In this post, I would like to show you how to configure VRRP on your Cisco router or switch.

VRRP stands for Virtual Router Redundancy Protocol. VRRP can be used with IPv4 and also with IPv6. For more details regarding VRRP, check the RFC5798. You can use it in a mixed environment. Multiple network vendors implement it.

If you want to configure HSRP, check the previous blog post.

You may ask yourself why you need VRRP. As you know, in order for any device to reach the Internet and exit from the local area network, it needs to have a default gateway configured. Usually the default gateway is a router. If the router is down, you will not be able to send traffic outside of your LAN.

In order to increase the resilience within your network, you can add a second default gateway. However, as you may know, you cannot configure 2 default gateways on your OS (operating system). In order to mitigate this issue and have a redundant default gateway, you need to configure some sort of FHRP (First Hop Redunancy Protocol).

Cisco devices support 3 such protocols:

1. HSRP – Hot Standby Router Protocol
2. VRRP – Virtual Router Redundancy Protocol
3. GLBP – Gateway Load Balancing Protocol

FHRP is the generic term used for these protocols.

Here is the network topology that I use in my lab.

Configure VRRP on router R1

I will start to configure VRRP on router R1.

You need to identify the interface on which you will configure VRRP. You need to add the following configuration in the interface configuration mode.

R1#conf term
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#int gi0/0 
R1(config-if)#vrrp ?
  <1-255>  Group number

R1(config-if)#vrrp 1 ?
  authentication  Authentication
  description     Group specific description
  ip              Enable Virtual Router Redundancy Protocol (VRRP) for IP
  preempt         Enable preemption of lower priority Master
  priority        Priority of this VRRP group
  shutdown        Disable VRRP Configuration
  timers          Set the VRRP timers
  track           Event Tracking

R1(config-if)#vrrp 1 ip 172.16.10.254
R1(config-if)#

The command vrrp 1 ip 172.16.10.254 enables VRRP IPv4 and sets the virtual IP address which will serve as the default gateway for our hosts.

The preemption is enabled by default for VRRP. According to it, the router with the highest priority will immediately become the Master router.

With the command vrrp priority you specify the priority for this interface. The default priority is 100.

Configure VRRP on router R2

Now you need to configure VRRP on your second device. In my case, I need to add the configuration on router R2. VRRP can be configured on routers as well as on multilayer switches.

Add the following commands on your second device. The router will act as the backup gateway.

R2#conf term
Enter configuration commands, one per line.  End with CNTL/Z.
R2(config)#int gi0/0
R2(config-if)#vrrp 1 ip 172.16.10.254
R2(config-if)#end
R2#

Verify that VRRP is running as it should

After you finish the configuration, you need to check that the VRRP is running on your devices.

You can use the following commands for verification.

R1:

R1#show vrrp
GigabitEthernet0/0 - Group 1  
  State is Backup  
  Virtual IP address is 172.16.10.254
  Virtual MAC address is 0000.5e00.0101
  Advertisement interval is 1.000 sec
  Preemption enabled
  Priority is 100 
  Master Router is 172.16.10.2, priority is 100 
  Master Advertisement interval is 1.000 sec
  Master Down interval is 3.609 sec (expires in 3.503 sec)

R1#      

R1#show vrrp brief
Interface          Grp Pri Time  Own Pre State   Master addr     Group addr
Gi0/0              1   100 3609       Y  Backup  172.16.10.2     172.16.10.254  
R1#

R2:

R2#show vrrp
GigabitEthernet0/0 - Group 1  
  State is Master  
  Virtual IP address is 172.16.10.254
  Virtual MAC address is 0000.5e00.0101
  Advertisement interval is 1.000 sec
  Preemption enabled
  Priority is 100 
  Master Router is 172.16.10.2 (local), priority is 100 
  Master Advertisement interval is 1.000 sec
  Master Down interval is 3.609 sec

R2#show vrrp brief
Interface          Grp Pri Time  Own Pre State   Master addr     Group addr
Gi0/0              1   100 3609       Y  Master  172.16.10.2     172.16.10.254  
R2#

The VRRP is active on interface Gi0/0. The virtual IP address is 172.16.10.254. The Master router is R2 which has the IP address 172.16.10.2.

The Backup router is R1 with the IP address 172.16.10.1. R2 was selected as the Master router because it has the highest IP address configured on the interface.

Configure R1 as Master VRRP Router

If you want to influence which router is selected as the Master router you can change its priority. The default priority for VRRP is 100.

To change the VRRP priority run the below command:

R1:

R1#conf term
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#int gi0/0
R1(config-if)#vrrp 1 ?
  authentication  Authentication
  description     Group specific description
  ip              Enable Virtual Router Redundancy Protocol (VRRP) for IP
  preempt         Enable preemption of lower priority Master
  priority        Priority of this VRRP group
  shutdown        Disable VRRP Configuration
  timers          Set the VRRP timers
  track           Event Tracking

R1(config-if)#vrrp 1 pr
R1(config-if)#vrrp 1 pri
R1(config-if)#vrrp 1 priority 110
R1(config-if)#

Confirm that R1 is the new Master router

To confirm that R1 is the new Master router, run the command:

R1#show vrrp 
GigabitEthernet0/0 - Group 1  
  State is Master  
  Virtual IP address is 172.16.10.254
  Virtual MAC address is 0000.5e00.0101
  Advertisement interval is 1.000 sec
  Preemption enabled
  Priority is 110 
  Master Router is 172.16.10.1 (local), priority is 110 
  Master Advertisement interval is 1.000 sec
  Master Down interval is 3.570 sec

R1#

Check the connectivity from the end host

After you confirmed that the VRRP is running on both devices, let’s check the connectivity to the Internet from a PC. In my case, I will test the connectivity from a router which is configured as an end host device (PC).

PC#show ip int brief gi0/0
Interface                  IP-Address      OK? Method Status                Protocol
GigabitEthernet0/0         172.16.10.100   YES TFTP   up                    up      
PC#
PC#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 11/15/19 ms
PC#

To check the connectivity to the Internet, run the command ping 8.8.8.8.

As you can see, I am able to ping the Google DNS server. The IP address 8.8.8.8 simulates a host from the Internet.

Let’s check the path whereby the packets are flowing to the address 8.8.8.8.

Run the command traceroute 8.8.8.8.

PC#traceroute 8.8.8.8
Type escape sequence to abort.
Tracing the route to 8.8.8.8
VRF info: (vrf in name/id, vrf out name/id)
  1 172.16.10.1 16 msec 8 msec 7 msec
  2 10.10.10.2 15 msec 20 msec * 
PC#

Simulate an interface failure on router R1

Let’s simulate a failure in our environment. I will shut down the interface Gi0/0 on router R1.

R1:

R1#conf term
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#int gi0/0
R1(config-if)#shut
R1(config-if)#end
R1#show vrrp brief
Interface          Grp Pri Time  Own Pre State   Master addr     Group addr
Gi0/0              1   110 3570       Y  Init    0.0.0.0         172.16.10.254  
R1#

R2:

R2#show vrrp brief
Interface          Grp Pri Time  Own Pre State   Master addr     Group addr
Gi0/0              1   100 3609       Y  Master  172.16.10.2     172.16.10.254  
R2#show vrrp      
GigabitEthernet0/0 - Group 1  
  State is Master  
  Virtual IP address is 172.16.10.254
  Virtual MAC address is 0000.5e00.0101
  Advertisement interval is 1.000 sec
  Preemption enabled
  Priority is 100 
  Master Router is 172.16.10.2 (local), priority is 100 
  Master Advertisement interval is 1.000 sec
  Master Down interval is 3.609 sec

R2#

As you can see from the above output, the router R2 is acting as the Master router. It is serving the IP address 172.16.10.254 instead of the router R1.

Let’s check the connectivity from the PC.

PC#ping 8.8.8.8      
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 14/16/18 ms
PC#traceroute 8.8.8.8
Type escape sequence to abort.
Tracing the route to 8.8.8.8
VRF info: (vrf in name/id, vrf out name/id)
  1 172.16.10.2 15 msec 12 msec 7 msec
  2 10.10.20.2 23 msec 20 msec 11 msec
  3 8.8.8.8 17 msec 20 msec * 
PC#

The PC is able to reach the Internet. The traffic is flowing through the router R2 at the moment. If we hadn’t configured VRRP in our environment, the PC would have lost the access to the Internet.

Check if the router R1 is taking back the active role after the interface issue is resolved

Now, let’s check if the router R1 is taking back the active role after the interface issue is resolved. Because the preemtion is configured by default, it should take back its active role.

R1#conf term
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#int gi0/0
R1(config-if)#no shut
R1(config-if)#end
R1#show vrrp brief
Interface          Grp Pri Time  Own Pre State   Master addr     Group addr
Gi0/0              1   110 3570       Y  Master  172.16.10.1     172.16.10.254  
R1#

Let’s confirm that the PC is using the path through the router R1.

We have the confirmation that the PC is reaching the Internet through the router R1.

That’s it! You have learned how to configure VRRP on a Cisco router. If you found this blog post helpful, please like and subscribe for more Cisco networking tutorials. Thank you for reading it!