Overview

To use the Virtual Router Redundancy Protocol (VRRP) with Policy-Based Routing (PBR) and VLANs, you should specify the behavior of the router interfaces connecting to the switch, the LAN, and the WAN.

This article provides step-by-step instructions on how to configure a router for VRRP with PBR and VLANs.

Process

1. Launch the router's CLI.
   • To enter the privileged EXEC (enable) mode, run the following command:
     
     

     hostname > enable

   • The hostname # prompt appears.
   • To enter the configuration (config) mode, run the following command:
     
     

     hostname # configure terminal

   • The hostname (config)# prompt appears.
2. Configure the interface parameters for the switch installed between the router and the out-of-path Exinda appliances (Gig0/0).
   1. Specify the interface to configure:
      
      

      hostname (config)# interface GigabitEthernet0/0

   2. Set a description for what the router interface is connecting to:
      
      

      hostname (config-if)# description Connected to Exinda Group

   3. Specify that there is no IP address for the interface:
      
      

      hostname (config-if)# no ip address

   4. Set the duplex and speed parameters for the interface:
      
      

      hostname (config-if)# duplex auto
      
      hostname (config-if)# speed auto

   5. Configure the parameters for the VLAN 10 interface (Gig0/0.10).
      1. Specify the interface to configure:
         
         

         hostname (config)# interface GigabitEthernet0/0.10

      2. Set the router interface to route between VLANs for the switch:
         
         

         hostname (config-if)# encapsulation dot1Q 10

      3. Set the IP address and netmask of the VLAN 10 interface:
         
         

         hostname (config-if)# ip address 10.10.10.1 255.255.255.0

   6. Configure the parameters for the VLAN 20 interface (Gig0/0.20).
      1. Specify the interface to configure:
         
         

         hostname (config)# interface GigabitEthernet0/0.20

      2. Set the router interface to route between VLANs for the switch:
         
         

         hostname (config-if)# encapsulation dot1Q 20

      3. Set the IP address and netmask of the VLAN 20 interface:
         
         

         hostname (config-if)# ip address 10.10.20.1 255.255.255.0

3. Configure the parameters for the WAN interface (Gig0/1).
   1. Specify the interface to configure:
      
      

      hostname (config)# interface GigabitEthernet0/1

   2. Set a description for what the router interface is connecting to:
      
      

      hostname (config-if)# description Connected to WAN

   3. Specify that there is no IP address for the interface:
      
      

      hostname (config-if)# no ip address

   4. Set the duplex and speed parameters for the interface:
      
      

      hostname (config-if)# duplex auto hostname (config-if)# speed auto

   5. Configure the parameters for the VLAN 10 interface (Gig0/1.10).
      1. Specify the interface to configure:
         
         

         hostname (config)# interface GigabitEthernet0/1.10

      2. Set the router interface to route between VLANs for the switch:
         
         

         hostname (config-if)# encapsulation dot1Q 10

      3. Set the route map for policy routing with the name EXOOP1toEXIN:
         
         

         hostname (config-if)# ip policy route-map EXOOP1toEXIN

   6. Configure the parameters for the VLAN 20 interface (Gig0/1.20).
      1. Specify the interface to configure:
         
         

         hostname (config)# interface GigabitEthernet0/1.20

      2. Set the router interface to route between VLANs for the switch:
         
         

         hostname (config-if)# encapsulation dot1Q 20

      3. Set the IP address and netmask of the LAN interface:
         
         

         hostname (config-if)# ip address 10.10.40.1 255.255.255.0

      4. Set the route map for policy routing with the name LANtoEXOOP2:
         
         

         hostname (config-if)# ip policy route-map LANtoEXOOP2

4. Configure the parameters for the LAN interface (Fa0/1.10).
   1. Specify the interface to configure:
      
      

      hostname (config)# interface FastEthernet0/1.10

   2. Set a description for what the router interface is connecting to:
      
      

      hostname (config-if)# description Connected to EX-IN

   3. Set the router interface to route between VLANs for the switch:
      
      

      hostname (config-if)# encapsulation dot1Q 10

   4. Set the IP address and netmask of the LAN interface:
      
      

      hostname (config-if)# ip address 172.16.10.0 255.255.255.0

   5. Set the route map for policy routing with the name EXINtoEXOOP1:
      
      

      hostname (config-if)# ip policy route-map EXINtoEXOOP1

5. Configure the parameters for the LAN interface (Fa0/1.20).
   1. Specify the interface to configure:
      
      

      hostname (config)# interface FastEthernet0/1.20

   2. Set a description for what the router interface is connecting to:
      
      

      hostname (config-if)# description Connected to EX-IN

   3. Set the router interface to route between VLANs for the switch:
      
      

      hostname (config-if)# encapsulation dot1Q 20

   4. Set the IP address and netmask of the LAN interface:
      
      

      hostname (config-if)# ip address 172.16.20.0 255.255.255.0

   5. Set the route map for policy routing with the name EXINtoEXOOP2:
      
      

      hostname (config-if)# ip policy route-map EXINtoEXOOP2

6. Create the following access lists to allow devices in the specified IP address range to access the network:
   
   

   hostname (config)# access-list 100 permit ip
   10.10.30.0 0.0.0.255 172.16.10.0 0.0.0.255
   
   hostname (config)# access-list 101 permit ip
   172.16.10.0 0.0.0.255 10.10.30.0 0.0.0.255
   
   hostname (config)# access-list 102 permit ip
   10.10.40.0 0.0.0.255 172.16.20.0 0.0.0.255
   
   hostname (config)# access-list 103 permit ip
   172.16.20.0 0.0.0.255 10.10.40.0 0.0.0.255

7. Configure the following route maps to enable access to the routes specified in the access lists, and route the traffic to the router.
   
   

   route-map Asym permit 10
   
   match ip address 100
   
   set ip next-hop 10.10.10.100
   
   !
   
   route-map EXOOP1toEXIN permit 10
   
   match ip address 100
   
   set ip next-hop 10.10.10.100
   
   !
   
   route-map EXOOP2toEXIN permit 10
   
   match ip address 102
   
   set ip next-hop 10.10.20.100
   
   !
   
   route-map EXINtoEXOOP1 permit 10
   
   match ip address 101
   
   set ip next-hop 10.10.10.100
   
   !
   
   route-map EXINtoEXOOP2 permit 10
   
   match ip address 103
   
   set ip next-hop 10.10.20.100

Related Articles

• Configuring a Switch for VRRP with PBR and VLANs
• Configuring an Exinda Appliance for VRRP and PBR With VLANs Using Exinda Web UI
• Configuring an Exinda Appliance for VRRP and PBR With VLANs Using CLI