Applies to: Omada SDN Controller v5.13.30.8 and above; Omada L3 Switches.
This article will introduce how to configure VRRP on Omada L3 switches through the Omada SDN Controller.
1. What is VRRP?
VRRP (Virtual Router Redundancy Protocol) is a fault-tolerant protocol that organizes a group of LAN routers (including a Master, the active router, and a number of Backup, the backup router) into a virtual router. When the Master router in the backup group breaks down, the other backup routers in the backup group will elect a new Master router through the election policy and continue to provide routing services to the hosts in the network.
Definitions:
- VRRP Router (VRRP Router): a device running the VRRP protocol; it may belong to one or more virtual routers, such as SwitchA and SwitchB.
- Virtual Router: Also known as a VRRP backup group, it consists of a Master device and multiple Backup devices and is used as a default gateway for hosts on a shared LAN. For example, SwitchA and SwitchB together form a virtual router.
- Master Router (Virtual Router Master): a VRRP device that takes on the task of forwarding messages, such as SwitchA.
- Backup Router (Virtual Router Backup): a group of VRRP devices that do not take on the task of forwarding and that will campaign to become the new Master device when the Master device fails, such as SwitchB.
2. Configure VRRP through Omada SDN Controller.
Please adopt the switches in the controller first.
2.1 Goal of configuration
As shown in the figure below, there are two L3 Switches and one L2+ Switch. The PC is in VLAN 101. We will configure VRRP on the two L3 Switches with a virtual IP of 172.16.1.254 and configure this virtual address on the PC as the gateway.
2.2 Configuration Steps
Create a new VLAN
Go to Settings – Wired Network – LAN – Networks, click “Create New LAN,” and add VLAN 101.
Configure the VLAN Interface on the Switch
Go to Devices – Device List and click “L3 Switch 1” (Refer to the previous diagram). Go to Config – VLAN Interface in the pop-up menu, toggle Enable to the right of VLAN 101, and click the Apply button to create VLAN interface 101.
Click the edit button of VLAN 101 and configure the IP address and subnet mask as follows:
After configuring the VLAN 101 and interface on L3 Switch 1, follow the previous step and configure VLAN 101 and interface on L3 Switch 2.
Configure VRRP Rules
Go to Settings – Transmission – VRRP, and click “Create VRRP Rules.”
In the pop-up VRRP Rules Config page, select L3 Switch 1 and L3 Switch 2 from the device list and click next.
Then, configure the VRRP priority of the two L3 switches and choose the corresponding VLAN interface (here, we choose the VLAN 101 we just created). Then, the switch with the highest priority will become the Master Router.
If necessary, you can configure the Tracked Interface and Reduced Priority in the Master Router. Generally, the Tracked Interface is the uplink routing egress port of this L3 Switch. After configuring the Tracked Interface, when this port is down, the VRRP priority of this L3 switch will be lowered, which will change the VRRP election result.
Then, configure the VRRP Name, VRID, and Virtual IP, and click Apply to finish the configuration of VRRP.
Optional parameters of VRRP
It’s recommended not to change these configurations if not necessary.
- Advertise Timer: This is the period that VRRP messages are sent. The default is 1 second per period. The smaller the value, the shorter the time required for VRRP state switching.
- Preempt Mode: The default is preempt mode, in which the backup router will preempt the new master router if it has a higher priority. In non-preempt mode, if there is already a master router, the backup router will not preempt the new master router, even if it has a higher priority unless the master router fails.
- Delay Time: In preempt mode, a high-priority VRRP router will wait for a Delay Time period before sending a VRRP message to announce that it has a higher priority and becomes the master. The default value is 0, which means a high-priority VRRP router will immediately send a VRRP message to announce that it has a higher priority and becomes the master.
- Authentication Type: By default, it is None, and no authentication will be performed. “Simple” refers to using a text password for authentication, and “MD5” refers to using a text password to authenticate MD5, which has higher security than Simple mode.
Check the current status of VRRP entries.
After configuration, go back to Create VRRP Rules page and check the current status of VRRP entries.
MASTER DEVICE: The VRRP Master of the current VRRP backup group.
STATUS: The running status of this VRRP entry.
Configure the downlink port of the L2+ switch.
Go to the local configuration page of the L2+ switch, navigate to Ports, click the edit button on the downlink port, and change its profile to VLAN 101.
Configure Static Routes
If you need to configure static routes for L3 switches, do the following:
Go to the private configuration page of the L3 switch, then Config – Static Route, and click Add.
Then, tick Enable on Status, enter the destination subnet in Destination IP/Subnet, enter the next hop IP of this static route in Next Hop, enter the distance, and click Apply.
For more detailed information on features and CLIs, check the CLI Guide and User Guide.