vrrp virtual-router-id [owner]
no vrrp virtual-router-id
config>service>vprn>if
7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C
This command creates or edits a Virtual Router ID (VRID) on the service IP interface. A VRID is internally represented in conjunction with the IP interface name. This allows the VRID to be used on multiple IP interfaces while representing different virtual router instances.
The VRID can be defined as owner or non-owner.
The no form of this command removes the specified VRID from the IP interface. This terminates VRRP participation for the virtual router and deletes all references to the VRID. The VRID does not need to be shut down to remove the virtual router instance.
Specifies a new virtual router ID or one that can be modified on the IP interface.
Specifies the virtual router instance as an owner.
authentication-key authentication-key | hash-key [hash | hash2]
no authentication-key
config>service>vprn>if>vrrp
7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C
The command assigns a simple text password authentication key to generate master VRRP advertisement messages and validate received VRRP advertisement messages.
The authentication-key command is one of the few commands not affected by the presence of the owner keyword. If simple text password authentication is not required, this command is not required. If the command is re-executed with a different password key defined, the new key will be used immediately.
If a no authentication-key command is executed, the password authentication key reverts to the default value. The authentication-key command may be executed at any time.
To change the current in-use password key on multiple virtual router instances:
identify the current master
shut down the virtual router instance on all backups
execute the authentication-key command on the master to change the password key
execute the authentication-key command and no shutdown command on each backup
The no form of this command reverts the default null string to the value of the key.
Specifies the simple text password used when VRRP Authentication Type 1 is enabled on the virtual router instance. Type 1 uses a string of eight octets that is inserted into all transmitted VRRP advertisement messages and compared against all received VRRP advertisement messages. The authentication data fields are used to transmit the key.
This parameter is expressed as a string consisting of up to eight alphanumeric characters. Spaces must be contained in quotation marks ( ‟ ” ). The quotation marks are not considered part of the string.
The string is case-sensitive and is left-justified in the VRRP advertisement message authentication data fields. The first field contains the first four characters with the first octet (starting with IETF RFC bit position 0) containing the first character. The second field holds the fifth through eighth characters. Any unspecified portion of the authentication data field is padded with the value 0 in the corresponding octet.
Specifies the hash key. The key can be any combination of ASCII characters up to 22 characters (encrypted) for a hash key or up to 121 characters for a hash2 key. If spaces are used in the string, the entire string must be enclosed in quotation marks (‟ ”).
This option is useful when a user must configure the parameter, but for security purposes, the actual unencrypted key value is not provided.
Specifies that the key is entered in an encrypted form. If the hash parameter is not used, the key is assumed to be in a non-encrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash parameter specified.
Specifies that the key is entered in a more complex encrypted form. If the hash2 parameter is not used, the less-encrypted hash form is assumed.
[no] backup ip-address
config>service>vprn>if>vrrp
7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C
This command configures a virtual router IP address for the backup interface.
no backup
Specifies the destination IPv4 address for the backup interface.
bfd-enable service-id interface interface-name dst-ip ip-address
no bfd-enable service-id if if-name dst-ip ip-address
bfd-enable interface interface-name dst-ip ip-address
no bfd-enable interface interface-name dst-ip ip-address
config>service>vprn>if>vrrp
7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C
This command enables the use of bidirectional forwarding (BFD) to control the state of the associated protocol interface. By enabling BFD on a specific protocol interface, the state of the protocol interface is tied to the state of the BFD session between the local node and the remote node. The parameters used for the BFD are set using the bfd-enable command under the IP interface specified in this command.
The no form of this command removes BFD from the associated BGP protocol peering.
no bfd-enable
Specifies the service ID of the interface running BFD.
Specifies the name of the interface running BFD, up to 32 characters.
Specifies the destination address to be used for the BFD session.
init-delay seconds
no init-delay
config>service>vprn>if>vrrp
7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C
This command configures a VRRP initialization delay timer.
no init-delay
Specifies the initialization delay timer for VRRP, in seconds.
[no] master-int-inherit
config>service>vprn>if>vrrp
7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C
This command allows the virtual router instance to inherit the master VRRP router advertisement interval timer, which is used by backup routers to calculate the master down timer.
This command is available only in the non-owner nodal context and allows the current virtual router instance master to dictate the master down timer for all backup virtual routers. The master-int-inherit command has no effect when the virtual router instance is operating as master.
If the master-int-inherit command is not enabled, the locally configured message-interval must match the master VRRP advertisement message advertisement interval field value or the message is discarded.
The no form of this command reverts to the default operating condition, which requires the locally configured message-interval to match the received VRRP advertisement message advertisement interval field value.
no master-int-inherit
message-interval {[seconds] [milliseconds milliseconds]}
no message-interval
config>service>vprn>if>vrrp
7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C
This command configures the advertisement timer and indirectly sets the master down timer on the virtual router instance. The message-interval values must be the same for all virtual routers with the same VRID. Any VRRP advertisement message received with an Advertisement Interval field different from the virtual router instance configured message-interval value is silently discarded.
The message-interval command is available for both non-owner and owner virtual router nodal contexts. If the message-interval command is not executed, the default message interval of 1 second is used.
The no form of this command reverts to the default message interval value of 1 second.
Specifies the time interval, in seconds, between sending advertisement messages.
Specifies the time interval, in milliseconds, between sending advertisement messages.
[no] ping-reply
config>service>vprn>if>vrrp
7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C
This command configures the non-owner master to reply to ICMP echo requests directed at the IP address of the virtual router instance. The ping request can be received on any routed interface.
Ping must not have been disabled at the management security level (either on the parent IP interface or based on the ping source host address). When ping-reply is not enabled, ICMP echo requests to non-owner master virtual IP addresses are silently discarded.
Non-owner backup virtual routers never respond to ICMP echo requests regardless of the ping-reply configuration.
The ping-reply command is available only for non-owner virtual routers.
The no form of this command reverts to the default operation of discarding all ICMP echo request messages destined for the non-owner virtual router instance IP address.
no ping-reply
policy vrrp-policy-id
no policy
config>service>vprn>if>vrrp
7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C
This command associates a VRRP priority control policy with the virtual router instance (non-owner context only).
This command creates the context to configure a VRRP priority control policy that controls the VRRP in-use priority based on priority control events. It is a parent node for the various VRRP priority control policy commands that define the policy parameters and priority event conditions.
This command defines the initial or base value used by non-owner virtual routers. This value can be modified by assigning a VRRP priority control policy to the virtual router instance. The VRRP priority control policy can override or diminish the base priority setting to establish the actual in-use priority of the virtual router instance.
The policy policy-id command must be created first, before it can be associated with a virtual router instance.
Because VRRP priority control policies define conditions and events that must be maintained, they can be resource intensive. The number of policies is limited to 1000.
The policy-id does not have to be comprised consecutive integers.
The no form of this command deletes the specific policy-id from the system.
The policy-id must be removed first from all virtual router instances before the no policy command can be issued. If the policy-id is associated with a virtual router instance, the command fails.
Specifies a VRRP priority control policy.
[no] preempt
config>service>vprn>if>vrrp
7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C
This command overrides an existing non-owner master with a virtual router backup that has a higher priority. Enabling preempt mode is recommended for correct operation of the base-priority definitions on the virtual router instance. If the virtual router cannot preempt an existing non-owner master, the effect of the dynamic changing of the in-use priority is greatly diminished.
The preempt command is available for only non-owner VRRP virtual routers. The owner cannot be preempted because the priority of non-owners can never be higher than the owner. The owner always preempts other virtual routers when it is available.
Non-owner virtual router instances only preempt when preempt is set, and the current master has an in-use message priority value less than the backup virtual router instance in-use priority.
A master non-owner virtual router allows itself to be preempted only when the incoming VRRP advertisement message priority field value is one of the following:
greater than its in-use priority value
equal to its in-use priority value, and the source IP address (primary IP address) is greater than its primary IP address
The no form of this command prevents a non-owner virtual router instance from preempting another, less desirable, virtual router.
preempt
priority priority
no priority
config>service>vprn>if>vrrp
7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C
This command configures a specific priority value for the virtual router instance. In conjunction with the optional policy command, the base priority is used to derive the in-use priority of the virtual router instance.
The priority command is available only for non-owner VRRP virtual routers. The priority of owner virtual router instance is permanently set to 255 and cannot be changed. For non-owner virtual router instances, if the priority command is not executed, the base priority is set to 100.
The no form of this command resets the base priority to 100.
Specifies the base priority used by the virtual router instance. If a VRRP priority control policy is not defined, the base priority will be the in-use priority for the virtual router instance.
[no] ssh-reply
config>service>vprn>if>vrrp
7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C
This command enables the non-owner master to reply to SSH requests directed at the IP address of the virtual router instance. The SSH request can be received on any routed interface. SSH must not have been disabled at the management security level (either on the parent IP interface or based on the SSH source host address). Correct login and CLI command authentication are enforced.
When ssh-reply is not enabled, SSH packets to non-owner master virtual IP addresses are silently discarded. Non-owner backup virtual routers never respond to SSH regardless of the ssh-reply configuration.
The ssh-reply command is available only for non-owner VRRP virtual routers.
The no form of this command reverts to the default operation of discarding all SSH packets destined for the non-owner virtual router instance IP address.
no ssh-reply
[no] standby-forwarding
config>service>vprn>if>vrrp
7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C
This command configures the forwarding of packets by a standby router to the virtual router MAC address.
The no form of this command specifies that a standby router will not forward traffic sent to the virtual router MAC address but will forward traffic sent to the real MAC address of the standby router.
no standby-forwarding
[no] telnet-reply
config>service>vprn>if>vrrp
7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C
This command enables the non-owner master to reply to TCP port 23 Telnet requests directed at the IP address of the virtual router instance. The Telnet request can be received on any routed interface. Telnet must not have been disabled at the management security level (either on the parent IP interface or based on the Telnet source host address). Correct login and CLI command authentication are enforced.
When telnet-reply is not enabled, TCP port 23 Telnet packets to non-owner master virtual IP addresses are silently discarded.
Non-owner backup virtual routers never respond to Telnet requests regardless of the telnet-reply configuration.
The telnet-reply command is available only in non-owner VRRP virtual routers.
The no form of this command reverts to the default operation of discarding all Telnet packets destined for the non-owner virtual router instance IP address.
no telnet-reply
[no] traceroute-reply
config>service>vprn>if>vrrp
7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C
This command enables a non-owner master to reply to traceroute requests directed to the virtual router instance IP address.
This command is valid only if the VRRP virtual router instance associated with this entry is a non-owner.
A non-owner backup virtual router never responds to traceroute requests regardless of the traceroute-reply configuration.
no traceroute-reply