Skip to main content
Cisco SD-WAN
Product Documentation
Viptela Documentation


vpn interface vrrp—Configure the Virtual Router Redundancy Protocol (VRRP) to allow multiple routers to share a common virtual IP address for default gateway redundancy (on vEdge routers only).

Hosts are assigned a single default gateway (also called default router) IP address, either through DHCP or statically for the first-hop router. This situation creates a single point of failure in the network. VRRP provides default gateway (first-hop router) redundancy through configuration of a virtual IP address shared by multiple routers on a single LAN or subnet.

One router on the LAN or subnet becomes master, thus assuming the role of the default gateway, and the other routers take the role of slave. When the master router fails, one of the slaves is elected as the new master and assumes the role of default gateway.

You cannot configure VRRP on an interface that is in the transport VPN (VPN 0).

vManage Feature Template

For vEdge routers only:

Configuration ► Templates ► VPN Interface Ethernet

Command Hierarchy

vpn vpn-id
  interface geslot/port[.subinterface]
    vrrp group-number
      ipv4 ip-address    
      priority number
      timer seconds
      (track-omp | track-prefix-list list-name)


Advertisement Time
timer seconds
How often the VRRP master sends VRRP advertisement messages. If slave routers miss three consecutive VRRP advertisements, they elect a new master.
Range: 1 through 3600 seconds
Default: 1 second
For Cisco XE SD-WAN Routers
Range: 100 through 3600 milliseconds
Default: 100 milliseconds
Priority To Be Elected Master
priority number
Priority level of the router. The router with the highest priority is elected as master. If two vEdge routers have the same priority, the one with the higher IP address is elected as master.
Range: 1 through 254
Default: 100
Track Interface State
(track-omp | track-prefix-list list-name)
By default, VRRP uses of the state of the service (LAN) interface on which it is running to determine which vEdge router is the master virtual router. When the interface for the master goes down, a new VRRP master virtual router is elected based on the VRRP priority value.
Because VRRP runs on a LAN interface, if a vEdge router loses all its WAN control connections, the LAN interface still indicates that it is up even though the router is functionally unable to participate in VRRP. To take WAN side connectivity into account for VRRP, you can configure one of the following:
track-omp—Track the Overlay Management Protocol (OMP) session running on the WAN connection when determining the VRRP master virtual router. If all OMP sessions are lost on the master VRRP router, VRRP elects a new default gateway from among all the gateways that have one or more active OMP sessions even if the gateway chosen has a lower VRRP priority than the current master. With this option, VRRP failover occurs once the OMP state changes from up to down, which occurs when the OMP hold timer expires. (The default OMP hold timer interval is 60 seconds.) Until the hold timer expires and a new VRRP master is elected, all overlay traffic is dropped. When the OMP session recovers, the local VRRP interface claims itself as master even before it learns and installs OMP routes from the vSmart controllers. Until the routes are learned, traffic is also dropped.
track-prefix-list list-name—Track both the OMP session and a list of remote prefixes. list-name is the name of a prefix list configured with the policy lists prefix-list command on the vEdge router. If all OMP sessions are lost, VRRP failover occurs as described for the track-omp option. In addition, if reachability to all the prefixes in the list is lost, VRRP failover occurs immediately, without waiting for the OMP hold timer to expire, thus minimizing the amount of overlay traffic is dropped while the vEdge routers determine the VRRP master.
Default: VRRP tracks only the interface on which it is configured.
Virtual Router ID
vrrp group-number
Virtual router ID, which is a numeric identifier of the virtual router. For each interface or subinterface, you can configure only a single VRRP group. On a router, you can configure a maximum of 24 groups.
Range: 1 through 255
Virtual Router IP Address
ip address ip-address
IP address of the virtual router. The virtual IP address must be different from the configured interface IP addresses of both the local vEdge router and the peer running VRRP. For each interface or subinterface, you can configure only a single virtual IP address.

Operational Commands

show vrrp


Configure VRRP in VPN 1, on the subinterface ge0/1.3 on Cisco vEdge Devices:

vpn 1
 interface ge0/1.3
  ip address
  mtu 1490
  no shutdown
  vrrp 3
   priority 200
   timer    1
   track-prefix-list vrrp-prefix-list

Configure VRRP on Cisco XE SD-WAN Routers

interface GigabitEthernet0/0/2
description to-LAN
no shutdown
arp timeout 1200
vrf forwarding 1
ip address
ip redirects
ip mtu    1500
mtu         1500
negotiation auto
vrrp 1 address-family ipv4
  priority 90
  timers advertise 1000

Note: For Cisco XE SD-WAN Routers Range: 100 through 3600 milliseconds Default: 100 milliseconds

Release Information

Command introduced in Viptela Software Release 14.1.​
In Release 15.2, add tracking by prefix list.
In Releaes 18.3, you can configure a maximum of 24 VRRP groups on a router.

Additional Information

See the Configuring VRRP article for your software release.

omp timers

  • Was this article helpful?