By default, both vrrp masters are on the left, up and down.
Working principle:
When vrrp is powered on, it is in the initialize state first, and then switches to the active or standb state.
HRP uses port 18514 and uses unicast. It requires policy release and the master device sends HRP heartbeat messages.
If the device is in the active state, the automatic priority is 65001. If there is a fault, it automatically decreases by 2 and becomes 64999. It will forward itself to the standby state for a short time and is invisible to the user.
If the main device interface is down and the main device is switched to the standby state, the interface will remain in the initialize state.
If it is in standby state, the automatic priority is 65000.
Main configuration:
FW1
hrp enable
hrp interface GigabitEthernet1/0/2 remote 172.16.0.2
interface GigabitEthernet1/0/0
undo shutdown
ip address 1.1.1.2 255.255.255.0
vrrp vrid 2 virtual-ip 1.1.1.1 active
interface GigabitEthernet1/0/1
undo shutdown
ip address 10.1.1.2 255.255.255.0
vrrp vrid 1 virtual-ip 10.1.1.1 active
interface GigabitEthernet1/0/2
undo shutdown
ip address 172.16.0.1 255.255.255.0
firewall zone trust
set priority 85
add interface GigabitEthernet0/0/0
add interface GigabitEthernet1/0/1
firewall zone untrust
set priority 5
add interface GigabitEthernet1/0/0
firewall zone dmz
set priority 50
add interface GigabitEthernet1/0/2
security-policy //temporarily allow all
default action permit
FW2:
hrp enable
hrp interface GigabitEthernet1/0/2 remote 172.16.0.1
interface GigabitEthernet1/0/0
undo shutdown
ip address 1.1.1.3 255.255.255.0
vrrp vrid 2 virtual-ip 1.1.1.1 standby
interface GigabitEthernet1/0/1
undo shutdown
ip address 10.1.1.3 255.255.255.0
vrrp vrid 1 virtual-ip 10.1.1.1 standby
interface GigabitEthernet1/0/2
undo shutdown
ip address 172.16.0.2 255.255.255.0
firewall zone trust
set priority 85
add interface GigabitEthernet0/0/0
add interface GigabitEthernet1/0/1
firewall zone untrust
set priority 5
add interface GigabitEthernet1/0/0
firewall zone dmz
set priority 50
add interface GigabitEthernet1/0/2
security-policy
default action permit
Check:
dis hrp state verbose