R3166-R3206-HP High-End Firewalls High Availability Configuration Guide-6PW101
27
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 5
Auth Type : None
Virtual IP : 202.38.160.111
Virtual MAC : 0000-5e00-0101
Master IP : 202.38.160.2
The output shows that if Firewall A fails, Firewall B becomes the master, and packets sent from host A to
host B are forwarded by Firewall B.
# After Firewall A resumes normal operation, use the display vrrp verbose command to display the
detailed information of VRRP group 1 on Firewall A.
[FirewallA-GigabitEthernet0/1] display vrrp verbose
IPv4 Standby Information:
Run Mode : Standard
Run Method : Virtual MAC
Total number of virtual routers : 1
Interface GigabitEthernet0/1
VRID : 1 Adver Timer : 1
Admin Status : Up State : Master
Config Pri : 110 Running Pri : 110
Preempt Mode : Yes Delay Time : 5
Auth Type : None
Virtual IP : 202.38.160.111
Virtual MAC : 0000-5e00-0101
Master IP : 202.38.160.1
The output shows that after Firewall A resumes normal operation, it becomes the master, and packets sent
from Host A to Host B are forwarded by Firewall A.
VRRP interface tracking configuration example
1. Network requirements
• Host A wants to access Host B on the Internet, using 202.38.160.111/24 as its default gateway.
• Firewall A and Firewall B belong to VRRP group 1 with the virtual IP address of 202.38.160.111/24.
• When Firewall A operates normally, packets sent from Host A to Host B are forwarded by Firewall
A; when interface GigabitEthernet 0/1 through which Firewall A connects to the internet is not
available, packets sent from Host A to Host B are forwarded by Firewall B.
• To prevent attacks to the VRRP group from illegal users by using spoofed packets, configure the
authentication mode as plain text to authenticate the VRRP packets in VRRP group 1, and specify the
authentication key as hello.