Additional Vrrp Notes; Vrrp Group Overview - ZyXEL Communications Unified Security Gateway ZyWALL 300 User Manual

33.1.1 Additional VRRP Notes

• It is possible to set up two virtual routers so that they back up each other.
• VRRP uses IP protocol 112.

33.2 VRRP Group Overview

In the ZyWALL, you should create a VRRP group to add one of its interfaces to a virtual
router. You can add any Ethernet or VLAN interface with a static IP address. You do not
configure VRRP groups for virtual interfaces.
You can only use interfaces that have static IP addresses.
You can only enable one VRRP group for each interface, and you can only have one active
VRRP group for each virtual router.
If you create a VRRP group for an Ethernet interface that has a VLAN interface
configured on it, make sure you create a separate VRRP group for the VLAN
interface. This will avoid an IP conflict if the backup ZyWALL takes over for the
master.
You must set up a static IP address for the interface first, and this IP address should be the IP
address of the virtual router, not the management IP address. The management IP address is
assigned in the VRRP group. When the ZyWALL is the master router, the interface uses its IP
address, the IP address of the virtual router. If the ZyWALL is a backup router, the interface
uses its management IP address. You can look at the current IP address of the interface in the
Status screen.
You can only have one active VRRP group for each interface, and you can
only have one active VRRP group for each virtual router (VR ID).
If there is a PPPoE/PPTP interface on top of an interface in a VRRP group, the PPPoE/PPTP
interface cannot connect to the ISP until the interface becomes the master in the virtual router.
At the time of writing, the advertisement interval is fixed at one second.
You can also set up authentication for a VRRP group. If you select AH MD5 authentication,
the VRRP group uses IP protocol 51 (AH), instead of IP protocol 112 (VRRP).
ZyWALL USG 300 User's Guide
Chapter 33 Device HA
495