Overview
To use the Virtual Router Redundancy Protocol (VRRP) with Policy-Based Routing (PBR) and VLANs, you should specify the behavior of the router interfaces connecting to the switch, the LAN, and the WAN.
This article provides step-by-step instructions on how to configure a router for VRRP with PBR and VLANs.
CAUTION! Configure your router using the IP addresses that correspond to your network. The IP addresses and netmasks used in this article are for demonstration purposes only.
Process
- Launch the router's CLI.
- To enter the privileged EXEC (enable) mode, run the following command:
hostname > enable
- The hostname # prompt appears.
- To enter the configuration (config) mode, run the following command:
hostname # configure terminal
- The hostname (config)# prompt appears.
- Specify the interface to configure:
hostname (config)# interface GigabitEthernet0/0
- Set a description for what the router interface is connecting to:
hostname (config-if)# description Connected to Exinda Group
- Specify that there is no IP address for the interface:
hostname (config-if)# no ip address
- Set the duplex and speed parameters for the interface:
hostname (config-if)# duplex auto
hostname (config-if)# speed auto - Configure the parameters for the VLAN 10 interface (Gig0/0.10).
- Specify the interface to configure:
hostname (config)# interface GigabitEthernet0/0.10
- Set the router interface to route between VLANs for the switch:
hostname (config-if)# encapsulation dot1Q 10
- Set the IP address and netmask of the VLAN 10 interface:
hostname (config-if)# ip address 10.10.10.1 255.255.255.0
- Configure the parameters for the VLAN 20 interface (Gig0/0.20).
- Specify the interface to configure:
hostname (config)# interface GigabitEthernet0/0.20
- Set the router interface to route between VLANs for the switch:
hostname (config-if)# encapsulation dot1Q 20
- Set the IP address and netmask of the VLAN 20 interface:
hostname (config-if)# ip address 10.10.20.1 255.255.255.0
- Specify the interface to configure:
hostname (config)# interface GigabitEthernet0/1
- Set a description for what the router interface is connecting to:
hostname (config-if)# description Connected to WAN
- Specify that there is no IP address for the interface:
hostname (config-if)# no ip address
- Set the duplex and speed parameters for the interface:
hostname (config-if)# duplex auto hostname (config-if)# speed auto
- Configure the parameters for the VLAN 10 interface (Gig0/1.10).
- Specify the interface to configure:
hostname (config)# interface GigabitEthernet0/1.10
- Set the router interface to route between VLANs for the switch:
hostname (config-if)# encapsulation dot1Q 10
- Set the route map for policy routing with the name
EXOOP1toEXIN
:
hostname (config-if)# ip policy route-map EXOOP1toEXIN
- Configure the parameters for the VLAN 20 interface (Gig0/1.20).
- Specify the interface to configure:
hostname (config)# interface GigabitEthernet0/1.20
- Set the router interface to route between VLANs for the switch:
hostname (config-if)# encapsulation dot1Q 20
- Set the IP address and netmask of the LAN interface:
hostname (config-if)# ip address 10.10.40.1 255.255.255.0
- Set the route map for policy routing with the name
LANtoEXOOP2
:
hostname (config-if)# ip policy route-map LANtoEXOOP2
- Specify the interface to configure:
hostname (config)# interface FastEthernet0/1.10
- Set a description for what the router interface is connecting to:
hostname (config-if)# description Connected to EX-IN
- Set the router interface to route between VLANs for the switch:
hostname (config-if)# encapsulation dot1Q 10
- Set the IP address and netmask of the LAN interface:
hostname (config-if)# ip address 172.16.10.0 255.255.255.0
- Set the route map for policy routing with the name
EXINtoEXOOP1
:
hostname (config-if)# ip policy route-map EXINtoEXOOP1
- Specify the interface to configure:
hostname (config)# interface FastEthernet0/1.20
- Set a description for what the router interface is connecting to:
hostname (config-if)# description Connected to EX-IN
- Set the router interface to route between VLANs for the switch:
hostname (config-if)# encapsulation dot1Q 20
- Set the IP address and netmask of the LAN interface:
hostname (config-if)# ip address 172.16.20.0 255.255.255.0
- Set the route map for policy routing with the name
EXINtoEXOOP2
:
hostname (config-if)# ip policy route-map EXINtoEXOOP2
hostname (config)# access-list 100 permit ip
10.10.30.0 0.0.0.255 172.16.10.0 0.0.0.255
hostname (config)# access-list 101 permit ip
172.16.10.0 0.0.0.255 10.10.30.0 0.0.0.255
hostname (config)# access-list 102 permit ip
10.10.40.0 0.0.0.255 172.16.20.0 0.0.0.255
hostname (config)# access-list 103 permit ip
172.16.20.0 0.0.0.255 10.10.40.0 0.0.0.255
route-map Asym permit 10
match ip address 100
set ip next-hop 10.10.10.100
!
route-map EXOOP1toEXIN permit 10
match ip address 100
set ip next-hop 10.10.10.100
!
route-map EXOOP2toEXIN permit 10
match ip address 102
set ip next-hop 10.10.20.100
!
route-map EXINtoEXOOP1 permit 10
match ip address 101
set ip next-hop 10.10.10.100
!
route-map EXINtoEXOOP2 permit 10
match ip address 103
set ip next-hop 10.10.20.100