VRRP configuration instance on Juniper Firewall

Experiment on a PC running FreeBSD and Junos, topology as above:

Virtual IP (VIP) addresses = 10.0.5.253 and 10.0.6.253

R1 is Master's VLAN 520 and R2 is back

R2 is Master's VLAN 530 and R1 is back

MD5 authentication is enabled. For VLAN 520, the key is ' vrrp520 '. For VLAN 530, the key is "vrrp530"

My virtual router configuration, track first

Logical-systems {r1 {interfaces {fxp1 {unit {Vlan-id 13;   
Family inet {address 10.0.4.1/24;   
} Unit 520 {Vlan-id 520;   
Family inet {address 10.0.5.1/24 {Vrrp-group 1 {virtual-address 10.0.5.253;   
Priority 100;   
Accept-data;   
Authentication-type MD5; Authentication-key "$9$yf4uh. Pq3/t.prhyrvm4aj ";   
# # Secret-data}}} Unit 530 {Vlan-id 530;   
Family inet {address 10.0.6.1/24 {Vrrp-group 2 {virtual-address 10.0.6.253;   
Priority 80;   
Accept-data;   
Authentication-type MD5; Authentication-key "$9$h.qn9a01ey9a8x-dsymf5";   
# # Secret-data}}}} lo0 {Unit 1 {family inet {address 1.1.1.1/32;   
}}} protocols {OSPF {area 0.0.0.1 {interface lo0.1 {passive;   
} interface fxp1.520;   
Interface fxp1.530;   
Interface fxp1.13;   
}}} r2 {interfaces {fxp1 {Vlan-id 23; Family inet {address 10.0.3.2/24;   
}} FXP2 {Unit 520 {Vlan-id 520;   
Family inet {address 10.0.5.2/24 {Vrrp-group 1 {virtual-address 10.0.5.253;   
Priority 80;   
Accept-data;   
Authentication-type MD5; Authentication-key "$9$mwoldsgogjkpgon/atoblx7";   
# # Secret-data}}} Unit 530 {Vlan-id 530;   
Family inet {address 10.0.6.2/24 {Vrrp-group 2 {virtual-address 10.0.6.253;   
Priority 100;   
Accept-data;   
Authentication-type MD5; Authentication-key "$9$5z9po1hyewo1db2gjzfn6";   
# # Secret-data}}}} lo0 {Unit 2 {family inet {address 2.2.2.2/32;   
}}} protocols {OSPF {area 0.0.0.1 {interface fxp2.520;   
Interface fxp2.530;   
Interface fxp2.23;   
interface lo0.2 {passive;   
}}}} r3 {interfaces {fxp2 {Vlan-id 13;   
Family inet {address 10.0.4.3/24;   
} \ {Vlan-id 23; Family inET {address 10.0.3.3/24;   
}} lo0 {Unit 3 {family inet {address 3.3.3.3/32;   
}}} protocols {OSPF {area 0.0.0.1 {interface fxp2.13;   
interface lo0.3 {passive;   
} interface fxp2.23; gz@juniper-lab# Run Show VRRP summary logical-system R1 Interface State Group VR Stat E VR Mode Type address fxp1.520 up 1 master Active LCL 10.0.5.1 vip 10.0.5.253 FXP1 .530 Up 2 backup Active LCL 10.0.6.1 vip 10.0.6.253 [edit] gkz@juniper-lab# run show VRRP su   
Mmary logical-system R2 Interface State Group VR State VR Mode Type address fxp2.520 up 1   
Backup active LCL 10.0.5.2 VIP 10.0.5.253 fxp2.530 up 2 master Active LCL 10.0.6.2 VIP 10.0.6.253 Configuration TRACK R1 TRACK interface fxp1.13 R2 TRACK interface fxp1.23 R1 edit Logical-systems R 1 Interfaces FXP1 520 Family inet address 10.0.5.1/24 set vrrp-group 1 track interface fxp1.13 priority-cost-R2 [Edit lo Gical-systems R2 Interfaces FXP2 Unit 520 Family inet address 10.0.5.2/24] Set Vrrp-group 1 track interface fxp1.23 pri Ority-cost 50 when R1 's fxp1.13 disable: [edit] gkz@juniper-lab# set logical-systems R1 interfaces FXP1 Unit Disab   
Le [edit] gkz@juniper-lab# Commit commit complete [edit] gkz@juniper-lab# run show VRRP brief [edit]    
gkz@juniper-lab# Run show VRRP brief logical-system R1 Interface State Group VR State VR Mode Timer Type Address fxp1.520 up 1 backup Active D 3.516 LCL 10.0.5.1 vip 10.0.5.253 Mas 10.0.5 .2 fxp1.530 up 2 backup Active D 3.613 LCL 10.0.6.1 vip 10.0.6.253 mas 10.0.6.   
2 [edit] gkz@juniper-lab# run show VRRP brief logical-system R2 Interface state Group VR State VR Mode Timer Type AddreSS fxp2.520 up 1 master Active A 0.601 LCL 10.0.5.2 vip 10.0.5.253 fxp2.530 up 2 Master Active A 0.973 LCL 10.0.6.2 VIP 10.0.6.253

This article is from the "Rista" blog, please be sure to keep this source http://rista.blog.51cto.com/2526140/935140