Owner manual
Table Of Contents
- Contents
- Figures
- Tables
- Preface
- Section I
- Basic Operations
- Chapter 1
- Overview
- Chapter 2
- Enhanced Stacking
- Chapter 3
- SNMPv1 and SNMPv2c
- Chapter 4
- MAC Address Table
- Chapter 5
- Static Port Trunks
- Chapter 6
- LACP Port Trunks
- Chapter 7
- Port Mirror
- Section II
- Advanced Operations
- Chapter 8
- File System
- Chapter 9
- Event Logs and the Syslog Client
- Chapter 10
- Classifiers
- Chapter 11
- Access Control Lists
- Chapter 12
- Class of Service
- Chapter 13
- Quality of Service
- Chapter 14
- Denial of Service Defenses
- Chapter 15
- Power Over Ethernet
- Section III
- Snooping Protocols
- Chapter 16
- IGMP Snooping
- Chapter 17
- MLD Snooping
- Chapter 18
- RRP Snooping
- Chapter 19
- Ethernet Protection Switching Ring Snooping
- Section IV
- SNMPv3
- Chapter 20
- SNMPv3
- Section V
- Spanning Tree Protocols
- Chapter 21
- Spanning Tree and Rapid Spanning Tree Protocols
- Chapter 22
- Multiple Spanning Tree Protocol
- Section VI
- Virtual LANs
- Chapter 23
- Port-based and Tagged VLANs
- Chapter 24
- GARP VLAN Registration Protocol
- Chapter 25
- Multiple VLAN Modes
- Chapter 26
- Protected Ports VLANs
- Chapter 27
- MAC Address-based VLANs
- Section VII
- Routing
- Chapter 28
- Internet Protocol Version 4 Packet Routing
- Supported Platforms
- Overview
- Routing Interfaces
- Interface Names
- Static Routes
- Routing Information Protocol (RIP)
- Default Routes
- Equal-cost Multi-path (ECMP) Routing
- Routing Table
- Address Resolution Protocol (ARP) Table
- Internet Control Message Protocol (ICMP)
- Routing Interfaces and Management Features
- Local Interface
- AT-9408LC/SP AT-9424T/GB, and AT-9424T/SP Switches
- Routing Command Example
- Non-routing Command Example
- Upgrading from AT-S63 Version 1.3.0 or Earlier
- Chapter 29
- BOOTP Relay Agent
- Chapter 30
- Virtual Router Redundancy Protocol
- Section VIII
- Port Security
- Chapter 31
- MAC Address-based Port Security
- Chapter 32
- 802.1x Port-based Network Access Control
- Section IX
- Management Security
- Chapter 33
- Web Server
- Chapter 34
- Encryption Keys
- Chapter 35
- PKI Certificates and SSL
- Chapter 36
- Secure Shell (SSH)
- Chapter 37
- TACACS+ and RADIUS Protocols
- Chapter 38
- Management Access Control List
- Appendix A
- AT-S63 Management Software Default Settings
- Address Resolution Protocol Cache
- Boot Configuration File
- BOOTP Relay Agent
- Class of Service
- Denial of Service Defenses
- 802.1x Port-Based Network Access Control
- Enhanced Stacking
- Ethernet Protection Switching Ring (EPSR) Snooping
- Event Logs
- GVRP
- IGMP Snooping
- Internet Protocol Version 4 Packet Routing
- MAC Address-based Port Security
- MAC Address Table
- Management Access Control List
- Manager and Operator Account
- Multicast Listener Discovery Snooping
- Public Key Infrastructure
- Port Settings
- RJ-45 Serial Terminal Port
- Router Redundancy Protocol Snooping
- Server-based Authentication (RADIUS and TACACS+)
- Simple Network Management Protocol
- Simple Network Time Protocol
- Spanning Tree Protocols (STP, RSTP, and MSTP)
- Secure Shell Server
- Secure Sockets Layer
- System Name, Administrator, and Comments Settings
- Telnet Server
- Virtual Router Redundancy Protocol
- VLANs
- Web Server
- Appendix B
- SNMPv3 Configuration Examples
- Appendix C
- Features and Standards
- 10/100/1000Base-T Twisted Pair Ports
- Denial of Service Defenses
- Ethernet Protection Switching Ring Snooping
- Fiber Optic Ports (AT-9408LC/SP Switch)
- File System
- DHCP and BOOTP Clients
- Internet Protocol Multicasting
- Internet Protocol Version 4 Routing
- MAC Address Table
- Management Access and Security
- Management Access Methods
- Management Interfaces
- Management MIBs
- Port Security
- Port Trunking and Mirroring
- Spanning Tree Protocols
- System Monitoring
- Traffic Control
- Virtual LANs
- Virtual Router Redundancy Protocol
- Appendix D
- MIB Objects
- Index
Chapter 30: Virtual Router Redundancy Protocol
350 Section VII: Routing
VRRP on the Switch
VRRP is disabled by default. When a virtual router is created on the
switch, it is enabled by default, but the VRRP module must be enabled
before it is operational. The VRRP module or a specific virtual router can
be enabled or disabled afterwards by using the ENABLE VRRP and
DISABLE VRRP commands.
A virtual router must be created on at least two switches before it operates
correctly. To create a virtual router for an IP address over an Ethernet
interface, so that the switch participates in the virtual router, use the
CREATE VRRP command.
To destroy a virtual router on the LAN, it must be removed from all
participating switches. To remove a virtual router so that the switch no
longer participates in it, use the DESTROY VRRP command.
If the switch in the master role for the virtual router becomes unavailable,
the master role is taken by the switch with the highest priority amongst the
available switches. The priority is a value from 1 to 255, with a default of
100. The highest value of 255 is reserved for the switch that owns the
virtual router’s IP address. The new master takes over all the
responsibilities of the original master. Hosts on the LAN can continue
sending packets to the same virtual MAC address with which they
associate the configured first hop IP address, even though the switch that
owns the IP address is not currently available. When the preferred switch
that owns the IP address becomes available again, it resumes the role of
master.
By default, when a switch becomes available with a higher priority than the
master, it takes over as master. This is referred to as preempt mode and
can be set on or off. Even with preempt mode off, the switch that owns the
IP address always becomes the master when available. If two switches
are configured with the same priority, the one with the highest IP address
has higher priority. Preempt mode must be the same for all switches in the
virtual router. Set the priority and preempt mode when you create the
virtual router; modify it later by using the SET VRRP command.
The frequency with which the master sends advertisement packets must
be set to the same value for all switches in the virtual router. The default
advertisement interval of 1 second is recommended for most networks.
This is set with the ADINTERVAL parameter in the CREATE VRRP and
SET VRRP commands.
Each of the switches in the virtual router can be configured for plaintext
authentication or none. No authentication is suitable when there is minimal
security risk, and the configuration is so simple (for example, two switches
on a LAN) that there is little chance of configuration errors. Plaintext
password authentication protects against accidental misconfiguration and