Fortinet black logo

Administration Guide

Home FortiSwitch 6.4.2 Administration Guide

VRRP

6.4.2
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.9
7.0.8
7.0.6
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.11
6.4.6
6.4.5
6.4.3
6.4.2
6.4.0
6.2.5
6.2.2
6.2.1
6.2.0
Copy Link
Copy Doc ID 1f363a36-ba24-11ea-8b7d-00505692583a:508059
Download PDF

VRRP

NOTE: You must have an advanced features license to use VRRP.

The Virtual Router Redundancy Protocol (VRRP) uses virtual routers to control which physical routers are assigned to an access network. A VRRP group consists of a master router and one or more backup routers that share a virtual IP address. If the master router fails, the VRRP automatically assigns one of the backup routers without affecting network traffic. When the failed router is functioning again, it becomes the master router again. VRRP provides this redundancy without user intervention or additional configuration to any of the devices on the network.

To create a VRRP group, you need to create a VRRP virtual MAC address, which is a shared MAC address adopted by the VRRP master. The VRRP virtual MAC address feature is disabled by default. You must enable the VRRP virtual MAC address feature on all members of a VRRP group.

The VRRP master router sends VRRP advertisement messages to the backup routers. When the VRRP master router fails to send advertisement messages, the backup router with the highest priority takes over as the master router.

This chapter covers the following topics:

Configuring VRRP

Using the GUI:
  1. Go to System > Network > Interface > Physical.
  2. Select Edit for the appropriate interface.
  3. Select Add VRRP to add a virtual router.
    • Enter the unique virtual router identifier.
    • Enter the VRRP group number.
    • Enter the priority. If the highest priority value of 255 is entered, the virtual router becomes the master router.
    • Select Preempt if you want the router to preempt the master virtual router if the priority changes.
    • Enter the source virtual IP address that will be shared across the VRRP group.
    • Enter one or two IP addresses that the master router must track. The maximum number of IP addresses is two. If these IP addresses cannot be reached by the master router, the priority of the master router changes to 0.
    • Select Add VRRP to add each additional virtual router.
  4. After filling in the fields for the virtual routers, select Update.
Using the CLI:

config system interface

edit <VLAN name>

set ip <IP address> <netmask>

set allowaccess <access_types>

set vrrp-virtual-mac enable

config vrrp

edit <VRRP router identifier>

set adv-interval <seconds>

set preempt {enable | disable}

set priority <priority_number>

set start-time <seconds>

set status {enable | disable}

set version {2 | 3}

set vrdst <IPv4_address>

set vrgrp <VRRP_group_number>

set vrip <IPv4_address>

next

end

set snmp-index <index number>

set vlanid <VLAN identifier>

set interface "internal"

next

end

NOTE: You can also configure VRRP using IPv6 with the config ipv6 and config vrrrp6 commands under the config system interface command.

Example of configuring VRRP using IPv4:

config system interface

edit "vlan-8"

set ip 10.10.10.1 255.255.255.0

set allowaccess ping https http ssh

set vrrp-virtual-mac enable

config vrrp

edit 5

set priority 255

set vrgrp 50

set vrip 11.1.1.100

next

edit 6

set priority 200

set vrgrp 50

set vrip 11.1.1.100

next

edit 7

set priority 150

set vrgrp 50

set vrip 11.1.1.100

next

end

set snmp-index 20

set vlanid 8

set interface "internal"

next

end

Checking the VRRP configuration

Use the get router info vrrp command to display the VRRP status:

get router info vrrp

Previous
Next

VRRP

NOTE: You must have an advanced features license to use VRRP.

The Virtual Router Redundancy Protocol (VRRP) uses virtual routers to control which physical routers are assigned to an access network. A VRRP group consists of a master router and one or more backup routers that share a virtual IP address. If the master router fails, the VRRP automatically assigns one of the backup routers without affecting network traffic. When the failed router is functioning again, it becomes the master router again. VRRP provides this redundancy without user intervention or additional configuration to any of the devices on the network.

To create a VRRP group, you need to create a VRRP virtual MAC address, which is a shared MAC address adopted by the VRRP master. The VRRP virtual MAC address feature is disabled by default. You must enable the VRRP virtual MAC address feature on all members of a VRRP group.

The VRRP master router sends VRRP advertisement messages to the backup routers. When the VRRP master router fails to send advertisement messages, the backup router with the highest priority takes over as the master router.

This chapter covers the following topics:

Configuring VRRP

Using the GUI:
  1. Go to System > Network > Interface > Physical.
  2. Select Edit for the appropriate interface.
  3. Select Add VRRP to add a virtual router.
    • Enter the unique virtual router identifier.
    • Enter the VRRP group number.
    • Enter the priority. If the highest priority value of 255 is entered, the virtual router becomes the master router.
    • Select Preempt if you want the router to preempt the master virtual router if the priority changes.
    • Enter the source virtual IP address that will be shared across the VRRP group.
    • Enter one or two IP addresses that the master router must track. The maximum number of IP addresses is two. If these IP addresses cannot be reached by the master router, the priority of the master router changes to 0.
    • Select Add VRRP to add each additional virtual router.
  4. After filling in the fields for the virtual routers, select Update.
Using the CLI:

config system interface

edit <VLAN name>

set ip <IP address> <netmask>

set allowaccess <access_types>

set vrrp-virtual-mac enable

config vrrp

edit <VRRP router identifier>

set adv-interval <seconds>

set preempt {enable | disable}

set priority <priority_number>

set start-time <seconds>

set status {enable | disable}

set version {2 | 3}

set vrdst <IPv4_address>

set vrgrp <VRRP_group_number>

set vrip <IPv4_address>

next

end

set snmp-index <index number>

set vlanid <VLAN identifier>

set interface "internal"

next

end

NOTE: You can also configure VRRP using IPv6 with the config ipv6 and config vrrrp6 commands under the config system interface command.

Example of configuring VRRP using IPv4:

config system interface

edit "vlan-8"

set ip 10.10.10.1 255.255.255.0

set allowaccess ping https http ssh

set vrrp-virtual-mac enable

config vrrp

edit 5

set priority 255

set vrgrp 50

set vrip 11.1.1.100

next

edit 6

set priority 200

set vrgrp 50

set vrip 11.1.1.100

next

edit 7

set priority 150

set vrgrp 50

set vrip 11.1.1.100

next

end

set snmp-index 20

set vlanid 8

set interface "internal"

next

end

Checking the VRRP configuration

Use the get router info vrrp command to display the VRRP status:

get router info vrrp

Previous
Next