R3721-F3210-F3171-HP High-End Firewalls High Availability Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

NOTE:

• The running priority of an IP address owner is always 255 and you do not need to confi

ure it. An IP

address owner always operates in preemptive mode.

• If you configure an interface to be tracked or a track entry to be monitored on a router that is the IP

address owner in a VRRP group, the configuration does not take effect. If the router is not the IP address

owner in the VRRP group later, the configuration takes effect.

• The tracked interface can be a Layer 3 Ethernet interface or a Layer 3 aggregate interface.

• If the state of a tracked interface changes from down or removed to up, the priority of the router where

the interface resides is automatically restored.

• If the state of a track entry changes from negative or invalid to positive, the priority of the router where

the track entry is configured is automatically restored.

Configuring VRRP packet attributes

Before you configure the relevant attributes of VRRP packets, create a VRRP group and configure a virtual

IP address for it.

To configure VRRP packet attributes:

Ste

Command

Remarks

1. Enter system view. system-view N/A

2. Enter the specified interface

view.

interface interface-type

interface-number

N/A

3. Configure the authentication

mode and authentication key

when the VRRP groups send

and receive VRRP packets.

vrrp vrid virtual-router-id

authentication-mode { md5 |

simple } key

Optional.

Authentication is not performed by

default.

4. Configure the time interval for

the master in the VRRP group

to send VRRP advertisements.

vrrp vrid virtual-router-id

timer advertise

adver-interval

Optional.

1 second by default.

5. Disable TTL check on VRRP

packets.

vrrp un-check ttl

Optional.

Enabled by default.

You do not need to create a VRRP group

before executing this command.

NOTE:

• You might configure different authentication modes and authentication keys for the VRRP

roups on an

interface. However, the members of the same VRRP

roup must use the same authentication mode and

authentication key.

• Excessive traffic might cause a backup to trigger a change of its status because the backup does not

receive any VRRP advertisements for a specified period of time. To solve this problem, prolon

the time

interval to send VRRP advertisements.

• Configuring different intervals for sendin

VRRP advertisements on the routers in a VRRP

roup mi

cause a backup to trigger a change of its status because the backup does not receive any VRRP

advertisements for a specified period of time. To solve this problem, configure the same interval for

sending VRRP advertisements on each router in the VRRP group.