Configuration procedure – H3C Technologies H3C S7500E Series Switches User Manual
Page 165
10-32
z
To prevent attacks to the VRRP group from illegal users by using spoofed packets,
configure the authentication mode as plain text to authenticate the VRRP packets in VRRP
group 1, and specify the authentication key as hello.
Figure 10-11 Network diagram for VRRP interface tracking
Host A
Switch A
Switch B
Virtual IPv6 address:
FE80::10
1::10/64
Vlan-int2
FE80::1
1::1/64
Vlan-int2
FE80::2
1::2/64
Host B
Gateway:
1::10/64
Vlan-int3
Internet
Configuration procedure
1) Configure Switch A
# Configure VLAN 2.
[SwitchA] ipv6
[SwitchA] vlan 2
[SwitchA-vlan2] port gigabitethernet 2/0/5
[SwitchA-vlan2] quit
[SwitchA] interface vlan-interface 2
[SwitchA-Vlan-interface2] ipv6 address fe80::1 link-local
[SwitchA-Vlan-interface2] ipv6 address 1::1 64
# Create a VRRP group 1 and set its virtual IPv6 addresses to FE80::10 and 1::10.
[SwitchA-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local
[SwitchA-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip 1::10
# Set the priority of Switch A in VRRP group 1 to 110, which is higher than that of Switch B (100),
so that Switch A can become the master.
[SwitchA-Vlan-interface2] vrrp ipv6 vrid 1 priority 110
# Set the authentication mode for VRRP group 1 to simple and authentication key to hello.
[SwitchA-Vlan-interface2] vrrp ipv6 vrid 1 authentication-mode simple hello
# Set the VRRP advertisement interval to 400 centiseconds.
[SwitchA-Vlan-interface2] vrrp ipv6 vrid 1 timer advertise 400
# Configure Switch A to work in preemptive mode, so that it can become the master whenever it
works normally; configure the preemption delay as five seconds to avoid frequent status
switchover.
[SwitchA-Vlan-interface2] vrrp ipv6 vrid 1 preempt-mode timer delay 5
# Set VLAN-interface 3 on Switch A to be tracked, and configure the amount by which the
priority value decreases to be more than 10 (30 in this example), so that when VLAN interface 3