtual router for VLAN 21. D2 is configured to be the master virtual router for VLAN 21 with a priority of 150, and the backup virtual router for VLAN 11 with a default priority of 100.

Step 1:  Configure VRRPv3 on switch D1.

Open configuration window

  1. Enable VRRPv3 globally.

D1(config)# fhrp version vrrp v3

  1. Configure vrrp group 11 on interface VLAN 11 with a vrrp IP address of 10.11.0.254 and a priority of 150.

D1(config)# interface vlan 11

D1(config-if)# vrrp 11 address-family ipv4

D1(config-if-vrrp)# address 10.11.0.254

D1(config-if-vrrp)# priority 150

D1(config-if-vrrp)# exit

  1. Configure vrrp group 116 on interface vlan 11 with a primary vrrp IP address of fe80::11:1 and a priority of 150.

D1(config-if)# vrrp 116 address-family ipv6

D1(config-if-vrrp)# address fe80::11:1 primary

D1(config-if-vrrp)# priority 150

D1(config-if-vrrp)# exit

  1. Configure vrrp group 21 on interface VLAN 21 with a vrrp IP address of 10.21.0.254.

D1(config-if)# interface vlan 21

D1(config-if)# vrrp 21 address-family ipv4

D1(config-if-vrrp)# address 10.21.0.254

D1(config-if-vrrp)# exit

  1. Configure vrrp group 216 on interface vlan 21 with a primary vrrp IP address of fe80::21:1.

D1(config-if)# vrrp 216 address-family ipv6

D1(config-if-vrrp)# address fe80::21:1 primary

D1(config-if-vrrp)# exit

Step 2:  Verify VRRP is operational on switch D1.

  1. Verify that VRRP is active and operating on switch D1 with the show vrrp command. Because D1 is the only switch configured for VRRP, it is the master on all groups.

D1# show vrrp

 

Vlan11 – Group 11 – Address-Family IPv4

  State is MASTER

  State duration 14 mins 12.598 secs

  Virtual IP address is 10.11.0.254

  Virtual MAC address is 0000.5E00.010B

  Advertisement interval is 1000 msec

  Preemption enabled

  Priority is 150

  Master Router is 10.11.0.1 (local), priority is 150

  Master Advertisement interval is 1000 msec (expires in 830 msec)

  Master Down interval is unknown

  FLAGS: 1/1

 

Vlan11 – Group 116 – Address-Family IPv6

  State is MASTER

  State duration 13 mins 24.216 secs

  Virtual IP address is FE80::11:1

  Virtual MAC address is 0000.5E00.0274

  Advertisement interval is 1000 msec

  Preemption enabled

  Priority is 150

  Master Router is FE80::D1:1 (local), priority is 150

  Master Advertisement interval is 1000 msec (expires in 454 msec)

  Master Down interval is unknown

  FLAGS: 1/1

 

 

Vlan21 – Group 21 – Address-Family IPv4

  State is MASTER

  State duration 2 mins 7.926 secs

  Virtual IP address is 10.21.0.254

  Virtual MAC address is 0000.5E00.0115

  Advertisement interval is 1000 msec

  Preemption enabled

  Priority is 100

  Master Router is 10.21.0.1 (local), priority is 100

  Master Advertisement interval is 1000 msec (expires in 354 msec)

  Master Down interval is unknown

  FLAGS: 1/1

 

Vlan21 – Group 216 – Address-Family IPv6

  State is MASTER

  State duration 2 mins 6.695 secs

  Virtual IP address is FE80::21:1

  Virtual MAC address is 0000.5E00.02D8

  Advertisement interval is 1000 msec

  Preemption enabled

  Priority is 100

  Master Router is FE80::D1:2 (local), priority is 100

  Master Advertisement interval is 1000 msec (expires in 323 msec)

  Master Down interval is unknown

  FLAGS: 1/1

  1. You can also use the show vrrp brief command to get a less verbose status.

D1# show vrrp brief

  Interface          Grp  A-F Pri  Time Own Pre State   Master addr/Group addr

  Vl11                11 IPv4 150     0  N   Y  MASTER  10.11.0.1(local) 10.11.0.254

  Vl11               116 IPv6 150     0  N   Y  MASTER  FE80::D1:1(local) FE80::11:1

  Vl21                21 IPv4 100     0  N   Y  MASTER  10.21.0.1(local) 10.21.0.254

  Vl21               216 IPv6 100     0  N   Y  MASTER  FE80::D1:2(local) FE80::21:1

  1. Interface Loopback0 on D1 and D2 represent a destination on the internet. From PC1 and PC2, ping the IPv4 and IPv6 address of interface Loopack0 on D1. A successful ping verifies that the gateway router is working.

Close configuration window

Step 3:  Configure VRRP on switch D2.

Open configuration window

  1. Enable VRRPv3 globally.

D2(config)# fhrp version vrrp v3

  1. Configure vrrp group 11 on interface VLAN 11 with a vrrp IP address of 10.11.0.254.

D2(config)# interface vlan 11

D2(config-if)# vrrp 11 address-family ipv4

D2(config-if-vrrp)# address 10.11.0.254

D2(config-if-vrrp)# exit

  1. Configure vrrp group 116 on interface vlan 11 with a primary vrrp IP address of fe80::11:1.

D2(config-if)# vrrp 116 address-family ipv6

D2(config-if-vrrp)# address fe80::11:1 primary

D2(config-if-vrrp)# exit

  1. Configure vrrp group 21 on interface VLAN 21 with a vrrp IP address of 10.21.0.254 and a priority of 150.

D2(config-if)# interface vlan 21

D2(config-if)# vrrp 21 address-family ipv4

D2(config-if-vrrp)# address 10.21.0.254

D2(config-if-vrrp)# priority 150

D2(config-if-vrrp)# exit

  1. Configure vrrp group 216 on interface vlan 21 with a primary vrrp IP address of fe80::21:1 and a priority of 150.

D2(config-if)# vrrp 216 address-family ipv6

D2(config-if-vrrp)# address fe80::21:1 primary

D2(config-if-vrrp)# priority 150

D2(config-if-vrrp)# exit

Step 4:  Verify VRRP is operational on switch D2.

  1. Verify that VRRP is active and operating on switch D2 with the show vrrp brief command. Based on the configuration, D2 should be the master switch on interface VLAN 21 only.

D2# show vrrp brief

  Interface          Grp  A-F Pri  Time Own Pre State   Master addr/Group addr

  Vl11                11 IPv4 100  3609  N   Y  BACKUP  10.11.0.1 10.11.0.254

  Vl11               116 IPv6 100  3609  N   Y  BACKUP  FE80::D1:1 FE80::11:1

  Vl21                21 IPv4 150     0  N   Y  MASTER  10.21.0.2(local) 10.21.0.254

  Vl21               216 IPv6 150     0  N   Y  MASTER  FE80::D2:2(local) FE80::21:1

Close configuration window

  1. Interface Loopback0 on D1 and D2 represent a destination on the internet. From PC1 and PC2, ping the IPv4 and IPv6 address of interface Loopack0 on D1. A successful ping verifies that the gateway router is working.

Step 5:  Observe and validate VRRP operation.

The whole point of VRRP is to help maintain gateway reachability in case of an outage. In this step, we will simulate an outage to show how HSRP achieves this objective.

  1. On PC1, start a continuous ping to 192.168.1.1 and 2001:db8:acad:1000::1.
  2. On switch D1, issue the shutdown command on interface VLAN 11. Note that D2 takes over the master role, and there is very little traffic loss in the running pings.
  3. On switch D1, issue the no shutdown command on interface VLAN 11. Note that D1 takes back over as the master router, and once again there is very little traffic loss experienced.
  4. Stop the continuous ping running on PC1.

Part 3:  Configure and Observe VRRP Object Tracking

VRRP can perform object tracking. This enables the priority of a virtual group router to be automatically adjusted, based on the status of the tracked entity. When a tracked entity becomes unavailable, the VRRP priority of the router is decreased. This might cause another router to take over as the master router for a group based on its higher priority value. When properly configured, the VRRP tracking feature ensures that a router with an unavailable key interface will relinquish the master router role. 

Step 1:  Create a tracked object.

Create an object on Switch D1 and D2 that tracks the line-protocol of interface Loopback 0.

Open configuration window

D1(config)# track 8 interface loopback 0 line-protocol

D1(config-track)# exit

Step 2:  Configure HSRP to track the object status.

On D1, configure vrrp groups 11 and 116 to track the status of track 8. On D2, configure vrrp groups 21 and 216 to track the status of track 8. When the tracked object has failed, decrement the system priority by 60.

Open configuration window

D1(config-track)# interface vlan 11

D1(config-if)# vrrp 11 address-family ipv4

D1(config-if-vrrp)# track 8 decrement 60

D1(config-if-vrrp)# exit

D1(config-if)# vrrp 116 address-family ipv6

D1(config-if-vrrp)# track 8 decrement 60

D1(config-if-vrrp)# exit

 

D2(config-track)# interface vlan 21

D2(config-if)# vrrp 21 address-family ipv4

D2(config-if-vrrp)# track 8 decrement 60

D2(config-if-vrrp)# exit

D2(config-if)# vrrp 216 address-family ipv6

D2(config-if-vrrp)# track 8 decrement 60

D2(config-if-vrrp)# exit

Close configuration window

Step 3:  Verify the VRRP configuration.

Issue the command show vrrp on Switch D1. This is the full version of the command, and in the output, you can see all the adjustments that have been made to this point.

Open configuration window

D1# show vrrp

 

Vlan11 – Group 11 – Address-Family IPv4

  State is MASTER

  State duration 18 mins 50.735 secs

  Virtual IP address is 10.11.0.254

  Virtual MAC address is 0000.5E00.010B

  Advertisement interval is 1000 msec

  Preemption enabled

  Priority is 150

    Track object 8 state UP decrement 60

  Master Router is 10.11.0.1 (local), priority is 150

  Master Advertisement interval is 1000 msec (expires in 583 msec)

  Master Down interval is unknown

  FLAGS: 1/1

<output omitted>

Step 4:  Verify VRRP complies with the configuration.

  1. On D1, shutdown interface Loopback 1. Switch D2 should take over as master for group 11. Verify D1’s current priority value and D2’s status with the show vrrp brief command.

D1(config)# interface loopback 0

D1(config-if)# shutdown

D1(config-if)# end

D1#

*Jan 19 18:45:56.603: %TRACK-6-STATE: 8 interface Lo0 line-protocol Up -> Down

D1#

*Jan 19 18:45:57.636: %SYS-5-CONFIG_I: Configured from console by console

*Jan 19 18:45:58.602: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to down

*Jan 19 18:45:58.603: %LINK-5-CHANGED: Interface Loopback0, changed state to administratively down

D1#

*Jan 19 18:45:59.418: %VRRP-6-STATE: Vlan116 IPv6 group 116 state MASTER -> BACKUP

*Jan 19 18:45:59.418: %VRRP-6-STATE: Vlan11 IPv4 group 11 state MASTER -> BACKUP

D1#

D1# show vrrp brief

  Interface          Grp  A-F Pri  Time Own Pre State   Master addr/Group addr

  Vl11                11 IPv4  90  3648  N   Y  BACKUP  10.11.0.2 10.11.0.254

  Vl11               116 IPv6  90  3648  N   Y  BACKUP  FE80::D1:1(local) FE80::11:1

  Vl21                21 IPv4 100  3609  N   Y  BACKUP  10.21.0.2 10.21.0.254

  Vl21               216 IPv6 100  3609  N   Y  BACKUP  FE80::D2:2 FE80::21:1

  1. Examine the priority information in detail in the output of the show vrrp command.

D1# show vrrp

 

Vlan11 – Group 11 – Address-Family IPv4

  State is BACKUP

  State duration 1 mins 27.821 secs

  Virtual IP address is 10.11.0.254

  Virtual MAC address is 0000.5E00.010B

  Advertisement interval is 1000 msec

  Preemption enabled

  Priority is 90 (Configured 150)

    Track object 8 state DOWN decrement 60

  Master Router is 10.11.0.2, priority is 100

  Master Advertisement interval is 1000 msec (learned)

  Master Down interval is 3648 msec (expires in 3636 msec)

  FLAGS: 0/1

<output omitted>

Close configuration window

End of document

Device Configs – Final

Switch D1

D1# show run

Building configuration…

 

Current configuration : 9962 bytes

!

version 16.9

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

! Call-home is enabled by Smart-Licensing.

service call-home

no platform punt-keepalive disable-kernel-core

!

hostname D1

!

vrf definition Mgmt-vrf

 !

 address-family ipv4

 exit-address-family

 !

 address-family ipv6

 exit-address-family

!

no aaa new-model

switch 1 provision ws-c3650-24ps

fhrp version vrrp v3

!

ip routing

!

no ip domain lookup

!

login on-success log

ipv6 unicast-routing

!

license boot level ipservicesk9

!

diagnostic bootup level minimal

!

spanning-tree mode rapid-pvst

spanning-tree extend system-id

!

redundancy

 mode sso

!

transceiver type all

 monitoring

!

track 8 interface Loopback0 line-protocol

!

class-map match-any system-cpp-police-topology-control

  description Topology control

class-map match-any system-cpp-police-sw-forward

  description Sw forwarding, L2 LVX data, LOGGING

class-map match-any system-cpp-default

  description Inter FED, EWLC control, EWLC data

class-map match-any system-cpp-police-sys-data

  description Learning cache ovfl, High Rate App, Exception, EGR Exception, NFLSAMPLED DATA, RPF Failed

class-map match-any system-cpp-police-punt-webauth

  description Punt Webauth

class-map match-any system-cpp-police-l2lvx-control

  description L2 LVX control packets

class-map match-any system-cpp-police-forus

  description Forus Address resolution and Forus traffic

class-map match-any system-cpp-police-multicast-end-station

  description MCAST END STATION

class-map match-any system-cpp-police-multicast

  description Transit Traffic and MCAST Data

class-map match-any system-cpp-police-l2-control

  description L2 control

class-map match-any system-cpp-police-dot1x-auth

  description DOT1X Auth

class-map match-any system-cpp-police-data

  description ICMP redirect, ICMP_GEN and BROADCAST

class-map match-any system-cpp-police-stackwisevirt-control

  description Stackwise Virtual

class-map match-any non-client-nrt-class

class-map match-any system-cpp-police-routing-control

  description Routing control and Low Latency

class-map match-any system-cpp-police-protocol-snooping

  description Protocol snooping

class-map match-any system-cpp-police-dhcp-snooping

  description DHCP snooping

class-map match-any system-cpp-police-system-critical

  description System Critical and Gold Pkt

!

policy-map system-cpp-policy

!

interface Loopback0

 ip address 192.168.1.1 255.255.255.0

 ipv6 address FE80::D1:3 link-local

 ipv6 address 2001:DB8:ACAD:1000::1/64

!

interface Port-channel1

 switchport mode trunk

!

interface Port-channel12

 switchport mode trunk

!

interface GigabitEthernet0/0

 vrf forwarding Mgmt-vrf

 no ip address

 shutdown

 negotiation auto

!

interface GigabitEthernet1/0/1

 switchport mode trunk

 channel-group 12 mode active

!

interface GigabitEthernet1/0/2

 switchport mode trunk

 channel-group 12 mode active

!

interface GigabitEthernet1/0/3

 switchport mode trunk

 channel-group 12 mode active

!

interface GigabitEthernet1/0/4

 switchport mode trunk

 channel-group 12 mode active

!

interface GigabitEthernet1/0/5

 switchport mode trunk

 channel-group 1 mode active

!

interface GigabitEthernet1/0/6

 switchport mode trunk

 channel-group 1 mode active

!

interface GigabitEthernet1/0/7

 shutdown

!

interface GigabitEthernet1/0/8

 shutdown

!

interface GigabitEthernet1/0/9

 shutdown

!

interface GigabitEthernet1/0/10

 shutdown

!

interface GigabitEthernet1/0/11

 shutdown

!

interface GigabitEthernet1/0/12

 shutdown

!

interface GigabitEthernet1/0/13

 shutdown

!

interface GigabitEthernet1/0/14

 shutdown

!

interface GigabitEthernet1/0/15

 shutdown

!

interface GigabitEthernet1/0/16

 shutdown

!

interface GigabitEthernet1/0/17

 shutdown

!

interface GigabitEthernet1/0/18

 shutdown

!

interface GigabitEthernet1/0/19

 shutdown

!

interface GigabitEthernet1/0/20

 shutdown

!

interface GigabitEthernet1/0/21

 shutdown

!

interface GigabitEthernet1/0/22

 shutdown

!

interface GigabitEthernet1/0/23

 shutdown

!

interface GigabitEthernet1/0/24

 shutdown

!

interface GigabitEthernet1/1/1

 shutdown

!

interface GigabitEthernet1/1/2

 shutdown

!

interface GigabitEthernet1/1/3

 shutdown

!

interface GigabitEthernet1/1/4

 shutdown

!

interface Vlan1

 no ip address

!

interface Vlan11

 ip address 10.11.0.1 255.255.255.0

 ipv6 address FE80::D1:1 link-local

 ipv6 address 2001:DB8:ACAD:11::1/64

 vrrp 11 address-family ipv4

  priority 150

  track 8 decrement 60

  address 10.11.0.254 primary

  exit-vrrp

 vrrp 116 address-family ipv6

  priority 150

  track 8 decrement 60

  address FE80::11:1 primary

  exit-vrrp

!

interface Vlan21

 ip address 10.21.0.1 255.255.255.0

 ipv6 address FE80::D1:2 link-local

 ipv6 address 2001:DB8:ACAD:21::1/64

 vrrp 21 address-family ipv4

  address 10.21.0.254 primary

  exit-vrrp

 vrrp 216 address-family ipv6

  address FE80::21:1 primary

  exit-vrrp

!

ip forward-protocol nd

ip http server

ip http secure-server

!

control-plane

 service-policy input system-cpp-policy

!

banner motd ^C D1, Implement VRRP ^C

!

line con 0

 exec-timeout 0 0

 logging synchronous

 stopbits 1

line aux 0

 stopbits 1

line vty 0 4

 exec-timeout 0 0

 privilege level 15

 password cisco123

 logging synchronous

 login

line vty 5 15

 login

!

end

Switch D2

D2# show run

Building configuration…

 

Current configuration : 10001 bytes

!

version 16.9

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

! Call-home is enabled by Smart-Licensing.

service call-home

no platform punt-keepalive disable-kernel-core

!

hostname D2

!

vrf definition Mgmt-vrf

 !

 address-family ipv4

 exit-address-family

 !

 address-family ipv6

 exit-address-family

!

no aaa new-model

switch 1 provision ws-c3650-24ps

fhrp version vrrp v3

!

ip routing

!

no ip domain lookup

!

login on-success log

ipv6 unicast-routing

!

license boot level ipservicesk9

!

diagnostic bootup level minimal

!

spanning-tree mode rapid-pvst

spanning-tree extend system-id

!

redundancy

 mode sso

!

transceiver type all

 monitoring

!

track 8 interface Loopback0 line-protocol

!

class-map match-any system-cpp-police-topology-control

  description Topology control

class-map match-any system-cpp-police-sw-forward

  description Sw forwarding, L2 LVX data, LOGGING

class-map match-any system-cpp-default

  description Inter FED, EWLC control, EWLC data

class-map match-any system-cpp-police-sys-data

  description Learning cache ovfl, High Rate App, Exception, EGR Exception, NFLSAMPLED DATA, RPF Failed

class-map match-any system-cpp-police-punt-webauth

  description Punt Webauth

class-map match-any system-cpp-police-l2lvx-control

  description L2 LVX control packets

class-map match-any system-cpp-police-forus

  description Forus Address resolution and Forus traffic

class-map match-any system-cpp-police-multicast-end-station

  description MCAST END STATION

class-map match-any system-cpp-police-multicast

  description Transit Traffic and MCAST Data

class-map match-any system-cpp-police-l2-control

  description L2 control

class-map match-any system-cpp-police-dot1x-auth

  description DOT1X Auth

class-map match-any system-cpp-police-data

  description ICMP redirect, ICMP_GEN and BROADCAST

class-map match-any system-cpp-police-stackwisevirt-control

  description Stackwise Virtual

class-map match-any non-client-nrt-class

class-map match-any system-cpp-police-routing-control

  description Routing control and Low Latency

class-map match-any system-cpp-police-protocol-snooping

  description Protocol snooping

class-map match-any system-cpp-police-dhcp-snooping

  description DHCP snooping

class-map match-any system-cpp-police-system-critical

  description System Critical and Gold Pkt

!

policy-map system-cpp-policy

!

interface Loopback0

 ip address 192.168.1.1 255.255.255.0

 ipv6 address FE80::D2:3 link-local

 ipv6 address 2001:DB8:ACAD:1000::1/64

!

interface Port-channel2

 switchport mode trunk

!

interface Port-channel12

 switchport mode trunk

!

interface GigabitEthernet0/0

 vrf forwarding Mgmt-vrf

 no ip address

 shutdown

 negotiation auto

!

interface GigabitEthernet1/0/1

 switchport mode trunk

 channel-group 12 mode active

!

interface GigabitEthernet1/0/2

 switchport mode trunk

 channel-group 12 mode active

!

interface GigabitEthernet1/0/3

 switchport mode trunk

 channel-group 12 mode active

!

interface GigabitEthernet1/0/4

 switchport mode trunk

 channel-group 12 mode active

!

interface GigabitEthernet1/0/5

 switchport mode trunk

 channel-group 2 mode active

!

interface GigabitEthernet1/0/6

 switchport mode trunk

 channel-group 2 mode active

!

interface GigabitEthernet1/0/7

 shutdown

!

interface GigabitEthernet1/0/8

 shutdown

!

interface GigabitEthernet1/0/9

 shutdown

!

interface GigabitEthernet1/0/10

 shutdown

!

interface GigabitEthernet1/0/11

 shutdown

!

interface GigabitEthernet1/0/12

 shutdown

!

interface GigabitEthernet1/0/13

 shutdown

!

interface GigabitEthernet1/0/14

 shutdown

!

interface GigabitEthernet1/0/15

 shutdown

!

interface GigabitEthernet1/0/16

 shutdown

!

interface GigabitEthernet1/0/17

 shutdown

!

interface GigabitEthernet1/0/18

 shutdown

!

interface GigabitEthernet1/0/19

 shutdown

!

interface GigabitEthernet1/0/20

 shutdown

!

interface GigabitEthernet1/0/21

 shutdown

!

interface GigabitEthernet1/0/22

 shutdown

!

interface GigabitEthernet1/0/23

 shutdown

!

interface GigabitEthernet1/0/24

 shutdown

!

interface GigabitEthernet1/1/1

 shutdown

!

interface GigabitEthernet1/1/2

 shutdown

!

interface GigabitEthernet1/1/3

 shutdown

!

interface GigabitEthernet1/1/4

 shutdown

!

interface Vlan1

 no ip address

 shutdown

!

interface Vlan11

 ip address 10.11.0.2 255.255.255.0

 ipv6 address FE80::D2:1 link-local

 ipv6 address 2001:DB8:ACAD:11::2/64

 vrrp 11 address-family ipv4

  address 10.11.0.254 primary

  exit-vrrp

 vrrp 116 address-family ipv6

  address FE80::11:1 primary

  exit-vrrp

!

interface Vlan21

 ip address 10.21.0.2 255.255.255.0

 ipv6 address FE80::D2:2 link-local

 ipv6 address 2001:DB8:ACAD:21::2/64

 vrrp 21 address-family ipv4

  priority 150

  track 8 decrement 60

  address 10.21.0.254 primary

  exit-vrrp

 vrrp 216 address-family ipv6

  priority 150

  track 8 decrement 60

  address FE80::21:1 primary

  exit-vrrp

!

ip forward-protocol nd

ip http server

ip http authentication local

ip http secure-server

!

control-plane

 service-policy input system-cpp-policy

!

banner motd ^C D2, Implement VRRP ^C

!

line con 0

 exec-timeout 0 0

 logging synchronous

 stopbits 1

line aux 0

 stopbits 1

line vty 0 4

 exec-timeout 0 0

 privilege level 15

 password cisco123

 logging synchronous

 login

line vty 5 15

 login

!

end

Switch A1

A1# show run

Building configuration…

 

Current configuration : 2329 bytes

!

version 15.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname A1

!

boot-start-marker

boot-end-marker

!

no aaa new-model

system mtu routing 1500

!

spanning-tree mode rapid-pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

interface Port-channel1

 switchport mode trunk

!

interface Port-channel2

 switchport mode trunk

!

interface FastEthernet0/1

 switchport mode trunk

 channel-group 1 mode active

!

interface FastEthernet0/2

 switchport mode trunk

 channel-group 1 mode active

!

interface FastEthernet0/3

 switchport mode trunk

 channel-group 2 mode active

!

interface FastEthernet0/4

 switchport mode trunk

 channel-group 2 mode active

!

interface FastEthernet0/5

 shutdown

!

interface FastEthernet0/6

 shutdown

!

interface FastEthernet0/7

 shutdown

!

interface FastEthernet0/8

 shutdown

!

interface FastEthernet0/9

 shutdown

!

interface FastEthernet0/10

 shutdown

!

interface FastEthernet0/11

 shutdown

!

interface FastEthernet0/12

 shutdown

!

interface FastEthernet0/13

 shutdown

!

interface FastEthernet0/14

 shutdown

!

interface FastEthernet0/15

 shutdown

!

interface FastEthernet0/16

 shutdown

!

interface FastEthernet0/17

 shutdown

!

interface FastEthernet0/18

 shutdown

!

interface FastEthernet0/19

 shutdown

!

interface FastEthernet0/20

 shutdown

!

interface FastEthernet0/21

 shutdown

!

interface FastEthernet0/22

 shutdown

!

interface FastEthernet0/23

 switchport access vlan 11

 switchport mode access

 spanning-tree portfast edge

!

interface FastEthernet0/24

 switchport access vlan 21

 switchport mode access

 spanning-tree portfast edge

!

interface GigabitEthernet0/1

 shutdown

!

interface GigabitEthernet0/2

 shutdown

!

interface Vlan1

 no ip address

 shutdown

!

interface Vlan11

 ip address 10.11.0.3 255.255.255.0

 ipv6 address FE80::A1:1 link-local

 ipv6 address 2001:DB8:ACAD:11::3/64

!

ip default-gateway 10.11.0.254

ip http server

ip http secure-server

!

banner motd ^C A1, Implement VRRP ^C

!

line con 0

 exec-timeout 0 0

 logging synchronous

line vty 0 4

 exec-timeout 0 0

 privilege level 15

 password cisco123

 logging synchronous

 login

line vty 5 15

 login

!

end

 

Leave a comment