No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

A VRID Conflict Results in Serious Packet Loss

Publication Date:  2019-01-24 Views:  99 Downloads:  0
Issue Description

In the networking where two firewalls are working in hot standby mode, the ping operation to the virtual IP address of the VRRP group is performed on the downstream switch, but many packets are dropped.

Handling Process

Step 1: Ping the interface IP address of the firewall from the downstream switch. No packet is dropped. This indicates that the link works properly.

Step 2: Check the hot standby status of the firewalls. The status is normal.

Step 3: Check the ARP table of the switch. It is found that one VRRP virtual MAC address corresponds to two IP addresses.

Step 4: Query firewall logs. There are logs recording virtual IP address errors.

2011-09-09 17:56:17 sysname %%01VRRP/3/CONFIGERROR(1): System detected a VRRP config error of VIRTUAL IP ADDRESS ERROR, Interface: GigabitEthernet1/0/1, Virtual Router: 1!

Step5: Check the VRRP configuration. The VRRP group configured on another device uses the same VRID as the firewall, and the device is also connected to the switch, causing a MAC entry error.

Step 6: Change the VRID of the firewall.

Root Cause

A link is faulty.

VRIDs conflict.

Suggestions
The VRIDs of devices in a VLAN cannot be the same.

END