Lab 037 How to Configure VRRP Redundancy Protocol

CCNA 200-301 Chapter 3 IP Connectivity Lab 037 Configure and Verify VRRP Redundancy Protocol

Watch Full Demo on YouTube:

Lab Objective:

In this lab, you will configure and verify a resilient network using VRRP (Virtual Router Redundancy Protocol) and OSPF (Open Shortest Path First) to ensure seamless failover and routing between switches and routers.

The lab starts with configuring access switches (ACC-SW1, ACC-SW2, ACC-SW3) to establish connectivity for end devices and inter-switch communications.

Access ports will be set with the appropriate VLANs, while trunk ports to distribution switches will use Dot1Q encapsulation with specific VLAN restrictions.

Next, distribution switches (DIS-SW1, DIS-SW2, DIS-SW3, DIS-SW4) and core routers (C-Router1, C-Router2) will be configured with IPv4 settings and SVIs (Switched Virtual Interfaces) for VLANs 10, 20, and 30.

OSPF will be implemented to ensure efficient routing within a single area (area 0), including the advertisement of default gateways from the core routers.

You will then configure VRRP for gateway redundancy, assigning group numbers and priorities to the distribution switches to manage master and backup roles.

The preempt command will be used to ensure that the designated master can reclaim its role after recovery. Additionally, tracking objects will monitor key interfaces, allowing for automatic priority adjustment if an interface fails.

To verify the setup, you will conduct connectivity tests like pinging and traceroutes between different devices. The lab also includes a failover test to simulate interface failures on DIS-SW1, checking VRRP status changes and traffic rerouting. After each test, the original settings will be restored to ensure stability. This lab aims to enhance participants’ skills in implementing network redundancy, dynamic routing, and failover mechanisms.

Lab Topology:

CCNA 200-301 Lab Chapter 3 IP Connectivity Lab 037 Configure & Verify VRRP Redundancy Protocol – Topology

Equipment Required:

2 x Cisco Router (e.g., Cisco ISR4331/K9)
4 x Cisco Switches L3 (e.g. Catalyst 3750)
3 x Cisco Switches L2 (e.g., WS-C2960-24TT-L)
3 x Laptops with Ethernet Interface Card
Console Cable
Ethernet Cable for connections between devices
Computer with Terminal emulation software e.g. PuTTY

IPv4 Address Table:

A. IPv4 Address Table:

Device Name	Interface ID	IP Address	Subnet-Mask
C-Router1	Gi0/0	10.10.10.1	255.255.255.252
C-Router1	Gi0/1	10.0.2.1	255.255.255.252
C-Router1	Gi0/2	10.0.1.1	255.255.255.252
C-Router2	Gi0/0	10.10.10.2	255.255.255.252
C-Router2	Gi0/1	10.11.1.1	255.255.255.252
C-Router2	Gi0/2	10.11.2.1	255.255.255.252
DIS-SW1	Gi0/2	10.0.1.2	255.255.255.252
DIS-SW1	SVI 10	10.1.1.100	255.255.255.0
DIS-SW1	SVI 20	10.2.2.100	255.255.255.0
DIS-SW2	Gi1/0	10.0.2.2	255.255.255.252
DIS-SW2	SVI 10	10.1.1.101	255.255.255.0
DIS-SW2	SVI 20	10.2.2.101	255.255.255.0
DIS-SW3	Gi0/1	10.11.1.2	255.255.255.252
DIS-SW3	SVI 30	10.3.3.100	255.255.255.0
DIS-SW4	Gi0/2	10.11.2.2	255.255.255.252
DIS-SW4	SVI 30	10.3.3.101	255.255.255.0

B. Hosts IP Address Table:

Device Name	Interface ID	IPv4 Address/Subnet-Mask	Default Gateway
PC1	Eth0	10.1.1.1/24	10.1.1.254
PC2	Eth0	10.2.2.2/24	10.2.2.254
Server-A	Eth0	10.3.3.3/24	10.3.3.254

C. Access Switch Table:

Device Name	Interface ID	VLAN/Trunk	Interface Mode
ACC-SW1	Gi1/1	VLAN 10	ACCESS
ACC-SW1	Gi0/0	Trunk – Allow 10, 20	Trunk – Dot1Q
ACC-SW1	Gi0/1	Trunk – Allow 10, 20	Trunk – Dot1Q
ACC-SW2	Gi1/1	VLAN 20	ACCESS
ACC-SW2	Gi0/0	Trunk – Allow 10, 20	Trunk – Dot1Q
ACC-SW2	Gi0/1	Trunk – Allow 10, 20	Trunk – Dot1Q
ACC-SW3	Gi1/1	VLAN 30	ACCESS
ACC-SW3	Gi0/0	Trunk – Allow 30	Trunk – Dot1Q
ACC-SW3	Gi0/1	Trunk – Allow 30	Trunk – Dot1Q
DIS-SW1	Gi0/0	Trunk – Allow 10, 20	Trunk – Dot1Q
DIS-SW1	Gi0/1	Trunk – Allow 10, 20	Trunk – Dot1Q
DIS-SW1	Gi0/3	Trunk – Allow 10, 20	Trunk – Dot1Q
DIS-SW2	Gi0/0	Trunk – Allow 10, 20	Trunk – Dot1Q
DIS-SW2	Gi0/1	Trunk – Allow 10, 20	Trunk – Dot1Q
DIS-SW2	Gi0/3	Trunk – Allow 10, 20	Trunk – Dot1Q
DIS-SW3	Gi0/0	Trunk – Allow 30	Trunk – Dot1Q
DIS-SW3	Gi0/3	Trunk – Allow 30	Trunk – Dot1Q
DIS-SW4	Gi0/1	Trunk – Allow 30	Trunk – Dot1Q
DIS-SW4	Gi0/3	Trunk – Allow 30	Trunk – Dot1Q

List of Command Summary:

Command	Command Description
enable	enters privileged EXEC mode.
configure terminal	enters global configuration mode from privileged EXEC mode.
hostname [hostname]	assign a device name to router.
show interfaces status	provides a summary of the current status of all interfaces on a Cisco switch. This command displays important information about each interface, including: Port: The interface identifier (e.g., Gi1/0/1). Name: The name or description assigned to the interface, if any. Status: The operational status of the interface (e.g., connected, notconnect, err-disabled). Vlan: The VLAN that the interface is assigned to. Duplex: The duplex mode of the interface (e.g., full, half, auto). Speed: The speed of the interface (e.g., 10, 100, 1000 Mbps, auto). Type: The type of interface (e.g., 10/100/1000BaseTX, SFP). This command is useful for quickly assessing the operational state and configuration details of all interfaces on the switch.
vlan [vlan-id]	used to create or configure a VLAN (Virtual Local Area Network) on a network switch. The [vlan-id] parameter specifies the unique identifier for the VLAN, typically ranging from 1 to 4094, depending on the switch model. By issuing this command, the specified VLAN is either created or selected for further configuration, such as assigning it to specific ports or setting up attributes like name and IP settings
name [VLAN-NAME]	assign a descriptive name to a VLAN on a network switch. After creating a VLAN using the vlan [vlan-id] command, you can specify a name for that VLAN to make it easier to identify its purpose or function within the network
switchport mode access	used in Cisco switches to configure a port as an access port. Access ports are typically used to connect end devices, such as computers, printers, and IP phones, to the network
switchport access vlan [VLAN-ID]	used in Cisco switches to specify which VLAN an access port is assigned to. This command is typically executed in interface configuration mode
switchport trunk encapsulation dot1q	used in Cisco switches to configure the encapsulation type for trunk ports
switchport mode trunk	used on Cisco switches to configure a specific switch port as a trunk port
switchport trunk allowed vlan [list of vlans separated by comma]	used on Cisco devices to specify which VLANs are permitted to traverse a trunk port
no switchport	used in Cisco devices to enable IP routing functionality
ip routing	used in Cisco networking devices to enable IP routing globally
router ospf [OSPF-process-id]	used in Cisco devices to enter OSPF (Open Shortest Path First) router configuration mode. This command allows network administrators to configure various OSPF settings for a specific OSPF process
default-information originate	used in the Open Shortest Path First (OSPF) routing protocol on Cisco devices to allow a router to advertise a default route (0.0.0.0/0) into OSPF
ip ospf [OSPF-process-id] area [area number]	used in Cisco devices to configure Open Shortest Path First (OSPF) routing protocol on an interface.
vrrp [group-num] ip [vip]	used in Cisco devices to configure a Virtual Router Redundancy Protocol (VRRP) virtual IP address for a specified VRRP group
vrrp [group-num] priority [priority-number]	used in Cisco devices to configure the priority level of a router participating in a Virtual Router Redundancy Protocol (VRRP) group.
vrrp [group-num] preempt	used in Cisco devices to enable the preemption feature for a specific Virtual Router Redundancy Protocol (VRRP) group
vrrp [group-num] track [object-id] decrement [priority-number]	used in Cisco devices to configure Virtual Router Redundancy Protocol (VRRP) tracking for a specific group
track [object-id] interface [interface-id] line-protocol	used in Cisco devices to create a tracking object that monitors the state of a specific interface’s line protocol
show vrrp brief	provides a concise summary of the Virtual Router Redundancy Protocol (VRRP) configuration and status on a Cisco device
show vrrp	used in Cisco devices (and some other networking devices) to display the current status and configuration of the Virtual Router Redundancy Protocol (VRRP) instances running on the device
show interface trunk	used in Cisco switches to display information about the trunk ports configured on the device
ip route [Destination prefix] [Destination prefix mask] [Forwarding router’s address]	used in Cisco IOS configuration mode on routers and Layer 3 switches to manually configure static routes. Command Description: • Command: ip route [Destination prefix] [Destination prefix mask] [Forwarding router’s address] • Purpose: This command configures a static route on the device, specifying how to reach a specific destination network or host. • Usage: Used to define a route for traffic destined to a particular IP network or subnet. • Parameters: o [Destination prefix]: Specifies the destination network or host IP address in IPv4 format (e.g., 192.168.1.0). o [Destination prefix mask]: Specifies the subnet mask for the destination network (e.g., 255.255.255.0). o [Forwarding router’s address]: Specifies the next-hop IP address where packets should be forwarded to reach the destination network.
traceroute [ip-destination]	used to trace the route that packets take from the source device to a specified destination IP address
ping [ip-address] -n 100	used to send a series of Internet Control Message Protocol (ICMP) Echo Request packets to a specified IP address, with the option to specify the number of packets to send.
description “DESCRIPTION OF SOME SORT”	used to assign a descriptive text label to a network interface on a device such as a router or switch. This description helps administrators to identify the purpose or details of the interface more easily when managing and troubleshooting the network.
show ip interface brief \| include lan	used on Cisco devices to display a summarized list of all IP interfaces configured on the device and filter the output to only show interfaces that contain the keyword “lan” in their configuration. This command is helpful for quickly identifying and troubleshooting interfaces related to LAN (Local Area Network) configurations within the device’s network environment
ipconfig /all	used in Windows operating systems to display detailed information about all network interfaces and their configurations.
no shutdown	enables an interface.
show running-config	save the running configuration to the startup-configuration file.
show running-config \| section interface GigabitEthernet0/*	used to display the configuration details of a specific GigabitEthernet interface (interface GigabitEthernet0/) within the running configuration of a Cisco device. This command allows you to view the configuration settings related to the specified interface only, filtering out other configuration sections. It provides a focused view of the configuration parameters associated with the specified interface, including its IP address, VLAN membership, trunking settings, and any other relevant configuration details. The asterisk (*) is a wildcard character that matches any character or sequence of characters. In this context, it is used to match any subinterface under GigabitEthernet0.
show running-config \| section interface FastEthernet0/1$	The “show running-config \| section interface FastEthernet0/1$” command is similar to the previous one, but it focuses specifically on the FastEthernet0/1 interface. The “$” symbol at the end of the interface name indicates that the command will match only the interface that ends with “FastEthernet0/1”. This command is helpful when you want to view the configuration details of a specific FastEthernet interface without displaying configurations for other interfaces.
copy running-config startup-config	used to save the currently running configuration (stored in the RAM) to the startup configuration (stored in the NVRAM)
end	exit configuration mode.
exit	exits one level in the menu structure command.

Lab Task:

Access Switches Configuration (ACC-SW1, ACC-SW2, ACC-SW3):
1. Configure all access ports that connect to end devices with the appropriate VLAN, interface description, and set each port to Access Mode.
2. Configure all ports that connect to the Distribution Switches with the following attributes:
  1. Enable Trunk encapsulation to Dot1Q
  2. Force the interface to operate in Trunk mode
  3. Allow only VLAN 10 and 20 on ACC-SW1 and ACC-SW2
  4. Allow only VLAN 30 on ACC-SW3
3. Perform in-flight checks
Distribution Switches Configuration (DIS-SW1, DIS-SW2, DIS-SW3, DIS-SW4):
1. Configure all ports that connects to the Access Switches with the following attributes:
  1. Enable Trunk encapsulation to Dot1Q
  2. Force the interface to operate in Trunk mode
  3. Allow only VLAN 10 and 20 on DIS-SW1, DIS-SW2
  4. Allow only VLAN 30 on DIS-SW3, DIS-SW4
2. Configure the inter-link between each Distribution Switch with the attributes mentioned above in step 2.a.
3. On DIS-SW1 and DIS-SW4, configure the GigabitEthernet0/2 interface with the appropriate IPv4 address settings, add an interface description, and enable the interface.
4. On DIS-SW2, configure the GigabitEthernet1/0 interface with the appropriate IPv4 address settings, add an interface description, and enable the interface.
5. On DIS-SW3, configure the GigabitEthernet0/1 interface with the appropriate IPv4 address settings, add an interface description, and enable the interface
6. SVI Configuration, please refer to the IPv4 address table above for more information:
  1. Create and configure SVI 10 and 20 on DIS-SW1 and DIS-SW2 with the appropriate IP address settings and enable the interface accordingly.
  2. Create and configure SVI 30 on DIS-SW3 and DIS-SW4 with the appropriate IP address settings and enable the interface accordingly.
7. Enable IP Routing
8. Perform in-flight checks
Core Router Configuration C-Router1 and C-Router2:
1. Configure each interface (Gi0/0, Gi0/1, Gi0/2) with the appropriate IPv4 address settings, add an interface description and enable the interface.
Configure a default route on C-Router1 and C-Router2:
1. Configure a default static route with the next-hop address set to the Gi0/0 interface.
2. Perform in-flight checks.
OSPF Configuration using a single area:
1. On C-Router1:
  1. Create an OSPF ID 1
  2. Enable OSPF process across these interfaces Gi0/0, Gi0/1, and Gi0/2 within area 0.
  3. Use the appropriate command to advertise the default gateway to DIS-SW1 and DIS-SW2.
2. On C-Router2:
  1. Create an OSPF ID 2
  2. Enable OSPF process across these interfaces Gi0/0, Gi0/1, and Gi0/2 within area 0.
  3. Use the appropriate command to advertise the default gateway to DIS-SW3 and DIS-SW4
3. On DIS-SW1:
  1. Create an OSPF ID 1
  2. Enable OSPF process across these interfaces Gi0/2, SVI 10 and SVI 20 within area 0.
4. On DIS-SW2:
  1. Create an OSPF ID 1
  2. Enable OSPF process across these interfaces Gi1/0, SVI 10 and SVI 20 within area 0.
5. On DIS-SW3:
  1. Create an OSPF ID 2
  2. Enable OSPF process across these interfaces Gi0/1 and SVI 30 within area 0.
6. On DIS-SW4:
  1. Create an OSPF ID 2
  2. Enable OSPF process across these interfaces Gi0/2 and SVI 30 within area 0.
7. Perform in-flight checks
VRRP Configuration:
1. DIS-SW1 and DIS-SW2:
  1. Configure each switch with the appropriate VRRP group number. The group number should match the VLAN ID it is associated with.
  2. On each group you need to use the correct priority:
    1. On DIS-SW1 you must use priority of 200
    2. On DIS-SW2 you must use priority of 110
  3. Only on DIS-SW1, you must you use the preempt command across both VRRP groups. To ensure that DIS-SW1 becomes the Master VRRP again after recovering from any failure (either due to hardware issues or a temporary link outage).
2. DIS-SW3 and DIS-SW4:
  1. Configure each switch with the appropriate VRRP group number. The group number should match the VLAN ID it is associated with.
  2. On each group you need to use the correct priority:
    1. On DIS-SW3 you must use priority of 200
    2. On DIS-SW4 you must use priority of 110
  3. Only on DIS-SW3, you must you use the preempt command across both VRRP groups.
3. Perform in-flight checks
Tracking Object Configuration:
1. On DIS-SW1 and DIS-SW3 configure a tracking object:
  1. Create a tracking object for each VRRP group to monitor the interface connecting to C-Router1. The tracking object should be configured so that if the interface status changes (e.g., goes down), it will trigger the VRRP to decrement its priority, allowing the backup router to take over as the master.
2. Assign the tracking object to the appropriate VRRP group on both DIS-SW1 and DIS-SW3, and configure the decrement value to 100. This ensures that if the tracked interface status changes, the VRRP priority will adjust accordingly
3. Perform in-flight checks
Connectivity test:
1. Initiate a ping from PC1 to PC2.
2. Initiate a ping from PC1 to Server-A
3. Initiate a ping from PC2 to Server-A
4. Initiate a traceroute from PC1 to Server-A and observe the path that the traffic takes. Note the sequence of hops and the devices it passes through.
Failover test:
1. On DIS-SW1 – Shutdown SVI 10 test:
  1. Shutdown interface SVI 10
  2. Check the VRRP status on DIS-SW1 and DIS-SW2
  3. Repeat step 8
  4. Rollback the changes and confirm that DIS-SW1 is the Master once more.
2. On DIS-SW1 – Shutdown Gi0/2 test:
  1. Shutdown interface Gi0/2
  2. Check the VRRP status on DIS-SW1 and DIS-SW2
  3. Repeat step 8
  4. Rollback the changes and confirm that DIS-SW1 is the Master once more.
Save your configuration

Lab Solution:

1- Access Switches Configuration (ACC-SW1, ACC-SW2, ACC-SW3):
a. Configure all access ports that connect to end devices with the appropriate VLAN, interface description, and set each port to Access Mode.

ACC-SW1:
ACC-SW1(config)#vlan 10
ACC-SW1(config-vlan)#name “Sales Department”
ACC-SW1(config-vlan)#end

ACC-SW1#configure terminal
ACC-SW1(config)#interface gig 1/1
ACC-SW1(config-if)#description “Link to end device”
ACC-SW1(config-if)#switchport mode access
ACC-SW1(config-if)#switchport access vlan 10

ACC-SW2:
ACC-SW2(config)#vlan 20
ACC-SW2(config-vlan)#name “HR Department”
ACC-SW2(config-vlan)#end

ACC-SW2#configure terminal
ACC-SW2(config)#interface gig 1/1
ACC-SW2(config-if)#description “Link to end device”
ACC-SW2(config-if)#switchport mode access
ACC-SW2(config-if)#switchport access vlan 20

ACC-SW3:
ACC-SW3(config)#vlan 30
ACC-SW3(config-vlan)#name “IT Department”
ACC-SW3(config-vlan)#end

ACC-SW3#configure terminal
ACC-SW3(config)#interface gig 1/1
ACC-SW3(config-if)#description “Link to end device”
ACC-SW3(config-if)#switchport mode access
ACC-SW3(config-if)#switchport access vlan 30

b. Configure all ports that connect to the Distribution Switches with the following attributes:
1) Enable Trunk encapsulation to Dot1Q
2) Force the interface to operate in Trunk mode
3) Allow only VLAN 10 and 20 on ACC-SW1 and ACC-SW2
4) Allow only VLAN 30 on ACC-SW3

ACC-SW1:
ACC-SW1#configure terminal
ACC-SW1(config)#interface range gig0/0-1
ACC-SW1(config-if-range)#description “Link to Distribution Switch”
ACC-SW1(config-if-range)#switchport trunk encapsulation dot1q
ACC-SW1(config-if-range)#switchport mode trunk
ACC-SW1(config-if-range)#switchport trunk allowed vlan 10,20
ACC-SW1(config-if-range)#end
ACC-SW1#

ACC-SW2:
ACC-SW2#configure terminal
ACC-SW2(config)#interface range gig0/0-1
ACC-SW2(config-if-range)#description “Link to Distribution Switch”
ACC-SW2(config-if-range)#switchport trunk encapsulation dot1q
ACC-SW2(config-if-range)#switchport mode trunk
ACC-SW2(config-if-range)#switchport trunk allowed vlan 10,20
ACC-SW2(config-if-range)#end
ACC-SW2#

ACC-SW3:
ACC-SW3#configure terminal
ACC-SW3(config)#interface range gig0/0-1
ACC-SW3(config-if-range)#description “Link to Distribution Switch”
ACC-SW3(config-if-range)#switchport trunk encapsulation dot1q
ACC-SW3(config-if-range)#switchport mode trunk
ACC-SW3(config-if-range)#switchport trunk allowed vlan 30
ACC-SW3(config-if-range)#end
ACC-SW3#

c. Perform in-flight checks

2- Distribution Switches Configuration (DIS-SW1, DIS-SW2, DIS-SW3, DIS-SW4):
a. Configure all ports that connects to the Access Switches with the following attributes:
1) Enable Trunk encapsulation to Dot1Q
2) Force the interface to operate in Trunk mode
3) Allow only VLAN 10 and 20 on DIS-SW1, DIS-SW2
4) Allow only VLAN 30 on DIS-SW3, DIS-SW4

DIS-SW1:
DIS-SW1#config terminal
DIS-SW1(config)#vlan 10
DIS-SW1(config-vlan)#name “Sales Department”
DIS-SW1(config-vlan)#vlan 20
DIS-SW1(config-vlan)#name “HR Department”
DIS-SW1(config-vlan)#interface range gig0/0-1
DIS-SW1(config-if-range)#description “Link to Access Switch”
DIS-SW1(config-if-range)#switchport trunk encapsulation dot1q
DIS-SW1(config-if-range)#switchport mode trunk
DIS-SW1(config-if-range)#switchport trunk allowed vlan 10,20
DIS-SW1(config-if-range)#end
DIS-SW1#

DIS-SW2:
DIS-SW2#config terminal
DIS-SW2(config)#vlan 10
DIS-SW2(config-vlan)#name “Sales Department”
DIS-SW2(config-vlan)#vlan 20
DIS-SW2(config-vlan)#name “HR Department”
DIS-SW2(config-vlan)#interface range gig0/0-1
DIS-SW2(config-if-range)#description “Link to Access Switch”
DIS-SW2(config-if-range)#switchport trunk encapsulation dot1q
DIS-SW2(config-if-range)#switchport mode trunk
DIS-SW2(config-if-range)#switchport trunk allowed vlan 10,20
DIS-SW2(config-if-range)#end
DIS-SW2#

DIS-SW3:
DIS-SW3#config terminal
DIS-SW3(config)#vlan 30
DIS-SW3(config-vlan)#name “IT Department”
DIS-SW3(config-vlan)#exit
DIS-SW3(config)#
DIS-SW3(config)#interface gig 0/0
DIS-SW3(config-if)#description “Link to Access Switch”
DIS-SW3(config-if)#switchport trunk encapsulation dot1q
DIS-SW3(config-if)#switchport mode trunk
DIS-SW3(config-if)#switchport trunk allowed vlan 30
DIS-SW3(config-if)#end
DIS-SW3#

DIS-SW4:
DIS-SW4#config terminal
DIS-SW4(config)#vlan 30
DIS-SW4(config-vlan)#name “IT Department”
DIS-SW4(config-vlan)#exit

DIS-SW4(config)#interface gi0/1
DIS-SW4(config-if)#description “Link to Access Switch”
DIS-SW4(config-if)#switchport trunk encapsulation dot1q
DIS-SW4(config-if)#switchport mode trunk
DIS-SW4(config-if)#switchport trunk allowed vlan 30
DIS-SW4(config-if)#end
DIS-SW4#

b. Configure the inter-link between each Distribution Switch with the attributes mentioned above in step 2.a.

DIS-SW1#config terminal
DIS-SW1(config)#interface gig 0/3
DIS-SW1(config-if)#description “Link to Distribution Switch”
DIS-SW1(config-if)#switchport trunk encapsulation dot1q
DIS-SW1(config-if)#switchport mode trunk
DIS-SW1(config-if)#switchport trunk allowed vlan 10,20
DIS-SW1(config-if)#end
DIS-SW1#

DIS-SW2#config terminal
Enter configuration commands, one per line. End with CNTL/Z.
DIS-SW2(config)#interface gig 0/3
DIS-SW2(config-if)#description “Link to Distribution Switch”
DIS-SW2(config-if)#switchport trunk encapsulation dot1q
DIS-SW2(config-if)#switchport mode trunk
DIS-SW2(config-if)#switchport trunk allowed vlan 10,20
DIS-SW2(config-if)#end
DIS-SW2#

DIS-SW3#config terminal
DIS-SW3(config)#interface gig 0/3
DIS-SW3(config-if)#description “Link to Distribution Switch”
DIS-SW3(config-if)#switchport trunk encapsulation dot1q
DIS-SW3(config-if)#switchport mode trunk
DIS-SW3(config-if)#switchport trunk allowed vlan 30
DIS-SW3(config-if)#end
DIS-SW3#

DIS-SW4#config terminal
Enter configuration commands, one per line. End with CNTL/Z.
DIS-SW4(config)#interface gig 0/3
DIS-SW4(config-if)#description “Link to Distribution Switch”
DIS-SW4(config-if)#switchport trunk encapsulation dot1q
DIS-SW4(config-if)#switchport mode trunk
DIS-SW4(config-if)#switchport trunk allowed vlan 30
DIS-SW4(config-if)#end
DIS-SW4#

c. On DIS-SW1 and DIS-SW4, configure the GigabitEthernet0/2 interface with the appropriate IPv4 address settings, add an interface description, and enable the interface.

DIS-SW1#configure terminal
DIS-SW1(config)#interface gig 0/2
DIS-SW1(config-if)#description “Link to C-Router1”
DIS-SW1(config-if)#no switchport
DIS-SW1(config-if)#ip address 10.0.1.2 255.255.255.252
DIS-SW1(config-if)#no shut
DIS-SW1(config-if)#end
DIS-SW1#

DIS-SW4#configure terminal
DIS-SW4(config)#interface gig 0/2
DIS-SW4(config-if)#description “Link to C-Router2”
DIS-SW4(config-if)#no switchport
DIS-SW4(config-if)#ip address 10.11.2.2 255.255.255.252
DIS-SW4(config-if)#no shut
DIS-SW4(config-if)#end
DIS-SW4#

d. On DIS-SW2, configure the GigabitEthernet1/0 interface with the appropriate IPv4 address settings, add an interface description, and enable the interface.

DIS-SW2#configure terminal
DIS-SW2(config)#interface gigabitEthernet 1/0
DIS-SW2(config-if)#description “Link to C-Router1”
DIS-SW2(config-if)#no switchport
DIS-SW2(config-if)#ip address 10.0.2.2 255.255.255.252
DIS-SW2(config-if)#no shut
DIS-SW2(config-if)#end
DIS-SW2#

e. On DIS-SW3, configure the GigabitEthernet0/1 interface with the appropriate IPv4 address settings, add an interface description, and enable the interface

DIS-SW3#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
DIS-SW3(config)#interface gig 0/1
DIS-SW3(config-if)#description “Link to C-Router2”
DIS-SW3(config-if)#no switchport
DIS-SW3(config-if)#ip address 10.11.1.2 255.255.255.252
DIS-SW3(config-if)#no shut
DIS-SW3(config-if)#end
DIS-SW3#

f. SVI Configuration, please refer to the IPv4 address table above for more information:
1) Create and configure SVI 10 and 20 on DIS-SW1 and DIS-SW2 with the appropriate IP address settings and enable the interface accordingly.

DIS-SW1#config terminal
DIS-SW1(config)#interface vlan 10
DIS-SW1(config-if)#ip address 10.1.1.100 255.255.255.0
DIS-SW1(config-if)#no sh

DIS-SW1(config-if)#interface vlan 20
DIS-SW1(config-if)#ip address 10.2.2.100 255.255.255.0
DIS-SW1(config-if)#no shut
DIS-SW1(config-if)#end
DIS-SW1#

DIS-SW2#config terminal
DIS-SW2(config)#interface vlan 10
DIS-SW2(config-if)#ip address 10.1.1.101 255.255.255.0
DIS-SW2(config-if)#no shut

DIS-SW2(config-if)#interface vlan 20
DIS-SW2(config-if)#ip address 10.2.2.101 255.255.255.0
DIS-SW2(config-if)#no shut
DIS-SW2(config-if)#end
DIS-SW2#

2) Create and configure SVI 30 on DIS-SW3 and DIS-SW4 with the appropriate IP address settings and enable the interface accordingly.

DIS-SW3#config terminal
DIS-SW3(config)#interface vlan 30
DIS-SW3(config-if)#ip address 10.3.3.100 255.255.255.0
DIS-SW3(config-if)#no sh
DIS-SW3(config-if)#end
DIS-SW3#

DIS-SW4#config terminal
DIS-SW4(config)#interface vlan 30
DIS-SW4(config-if)#ip address 10.3.3.101 255.255.255.0
DIS-SW4(config-if)#no sh
DIS-SW4(config-if)#end
DIS-SW4#

g. Enable IP Routing

DIS-SW1#config terminal
DIS-SW1(config)#ip routing

DIS-SW2#config terminal
DIS-SW2(config)#ip routing

DIS-SW3#config terminal
DIS-SW3(config)#ip routing

DIS-SW4#config terminal
DIS-SW4(config)#ip routing

h. Perform in-flight checks

3- Core Router Configuration C-Router1 and C-Router2:
a. Configure each interface (Gi0/0, Gi0/1, Gi0/2) with the appropriate IPv4 address settings, add an interface description and enable the interface.

C-Router1:
C-Router1#configure terminal
C-Router1(config)#interface gig 0/0
C-Router1(config-if)#description “Link to C-Router2”
C-Router1(config-if)#ip address 10.10.10.1 255.255.255.252
C-Router1(config-if)#no shut

C-Router1(config)#interface gig 0/1
C-Router1(config-if)#description “Link to DIS-SW2”
C-Router1(config-if)#ip address 10.0.2.1 255.255.255.252
C-Router1(config-if)#no shut
C-Router1(config-if)#exit

C-Router1(config)#interface gig 0/2
C-Router1(config-if)#description “Link to DIS-SW1”
C-Router1(config-if)#ip address 10.0.1.1 255.255.255.252
C-Router1(config-if)#no shut
C-Router1(config-if)#end
C-Router1#

C-Router2:
C-Router2#configure terminal
C-Router2(config)#interface gigabitEthernet 0/0
C-Router2(config-if)#description “Link to C-Router1”
C-Router2(config-if)#ip address 10.10.10.2 255.255.255.252
C-Router2(config-if)#no shut
C-Router2(config-if)#exit

C-Router2(config)#interface gigabitEthernet 0/1
C-Router2(config-if)#description “Link to DIS-SW3”
C-Router2(config-if)#ip address 10.11.1.1 255.255.255.252
C-Router2(config-if)#no shut
C-Router2(config-if)#exit

C-Router2(config)#interface gigabitEthernet 0/2
C-Router2(config-if)#description “Link to DIS-SW4”
C-Router2(config-if)#ip address 10.11.2.1 255.255.255.252
C-Router2(config-if)#no shut
C-Router2(config-if)#end
C-Router2#

4- Configure a default route on C-Router1 and C-Router2:
a. Configure a default static route with the next-hop address set to the Gi0/0 interface.

C-Router1:
C-Router1#configure terminal
C-Router1(config)#ip route 0.0.0.0 0.0.0.0 10.10.10.2
C-Router1(config)#end
C-Router1#

C-Router2:
C-Router2#configure terminal
C-Router2(config)#ip route 0.0.0.0 0.0.0.0 10.10.10.1
C-Router2(config)#end
C-Router2#

b. Perform in-flight checks.

5- OSPF Configuration using a single area:
a. On C-Router1:
1) Create an OSPF ID 1
2) Enable OSPF process across these interfaces Gi0/0, Gi0/1, and Gi0/2 within area 0.
3) Use the appropriate command to advertise the default gateway to DIS-SW1 and DIS-SW2.

C-Router1(config)#
C-Router1(config)#router ospf 1
C-Router1(config-router)#default-information originate
C-Router1(config-router)#exit

C-Router1(config)#inter gig 0/0
C-Router1(config-if)#ip ospf 1 area 0

C-Router1(config-if)#inter gig 0/1
C-Router1(config-if)#ip ospf 1 area 0

C-Router1(config-if)#inter gig 0/2
C-Router1(config-if)#ip ospf 1 area 0
C-Router1(config-if)#end
C-Router1#

b. On C-Router2:
1) Create an OSPF ID 2
2) Enable OSPF process across these interfaces Gi0/0, Gi0/1, and Gi0/2 within area 0.
3) Use the appropriate command to advertise the default gateway to DIS-SW3 and DIS-SW4

C-Router2(config)#router ospf 2
C-Router2(config-router)#default-information originate
C-Router2(config-router)#exit
C-Router2(config)#
C-Router2(config-if)#interface ran gigabitEthernet 0/0-2
C-Router2(config-if-range)#ip ospf 2 area 0
C-Router2(config-if-range)#end
C-Router2#

c. On DIS-SW1:
1) Create an OSPF ID 1
2) Enable OSPF process across these interfaces Gi0/2, SVI 10 and SVI 20 within area 0.

DIS-SW1:
DIS-SW1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
DIS-SW1(config)#router ospf 1
DIS-SW1(config-router)#exit

DIS-SW1(config)#interface vlan 10
DIS-SW1(config-if)#ip ospf 1 area 0

DIS-SW1(config-if)#interface vlan 20
DIS-SW1(config-if)#ip ospf 1 area 0

DIS-SW1(config-if)#interface gig0/2
DIS-SW1(config-if)#ip ospf 1 area 0
DIS-SW1(config-if)#end
DIS-SW1#

d. On DIS-SW2:
1) Create an OSPF ID 1
2) Enable OSPF process across these interfaces Gi1/0, SVI 10 and SVI 20 within area 0.

DIS-SW2:
DIS-SW2#configure terminal
DIS-SW2(config)#router ospf 1
DIS-SW2(config-router)#exit

DIS-SW2(config)#interface vlan 10
DIS-SW2(config-if)#ip ospf 1 area 0

DIS-SW2(config-if)#interface vlan 20
DIS-SW2(config-if)#ip ospf 1 area 0

DIS-SW2(config-if)#interface gig 1/0
DIS-SW2(config-if)#ip ospf 1 area 0
DIS-SW2(config-if)#end
DIS-SW2#

e. On DIS-SW3:
1) Create an OSPF ID 2
2) Enable OSPF process across these interfaces Gi0/1 and SVI 30 within area 0.

DIS-SW3:
DIS-SW3#configure terminal
DIS-SW3(config)#router ospf 2
DIS-SW3(config-router)#exit

DIS-SW3(config)#interface vlan 30
DIS-SW3(config-if)#ip ospf 2 area 0

DIS-SW3(config-if)#interface gig 0/1
DIS-SW3(config-if)#ip ospf 2 area 0
DIS-SW3(config-if)#end
DIS-SW3#

f. On DIS-SW4:
1) Create an OSPF ID 2
2) Enable OSPF process across these interfaces Gi0/2 and SVI 30 within area 0.

DIS-SW4:
DIS-SW4#configure terminal
DIS-SW4(config)#router ospf 2
DIS-SW4(config-router)#exit

DIS-SW4(config)#interface vlan 30
DIS-SW4(config-if)#ip ospf 2 area 0
DIS-SW4(config-if)#exit

DIS-SW4(config)#interface gigabitEthernet 0/2
DIS-SW4(config-if)#ip ospf 2 area 0
DIS-SW4(config-if)#end
DIS-SW4#

g. Perform in-flight checks

6- VRRP Configuration:
a. DIS-SW1 and DIS-SW2:
1) Configure each switch with the appropriate VRRP group number. The group number should match the VLAN ID it is associated with.
2) On each group you need to use the correct priority:
1- On DIS-SW1 you must use priority of 200
2- On DIS-SW2 you must use priority of 110
3) Only on DIS-SW1, you must you use the preempt command across both VRRP groups. To ensure that DIS-SW1 becomes the Master VRRP again after recovering from any failure (either due to hardware issues or a temporary link outage).

DIS-SW1:
DIS-SW1#configure terminal
DIS-SW1(config)#interface vlan 10
DIS-SW1(config-if)#vrrp 10 ip 10.1.1.254
DIS-SW1(config-if)#vrrp 10 priority 200
DIS-SW1(config-if)#vrrp 10 preempt
DIS-SW1(config-if)#

DIS-SW1(config-if)#interface vlan 20
DIS-SW1(config-if)#vrrp 20 ip 10.2.2.254
DIS-SW1(config-if)#vrrp 20 priority 200
DIS-SW1(config-if)#vrrp 20 preempt
DIS-SW1(config-if)#end
DIS-SW1#

DIS-SW2:
DIS-SW2#configure terminal
DIS-SW2(config)#interface vlan 10
DIS-SW2(config-if)#vrrp 10 ip 10.1.1.254
DIS-SW2(config-if)#vrrp 10 priority 110

DIS-SW2(config-if)#interface vlan 20
DIS-SW2(config-if)#vrrp 20 ip 10.2.2.254
DIS-SW2(config-if)#vrrp 20 priority 110
DIS-SW2(config-if)#end
DIS-SW2#

b. DIS-SW3 and DIS-SW4:
1) Configure each switch with the appropriate VRRP group number. The group number should match the VLAN ID it is associated with.
2) On each group you need to use the correct priority:
1- On DIS-SW3 you must use priority of 200
2- On DIS-SW4 you must use priority of 110
3) Only on DIS-SW3, you must you use the preempt command across both VRRP groups.

DIS-SW3:
DIS-SW3#configure terminal
DIS-SW3(config)#interface vlan 30
DIS-SW3(config-if)#vrrp 30 ip 10.3.3.254
DIS-SW3(config-if)#vrrp 30 priority 200
DIS-SW3(config-if)#vrrp 30 preempt
DIS-SW3(config-if)#end
DIS-SW3#

DIS-SW4:
DIS-SW4#configure terminal
DIS-SW4(config)#interface vlan 30
DIS-SW4(config-if)#vrrp 30 ip 10.3.3.254
DIS-SW4(config-if)#vrrp 30 priority 110
DIS-SW4(config-if)#end
DIS-SW4#

c. Perform in-flight checks

7- Tracking Object Configuration:
a. On DIS-SW1 and DIS-SW3 configure a tracking object:
1) Create a tracking object for each VRRP group to monitor the interface connecting to C-Router1. The tracking object should be configured so that if the interface status changes (e.g., goes down), it will trigger the VRRP to decrement its priority, allowing the backup router to take over as the master.
b. Assign the tracking object to the appropriate VRRP group on both DIS-SW1 and DIS-SW3, and configure the decrement value to 100. This ensures that if the tracked interface status changes, the VRRP priority will adjust accordingly

DIS-SW1:
DIS-SW1#configure terminal
DIS-SW1(config)#track 99 interface gigabitEthernet 0/2 line-protocol
DIS-SW1(config-track)#

DIS-SW1(config)#interface vlan 10
DIS-SW1(config-if)#vrrp 10 track 99 decrement 100
DIS-SW1(config-if)#

DIS-SW1(config-if)#interface vlan 20
DIS-SW1(config-if)#vrrp 20 track 99 decrement 100
DIS-SW1(config-if)#end
DIS-SW1#

DIS-SW3:
DIS-SW3#configure terminal
DIS-SW3(config)#track 99 interface gigabitEthernet 0/1 line-protocol
DIS-SW3(config-track)#

DIS-SW3(config)#interface vlan 30
DIS-SW3(config-if)#vrrp 30 track 99 decrement 100
DIS-SW3(config-if)#
DIS-SW3(config-if)#end
DIS-SW3#

c. Perform in-flight checks

8- Connectivity test:
a. Initiate a ping from PC1 to PC2.

b. Initiate a ping from PC1 to Server-A

c. Initiate a ping from PC2 to Server-A

d. Initiate a traceroute from PC1 to Server-A and observe the path that the traffic takes. Note the sequence of hops and the devices it passes through.

9- Failover test:
a. On DIS-SW1 – Shutdown SVI 10 test:
1) Shutdown interface SVI 10
2) Check the VRRP status on DIS-SW1 and DIS-SW2
3) Repeat step 8
4) Rollback the changes and confirm that DIS-SW1 is the Master once more.

DIS-SW1#configure terminal
DIS-SW1(config)#interface vlan 10
DIS-SW1(config-if)#shut
DIS-SW1(config-if)#end
DIS-SW1#

Notice this time the first packet hit 10.1.1.101 which is DIS-SW2

DIS-SW1:

DIS-SW1#configure terminal

DIS-SW1(config)#interface vlan 10

DIS-SW1(config-if)#no shut

You can see from the output above that DIS-SW1 is now the master once again, which means the preempt command is working as expected.

b. On DIS-SW1 – Shutdown Gi0/2 test:
1) Shutdown interface Gi0/2
2) Check the VRRP status on DIS-SW1 and DIS-SW2
3) Repeat step 8
4) Rollback the changes and confirm that DIS-SW1 is the Master once more.

DIS-SW1:
DIS-SW1#configure terminal
DIS-SW1(config)#interface gigabitEthernet 0/2
DIS-SW1(config-if)#shut
DIS-SW1(config-if)#end

Notice that both of VRRP Groups are now in the backup state and the priority is set to 100

As you can see above PC1 and PC2 are still able to connect to Server-A via DIS-SW2

DIS-SW1#configure terminal
DIS-SW1(config)#interface gigabitEthernet 0/2
DIS-SW1(config-if)#no shut
DIS-SW1(config-if)#end
DIS-SW1#

Now that we restored the link between DIS-SW1 and C-Router1 we can see that DIS-SW1 is now the master once again.

10- Save your configuration

Conclusion:

In this lab, you configured and verified the VRRP protocol to provide redundancy for gateway services within a network. You also tested the behaviour of VRRP during failover and restoration, ensuring that traffic is routed efficiently even in the event of a failure. This hands-on practice is critical for understanding the operation of redundancy protocols like VRRP and achieving a high-availability network design.

Packet Tracer Lab (Pre/Post configuration):

Download the file below and open the word document to access the Packet Tracer labs.

CCNA 200-301 Lab Chapter 3 IP Connectivity Lab 037 Configure & Verify VRRP Redundancy Protocol – Pre and Post Labs Download