HP VPN Firewall Appliances High Availability Configuration Guide
91
# Create VRRP group 1 and configure the virtual IP address 10.1.1.10 for the group.
[FirewallB-GigabitEthernet0/1] vrrp vrid 1 virtual-ip 10.1.1.10
Verifying the configuration
After configuration, ping Host B on Host A, and you can see that Host B is reachable. Use the display
vrrp command to view the configuration result.
# Display detailed information about VRRP group 1 on Firewall A.
[FirewallA-GigabitEthernet0/1] display vrrp verbose
IPv4 Standby Information:
Run Mode : Standard
Run Method : Virtual MAC
Total number of virtual routers : 1
Interface GigabitEthernet0/1
VRID : 1 Adver Timer : 1
Admin Status : Up State : Master
Config Pri : 110 Running Pri : 110
Preempt Mode : Yes Delay Time : 0
Auth Type : None
Virtual IP : 10.1.1.10
Virtual MAC : 0000-5e00-0101
Master IP : 10.1.1.1
VRRP Track Information:
Track Object : 1 State : Positive Pri Reduced : 30
# Display detailed information about VRRP group 1 on Firewall B.
[FirewallB-GigabitEthernet0/1] display vrrp verbose
IPv4 Standby Information:
Run Mode : Standard
Run Method : Virtual MAC
Total number of virtual routers : 1
Interface GigabitEthernet0/1
VRID : 1 Adver Timer : 1
Admin Status : Up State : Backup
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 0
Become Master : 2200ms left
Auth Type : None
Virtual IP : 10.1.1.10
Master IP : 10.1.1.1
The output shows that in VRRP group 1, Firewall A is the master and Firewall B is a backup. Packets from
Host A to Host B are forwarded through Firewall A.
# Shut down the uplink interface GigabitEthernet 0/2 on Firewall A.
[FirewallA-GigabitEthernet0/1] interface gigabitethernet0/2
[FirewallA-GigabitEthernet0/2] shutdown
After shutting down the uplink interface on Firewall A, you can still successfully ping Host B on Host A.
Use the display vrrp command to view information about VRRP group 1.
# After shutting down the uplink interface on Firewall A, display detailed information about VRRP group
1 on Firewall A.