Lab - Implement GLBP (Instructor Version)

Instructor Note: Red font color or gray highlights indicate text that appears in the instructor copy only.

Answers: 15.1.5 Lab - Implement GLBP

Topology

Addressing Table
Device Interface IP Address Default Gateway

D1 VLAN 99 192.168.99.1/24 N/A

D1
VLAN 99 2001:db8:99::1/64 N/A

D1
Loopback 0 172.16.1.1/24 N/A

D1
Loopback 0 2001:db8:172::1/64 N/A

D2 VLAN 99 192.168.99.2/24 N/A

D2
VLAN 99 2001:db8:99::2/64 N/A

D2
Loopback 0 172.16.1.1/24 N/A

D2
Loopback 0 2001:db8:172::1/64 N/A

PC1 NIC 192.168.99.75/24 192.168.99.1

 2020 - 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 1 of 28 www.netacad.com
Lab - Implement GLBP

Device Interface IP Address Default Gateway

PC1 NIC
SLAAC
PC2 NIC 192.168.99.99/24 192.168.99.1

PC2 NIC
SLAAC

Objectives
Part 1: Build the Network and Configure Basic Device Settings and Interface Addressing
Part 2: Configure and Observe GLBP for IPv4 and IPv6
Part 3: Configure and Observe GLBP Authentication
Part 4: Configure and Observe GLBP Object Tracking

Background / Scenario
Although HSRP and VRRP provide gateway resiliency for the standby members of the redundancy group, the
upstream bandwidth is not used while the device is in standby mode. Only the active router for HSRP and the
master for VRRP groups forward traffic for the virtual MAC. Resources associated with the standby router are
not fully utilized. Some load balancing can be accomplished with these protocols through the creation of
multiple groups and through the assignment of multiple default gateways, but this configuration creates an
administrative burden. Previous labs provided you with experience configuring HSRP and VRRP to act as
First Hop Redundancy Protocols. Gateway Load Balancing Protocol (GLBP) performs a similar function in
redundancy but offers the capability to load balance over multiple gateways.
GLBP is a Cisco-proprietary solution created to enable automatic selection and simultaneous use of multiple
available gateways in addition to automatic failover between those gateways. Multiple routers share the load
of frames that, from a client perspective, are sent to a single default gateway address.
Like HSRP and VRRP, an election occurs, but rather than a single active router winning the election, GLBP
elects an Active Virtual Gateway (AVG). The AVG assigns virtual MAC addresses to each of the routers in the
GLBP group (called Active Virtual Forwarders or AVFs). These virtual MAC addresses are then provided to
hosts in an algorithmic manner in response to ARP requests from hosts for the default gateway.
GLBP allows for simultaneous forwarding from routers participating in a GLBP group. GLBP can support up to
four routers in a group. GLBP also offers authentication and object tracking.
Note: This lab is an exercise in deploying and verifying GLBP and does not necessarily reflect networking
best practices.
Note: The switches used with CCNP hands-on labs are Cisco 3650 with Cisco IOS XE release 16.9.4
(universalk9 image) and Cisco 2960+ with IOS release 15.2 (lanbase image). Other routers and Cisco IOS
versions can be used. Depending on the model and Cisco IOS version, the commands available and the
output produced might vary from what is shown in the labs.
Note: Ensure that the switches have been erased and have no startup configurations. If you are unsure
contact your instructor.
Instructor Note: Refer to the Instructor Lab Manual for the procedures to initialize and reload devices.

Required Resources
 2 Switches (Cisco 3650 with Cisco IOS XE release 16.9.4 universal image or comparable)
 1 Switch (Cisco 2960 with Cisco IOS Release 15.2(2) lanbasek9 image or comparable)
 1 PC (Choice of operating system with a terminal emulation program installed)

 2020 - 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 2 of 28 www.netacad.com
Lab - Implement GLBP

 Console cables to configure the Cisco IOS devices via the console ports
 Ethernet cables as shown in the topology

Instructions

Part 1: Build the Network and Configure Basic Device Settings and Interface
Addressing
In Part 1, you will set up the network topology and configure basic settings and interface addressing.

Step 1: Cable the network as shown in the topology.

Attach the devices as shown in the topology diagram, and cable as necessary.

Step 2: Configure basic settings for each switch.

a. Console into each switch, enter global configuration mode, and apply the basic settings. A command list
for each switch is listed below for initial configurations.
Open configuration window

Switch D1
hostname D1
ip routing
ipv6 unicast-routing
no ip domain lookup
banner motd # D1, Implement GLBP #
line con 0
exec-timeout 0 0
logging synchronous
exit
line vty 0 4
privilege level 15
password cisco123
exec-timeout 0 0
logging synchronous
login
exit
interface range g1/0/1-24, g1/1/1-4, g0/0
shutdown
exit
interface range g1/0/1-6
switchport mode trunk
no shutdown
exit
interface range g1/0/1-4
channel-group 12 mode active
exit
interface range g1/0/5-6
channel-group 1 mode active

 2020 - 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 3 of 28 www.netacad.com
Lab - Implement GLBP

exit
vlan 99
name ALL_THE_HOSTS
exit
interface vlan 99
ip address 192.168.99.1 255.255.255.0
ipv6 address fe80::d1:1 link-local
ipv6 address 2001:db8:99::1/64
no shutdown
exit
interface loopback 0
ip address 172.16.1.1 255.255.255.0
ipv6 address fe80::d1:2 link-local
ipv6 address 2001:db8:172::1/64
no shutdown
exit
Switch D2
hostname D2
ip routing
ipv6 unicast-routing
no ip domain lookup
banner motd # D2, Implement GLBP #
line con 0
exec-timeout 0 0
logging synchronous
exit
line vty 0 4
privilege level 15
password cisco123
exec-timeout 0 0
logging synchronous
login
exit
interface range g1/0/1-24, g1/1/1-4, g0/0
shutdown
exit
interface range g1/0/1-6
switchport mode trunk
no shutdown
exit
interface range g1/0/1-4
channel-group 12 mode active
exit
interface range g1/0/5-6
channel-group 2 mode active

 2020 - 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 4 of 28 www.netacad.com
Lab - Implement GLBP

exit
vlan 99
name ALL_THE_HOSTS
exit
interface vlan 99
ip address 192.168.99.2 255.255.255.0
ipv6 address fe80::d2:1 link-local
ipv6 address 2001:db8:99::2/64
no shutdown
exit
interface loopback 0
ip address 172.16.1.1 255.255.255.0
ipv6 address fe80::d2:2 link-local
ipv6 address 2001:db8:172::1/64
no shutdown
exit
Switch A1
hostname A1
no ip domain lookup
banner motd # A1, Implement GLBP #
line con 0
exec-timeout 0 0
logging synchronous
exit
line vty 0 4
privilege level 15
password cisco123
exec-timeout 0 0
logging synchronous
login
exit
interface range f0/1-24, g0/1-2
shutdown
exit
interface range f0/1-4
switchport mode trunk
no shutdown
exit
interface range f0/1-2
channel-group 1 mode active
exit
interface range f0/3-4
channel-group 2 mode active
exit
vlan 99

 2020 - 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 5 of 28 www.netacad.com
Lab - Implement GLBP

name ALL_THE_HOSTS
exit
interface f0/23
switchport mode access
switchport access vlan 99
spanning-tree portfast
no shutdown
exit
interface f0/24
switchport mode access
switchport access vlan 99
spanning-tree portfast
no shutdown
exit
interface vlan 99
ip address 192.168.99.3 255.255.255.0
ipv6 address fe80::a1:1 link-local
ipv6 address 2001:db8:99::3/64
no shutdown
exit
ip default-gateway 192.168.99.254
b. Set the clock on each switch to UTC time.
c. Save the running configuration to startup-config.
Close configuration window

Step 3: Configure the PCs for network connectivity.

Configure PC1 and PC2 with the IPv4 address, subnet mask, and default gateway specified in the topology
diagram. The IPv6 address and default gateway information for the PCs will come from SLAAC.

Part 2: Configure and Observe GLBP for IPv4 and IPv6

In Part 2, you will configure and test GLBP in support of IPv4 and IPv6.
A GLBP group can have as many as four members. A single member will be elected as the AVG, and then
routers will be designated as AVFs and their virtual MAC address will be distributed to hosts by the AVG in
response to ARP requests.
AVG election is based on highest GLBP priority. In case of a tie, the highest assigned IP address is used. The
glbp <grp #> priority interface configuration command can be used to modify the priority from the default of
100 to influence the election of the AVG. Should the AVG lose its role, the backup router with highest priority
will assume the role. If you want the original AVG router to reassume its role when it comes back up, the glbp
<grp #> preempt command must be configured.
The AVF is responsible for forwarding packets that are sent to the virtual MAC address assigned to that
gateway by the AVG. Forward preemption is used with the AVFs and allows another AVF to assume
responsibility for forwarding packets for an AVF that has lost its role or been disconnected. While AVG
preemption must be manually configured, AVF preemption is enabled by default.
However, the AVFs use a weighting value rather than a priority value. Weighting thresholds are defined in
conjunction with interface tracking. This functionality will be demonstrated later in the lab.
In this lab, D1 will act as AVG and AVF1 and D2 will act as the AVF2. D1's GLBP priority will be modified to
ensure its election as AVG.

 2020 - 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 6 of 28 www.netacad.com
Lab - Implement GLBP

The standby address for VLAN 99 will be the host address 192.168.99.254. For IPv6, VLAN 99 will use
fe80::99:254 as the default gateway.

Step 1: Configure GLBP on switch D1.

a. Configure GLBP group 99 on interface VLAN 99 with a GLBP ip of 192.168.99.254 and a priority of 150.
Open configuration window

D1(config)# interface vlan 99

D1(config-if)# glbp 99 ip 192.168.99.254
D1(config-if)# glbp 99 priority 150
D1(config-if)# glbp 99 preempt
b. Configure GLBP group 996 on interface vlan 99 with a GLBP ip of fe80::99:254 and a priority of 150.
D1(config-if)# glbp 996 ipv6 fe80::99:254
D1(config-if)# glbp 996 priority 150
D1(config-if)# glbp 996 preempt

Step 2: Verify GLBP is operational on switch D1.

a. Verify that GLBP is active and operating on switch D1 with the show glbp command. Because D1 is the
only switch configured for GLBP, it is the AVG and AVF on all groups.
D1# show glbp
Vlan99 - Group 99
State is Active
1 state change, last state change 00:06:52
Virtual IP address is 192.168.99.254
Hello time 3 sec, hold time 10 sec
Next hello sent in 2.720 secs
Redirect time 600 sec, forwarder time-out 14400 sec
Preemption enabled, min delay 0 sec
Active is local
Standby is 192.168.99.2, priority 100 (expires in 7.904 sec)
Priority 150 (configured)
Weighting 100 (default 100), thresholds: lower 1, upper 100
Load balancing: round-robin
Group members:
d8b1.9028.afdd (192.168.99.1) local
d8b1.905d.c35d (192.168.99.2)
There are 2 forwarders (1 active)
Forwarder 1
State is Active
1 state change, last state change 00:06:41
MAC address is 0007.b400.6301 (default)
Owner ID is d8b1.9028.afdd
Redirection enabled
Preemption enabled, min delay 30 sec
Active is local, weighting 100
Vlan99 - Group 996
State is Active
1 state change, last state change 00:06:53
Virtual IP address is FE80::99:254

 2020 - 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 7 of 28 www.netacad.com
Lab - Implement GLBP

Hello time 3 sec, hold time 10 sec

Next hello sent in 0.256 secs
Redirect time 600 sec, forwarder time-out 14400 sec
Preemption enabled, min delay 0 sec
Active is local
Standby is FE80::D2:1, priority 100 (expires in 8.064 sec)
Priority 150 (configured)
Weighting 100 (default 100), thresholds: lower 1, upper 100
Load balancing: round-robin
Group members:
d8b1.9028.afdd (FE80::D1:1) local
d8b1.905d.c35d (FE80::D2:1)
There are 2 forwarders (1 active)
Forwarder 1
State is Active
1 state change, last state change 00:06:42
MAC address is 0007.b403.e401 (default)
Owner ID is d8b1.9028.afdd
Redirection enabled
Preemption enabled, min delay 30 sec
Active is local, weighting 100
Client selection count: 5
b. You can also use the show glbp brief command to get a less verbose status.
D1# show glbp brief
Interface Grp Fwd Pri State Address Active router Standby router
Vl99 99 - 150 Active 192.168.99.254 local unknown
Vl99 99 1 - Active 0007.b400.6301 local -
Vl99 996 - 150 Active FE80::99:254 local unknown
Vl99 996 1 - Active 0007.b403.e401 local -

Step 3: Configure GLBP on switch D2.

a. Configure GLBP group 99 on interface VLAN 99 with a GLBP ip of 192.168.99.254.
D2(config)# interface vlan 99
D2(config-if)# glbp 99 ip 192.168.99.254
D2(config-if)# glbp 99 preempt
b. Configure GLBP group 996 on interface vlan 99 with a GLBP ip of fe80::99:254.
D2(config-if)# glbp 996 ipv6 fe80::99:254
D2(config-if)# glbp 996 preempt

Step 4: Verify GLBP is operational on Switch D2.

a. Verify that GLBP is active and operating on switch D2 with the show glbp brief command.
D2# show glbp brief
Interface Grp Fwd Pri State Address Active router Standby router
Vl99 99 - 100 Standby 192.168.99.254 192.168.99.1 local
Vl99 99 1 - Listen 0007.b400.6301 192.168.99.1 -
Vl99 99 2 - Active 0007.b400.6302 local -
Vl99 996 - 100 Standby FE80::99:254 FE80::D1:1 local

 2020 - 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 8 of 28 www.netacad.com
Lab - Implement GLBP

Vl99 996 1 - Listen 0007.b403.e401 FE80::D1:1 -

Vl99 996 2 - Active 0007.b403.e402 local -
Let us examine this output in detail (Note that there may be differences in your output.).
The first line after the column headings provides the status of the AVG. Reading from left to right, the line
states that the priority of the local device is 100, the local device AVG status is standby for the virtual IP
192.168.99.254, and that the active AVG is 192.168.99.1 and the standby AVG is the local device.
The second line provides the status of AVF1. Reading from left to right, the AVF1 status is Listen for the
virtual MAC address 0007.b400.6301, and the active router is 192.168.99.1. This indicates that the local
device is listening for the status of AVF1, and that 192.168.99.1 is currently active as AVF1. If AVF1 were to
fail, which we will demonstrate later, D2 would be listening, it would hear that D1 is no longer sending
messages, and take over processing traffic for AVF1 until it hears traffic from D1 again.
The third line provides the status of AVF2. Reading from left to right, the AVF2 status is active for the MAC
address 0007.b400.6302, and the active router is the local router.
The last three lines provide the same information for group 996.
Close configuration window

Step 5: Observe and validate GLBP operation.

a. Interface Loopback0 on D1 and D2 represent a destination on the internet. From PC1 and PC2, ping the
IPv4 and IPv6 address of interface Loopack0 on D1. A successful ping verifies that the gateway router is
working. But we need to look further. Use the arp -a command on PC1 and PC2 and look at the entry for
the default gateway. You will see that one computer has 00:70:b4:00:63:01 and the other has
00:70:b4:00:63:02. The traffic load has been balanced between the gateways.
Linux OS
student@linux-machine:~$ ip neigh show | grep 254
192.168.99.254 dev ens33 lladdr 00:07:b4:00:63:01 REACHABLE
fe80::99:254 dev ens33 lladdr 00:07:b4:03:e4:01 router REACHABLE

Windows OS
C:\Users\student> arp -a

Interface: 192.168.99.50 --- 0xa

Internet Address Physical Address Type
<output omitted>
192.168.99.254 00-07-b4-00-63-02 dynamic
<output omitted>

C:\Users\student> netsh interface ipv6 show neighbors

<output omitted>
Internet Address Physical Address Type
-------------------------------------------- ----------------- -----------
fe80::99:254 00-07-b4-03-e4-02 Reachable (Router)
<output omitted>
b. Now that the PCs are operating and you can see the load balancing in effect, what happens when one of
the AVFs fail? To observe this, issue the shutdown command on D2 interface VLAN 99, ping 172.16.1.1
and 2001:db8:172::1 from PC1 and PC2, then look at the ARP and Neighbor tables on PC1 and PC2.
Linux OS
student@ linux-machine:~/Documents$ ip neigh show | grep 254

 2020 - 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 9 of 28 www.netacad.com
Lab - Implement GLBP

192.168.99.254 dev ens33 lladdr 00:07:b4:00:63:01 REACHABLE

fe80::99:254 dev ens33 lladdr 00:07:b4:03:e4:01 router REACHABLE

Windows OS
C:\Users\student> arp -a

Interface: 192.168.99.50 --- 0xa

Internet Address Physical Address Type
<output omitted>
192.168.99.254 00-07-b4-00-63-02 dynamic

C:\Users\student> netsh interface ipv6 show neighbors

<output omitted>
Internet Address Physical Address Type
-------------------------------------------- ----------------- -----------
fe80::99:254 00-07-b4-03-e4-02 Reachable (Router)
It is important that you understand that the AVG hands out MAC addresses in a round-robin fashion by
default. If you carefully control which host is doing what during this process, you should be able to
recreate these results. The other options for load balancing are host-dependent and weighted.

Part 3: Configure and Observe GLBP Authentication

Just like HSRP, GLBP is unauthenticated by default, which opens up the possibility of a rogue device joining
the GLBP protocol message traffic and being inserted into the routing operations out of the LAN. It is a good
idea to add authentication to GLBP to ensure this does not happen. Just like HSRP, GLBP supports plaintext
authentication, as well as md5-based key-string or key-chain based authentication. Authentication is
configured on the interface supporting GLBP.
a. On D1, configure authentication for groups 99 and 996 using the key string Super53cret.
Open configuration window

D1(config)# interface vlan 99

D1(config-if)# glbp 99 authentication md5 key-string Super53cret
D1(config-if)# glbp 996 authentication md5 key-string Super53cret
D1(config-if)# exit
b. Notice that as soon as this command was entered on D1, we received a “bad authentication” message
display to the console screen. GLBPP authentication is not yet configured on D2 therefore we expect the
GLBP process to be disrupted. The output of the show glbp brief command below confirms that D2 is no
longer the standby router for group 99. The standby router shows unknown.
*Jan 22 20:44:43.937: %GLBP-4-BADAUTH: Bad authentication received from 192.168.99.2,
group 99
D1#
*Jan 22 20:44:51.087: %GLBP-6-FWDSTATECHANGE: Vlan99 Grp 996 Fwd 2 state Listen ->
Active
D1#
*Jan 22 20:44:53.241: %GLBP-6-FWDSTATECHANGE: Vlan99 Grp 99 Fwd 2 state Listen ->
Active
D1#
*Jan 22 20:45:15.810: %GLBP-4-BADAUTH: Bad authentication received from FE80::D2:1,
group 996
D1# show glbp brief
Interface Grp Fwd Pri State Address Active router Standby router

 2020 - 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 10 of 28 www.netacad.com
Lab - Implement GLBP

Vl99 99 - 150 Active 192.168.99.254 local unknown

Vl99 99 1 - Active 0007.b400.6301 local -
Vl99 99 2 - Active 0007.b400.6302 local -
Vl99 996 - 150 Active FE80::99:254 local unknown
Vl99 996 1 - Active 0007.b403.e401 local -
Vl99 996 2 - Active 0007.b403.e402 local -
c. On D2, configure authentication for groups 99 and 996 using the key string Super53cret.
D2(config)# interface vlan 99
D2(config-if)# glbp 99 authentication md5 key-string Super53cret
D2(config-if)# glbp 996 authentication md5 key-string Super53cret
D2(config-if)# exit
d. As soon as the key-string was entered, GLBP started working again. Validate this by examining the
output of show glbp brief on D1 and you will see that D2 is now listed as the standby router for group 99
and that D2 is acting as AVF2.
D1# show glbp brief
Interface Grp Fwd Pri State Address Active router Standby router
Vl99 99 - 150 Active 192.168.99.254 local 192.168.99.2
Vl99 99 1 - Active 0007.b400.6301 local -
Vl99 99 2 - Listen 0007.b400.6302 192.168.99.2 -
Vl99 996 - 150 Active FE80::99:254 local FE80::D2:1
Vl99 996 1 - Active 0007.b403.e401 local -
Vl99 996 2 - Listen 0007.b403.e402 FE80::D2:1 -
Close configuration window

Part 4: Configure and Observe GLBP Object Tracking

GLBP tracking uses a weighting mechanism. With GLBP, two thresholds are defined: one lower threshold that
applies when the AVF loses weight, and one upper threshold that applies when the AVF regains weight. The
GLBP weighting mechanism has upper and lower thresholds defined. This offers more flexibility than its
counterparts HSRP and VRRP, which only allow a single threshold to be defined. If the AVF priority (or
weight) falls below the threshold, the AVF loses its active state. As soon as the AVF weight (or priority)
exceeds the upper threshold, the AVF regains its active state. Given our concern about distant network
reachability, we will track interface loopback 0 on switch D1 and D2.

Step 1: Create a tracked object.

Create an object on Switch D1 and D2 that tracks the line-protocol of interface Loopback 0.
Open configuration window

D1(config)# track 7 interface loopback 0 line-protocol

D1(config-track)# exit

Step 2: Configure GLBP to track the object status.

In the first command, Interface VLAN 99 is configured with a glbp weight of 110, a lower threshold of 85 and
an upper threshold of 105. When the weight falls below the specified lower threshold (85), the D1 AFV is
forced to relinquish its role for the ACTIVE MAC address assigned to it.
In the second command, GLBP weighting is associated with the line protocol status of interface loopback 0. If
the line protocol state changes, the weight configured for 110 will be decreased by 30 resulting in a weight of
80. D1 would then lose its AVF role until the weight exceeds the upper defined threshold of 105.
The commands are repeated for group 996, and all four commands are applied to interface vlan 99 on switch
D2.
D1(config)# interface vlan 99

 2020 - 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 11 of 28 www.netacad.com
Lab - Implement GLBP

D1(config-if)# glbp 99 weighting 110 lower 85 upper 105

D1(config-if)# glbp 99 weighting track 7 decrement 30
D1(config-if)# glbp 996 weighting 110 lower 85 upper 105
D1(config-if)# glbp 996 weighting track 7 decrement 30
D1(config-if)# exit

Step 3: Verify the GLBP configuration.

Issue the command show glbp on switch D1. In the output, you can see all the adjustments that have been
made up to this point.
D1# show glbp
Vlan99 - Group 99
State is Active
1 state change, last state change 03:14:37
Virtual IP address is 192.168.99.254
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.768 secs
Redirect time 600 sec, forwarder time-out 14400 sec
Authentication MD5, key-string
Preemption enabled, min delay 0 sec
Active is local
Standby is 192.168.99.2, priority 100 (expires in 7.584 sec)
Priority 150 (configured)
Weighting 110 (configured 110), thresholds: lower 85, upper 105
Track object 7 state Up decrement 30
Load balancing: round-robin
Group members:
d8b1.9028.afdd (192.168.99.1) local
d8b1.905d.c35d (192.168.99.2) authenticated
There are 2 forwarders (1 active)
Forwarder 1
State is Active
1 state change, last state change 03:14:27
MAC address is 0007.b400.6301 (default)
Owner ID is d8b1.9028.afdd
Redirection enabled
Preemption enabled, min delay 30 sec
Active is local, weighting 110
Client selection count: 9
Forwarder 2
State is Listen
8 state changes, last state change 00:47:29
MAC address is 0007.b400.6302 (learnt)
Owner ID is d8b1.905d.c35d
Redirection enabled, 597.600 sec remaining (maximum 600 sec)
Time to live: 14397.600 sec (maximum 14400 sec)
Preemption enabled, min delay 30 sec
Active is 192.168.99.2 (primary), weighting 110 (expires in 9.312 sec)
Client selection count: 9

 2020 - 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 12 of 28 www.netacad.com
Lab - Implement GLBP

Vlan99 - Group 996

State is Active
1 state change, last state change 03:14:37
Virtual IP address is FE80::99:254
Hello time 3 sec, hold time 10 sec
Next hello sent in 2.336 secs
Redirect time 600 sec, forwarder time-out 14400 sec
Authentication MD5, key-string
Preemption enabled, min delay 0 sec
Active is local
Standby is FE80::D2:1, priority 100 (expires in 8.032 sec)
Priority 150 (configured)
Weighting 110 (configured 110), thresholds: lower 85, upper 105
Track object 7 state Up decrement 30
Load balancing: round-robin
Group members:
d8b1.9028.afdd (FE80::D1:1) local
d8b1.905d.c35d (FE80::D2:1) authenticated
There are 2 forwarders (1 active)
Forwarder 1
State is Active
1 state change, last state change 03:14:25
MAC address is 0007.b403.e401 (default)
Owner ID is d8b1.9028.afdd
Redirection enabled
Preemption enabled, min delay 30 sec
Active is local, weighting 110
Client selection count: 128
Forwarder 2
State is Listen
8 state changes, last state change 00:47:29
MAC address is 0007.b403.e402 (learnt)
Owner ID is d8b1.905d.c35d
Redirection enabled, 598.048 sec remaining (maximum 600 sec)
Time to live: 14398.048 sec (maximum 14400 sec)
Preemption enabled, min delay 30 sec
Active is FE80::D2:1 (primary), weighting 110 (expires in 8.992 sec)
Client selection count: 127
Close configuration window

Step 4: Verify GLBP adjusts to weighting changes.

a. On a PC that is using D1 as its AVF1 (MAC address ending in 01), start a continuous ping to the
destination address 172.16.1.1. This will be useful to demonstrate the automatic failover of one AVF to
the other when the tracked object decrements the GLBP weight.
b. Shut down interface Loopback 0 on D1 and observe the console messages.
Open configuration window

D1(config)# interface loopback 0

D1(config-if)# shutdown
D1(config-if)#
*Jan 22 21:53:48.687: %TRACK-6-STATE: 7 interface Lo0 line-protocol Up -> Down

 2020 - 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 13 of 28 www.netacad.com
Lab - Implement GLBP

D1(config-if)#
*Jan 22 21:53:50.687: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0,
changed state to down
*Jan 22 21:53:50.689: %LINK-5-CHANGED: Interface Loopback0, changed state to
administratively down
D1(config-if)#
*Jan 22 21:54:21.257: %GLBP-6-FWDSTATECHANGE: Vlan99 Grp 99 Fwd 1 state Active ->
Listen
*Jan 22 21:54:21.900: %GLBP-6-FWDSTATECHANGE: Vlan99 Grp 996 Fwd 1 state Active ->
Listen
c. After the GLBP state change on D1, look at the ping output. The ping should be continuing without fail,
and only experiencing a few lost packets.
d. Examine the output of show glbp for group 99.
D1# show glbp
Vlan99 - Group 99
State is Active
3 state changes, last state change 00:05:48
Virtual IP address is 192.168.99.254
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.448 secs
Redirect time 600 sec, forwarder time-out 14400 sec
Authentication MD5, key-string
Preemption enabled, min delay 0 sec
Active is local
Standby is 192.168.99.2, priority 100 (expires in 8.384 sec)
Priority 150 (configured)
Weighting 80, low (configured 110), thresholds: lower 85, upper 105
Track object 7 state Down decrement 30
Load balancing: round-robin
Group members:
d8b1.9028.afdd (192.168.99.1) local
d8b1.905d.c35d (192.168.99.2) authenticated
There are 2 forwarders (0 active)
Forwarder 1
State is Listen
4 state changes, last state change 00:01:22
MAC address is 0007.b400.6301 (default)
Owner ID is d8b1.9028.afdd
Redirection enabled
Preemption enabled, min delay 30 sec
Active is 192.168.99.2 (secondary), weighting 110 (expires in 10.208 sec)
Client selection count: 15
Forwarder 2
State is Listen
8 state changes, last state change 01:09:16
MAC address is 0007.b400.6302 (learnt)
Owner ID is d8b1.905d.c35d
Redirection enabled, 598.400 sec remaining (maximum 600 sec)
Time to live: 14398.400 sec (maximum 14400 sec)

 2020 - 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 14 of 28 www.netacad.com
Lab - Implement GLBP

Preemption enabled, min delay 30 sec

Active is 192.168.99.2 (primary), weighting 110 (expires in 8.480 sec)
Client selection count: 14
<output omitted>
The first part of the GLBP output deals with D1’s role as an AVG. The AVG role has not been affected by
the configuration we applied above. The highlighted portion shows the impact of the interface tracking
and weighting mechanism configurations. The weighting mechanism only affects the forwarder role in
GLBP. Notice that D1 is no longer the forwarder for the MAC address 0007.b400.6301. D1 shows the
forwarder roles for both MAC addresses in the listen state.
e. Issue the no shutdown command on D1 interface Loopback 0 and you should see that D1 resumes its
role as an AVF.
D1(config-if)# no shutdown
D1(config-if)#
*Jan 22 21:58:32.401: %TRACK-6-STATE: 7 interface Lo0 line-protocol Down -> Up
D1(config-if)#
*Jan 22 21:58:34.401: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0,
changed state to up
D1(config-if)#
*Jan 22 21:58:34.402: %LINK-3-UPDOWN: Interface Loopback0, changed state to up
D1(config-if)#
*Jan 22 21:59:04.050: %GLBP-6-FWDSTATECHANGE: Vlan99 Grp 99 Fwd 1 state Listen ->
Active
D1(config-if)#
*Jan 22 21:59:06.104: %GLBP-6-FWDSTATECHANGE: Vlan99 Grp 996 Fwd 1 state Listen ->
Active
D1# show glbp brief
Interface Grp Fwd Pri State Address Active router Standby router
Vl99 99 - 150 Active 192.168.99.254 local 192.168.99.2
Vl99 99 1 - Active 0007.b400.6301 local -
Vl99 99 2 - Listen 0007.b400.6302 192.168.99.2 -
Vl99 996 - 150 Active FE80::99:254 local FE80::D2:1
Vl99 996 1 - Active 0007.b403.e401 local -
Vl99 996 2 - Listen 0007.b403.e402 FE80::D2:1 -
Close configuration window
End of document

Device Configs - Final

Switch D1
D1# show run
Building configuration...

Current configuration : 9918 bytes

!
version 16.9
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
! Call-home is enabled by Smart-Licensing.
service call-home
no platform punt-keepalive disable-kernel-core

 2020 - 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 15 of 28 www.netacad.com
Lab - Implement GLBP

!
hostname D1
!
vrf definition Mgmt-vrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
no aaa new-model
switch 1 provision ws-c3650-24ts
!
ip routing
!
ip domain lookup
!
login on-success log
ipv6 unicast-routing
!
license boot level ipservicesk9
!
diagnostic bootup level minimal
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
redundancy
mode sso
!
transceiver type all
monitoring
!
track 7 interface Loopback0 line-protocol
!
class-map match-any system-cpp-police-topology-control
description Topology control
class-map match-any system-cpp-police-sw-forward
description Sw forwarding, L2 LVX data, LOGGING
class-map match-any system-cpp-default
description Inter FED, EWLC control, EWLC data
class-map match-any system-cpp-police-sys-data
description Learning cache ovfl, High Rate App, Exception, EGR Exception, NFL
SAMPLED DATA, RPF Failed
class-map match-any system-cpp-police-punt-webauth
description Punt Webauth
class-map match-any system-cpp-police-l2lvx-control
description L2 LVX control packets
class-map match-any system-cpp-police-forus

 2020 - 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 16 of 28 www.netacad.com
Lab - Implement GLBP

description Forus Address resolution and Forus traffic

class-map match-any system-cpp-police-multicast-end-station
description MCAST END STATION
class-map match-any system-cpp-police-multicast
description Transit Traffic and MCAST Data
class-map match-any system-cpp-police-l2-control
description L2 control
class-map match-any system-cpp-police-dot1x-auth
description DOT1X Auth
class-map match-any system-cpp-police-data
description ICMP redirect, ICMP_GEN and BROADCAST
class-map match-any system-cpp-police-stackwise-virt-control
description Stackwise Virtual
class-map match-any non-client-nrt-class
class-map match-any system-cpp-police-routing-control
description Routing control and Low Latency
class-map match-any system-cpp-police-protocol-snooping
description Protocol snooping
class-map match-any system-cpp-police-dhcp-snooping
description DHCP snooping
class-map match-any system-cpp-police-system-critical
description System Critical and Gold Pkt
!
policy-map system-cpp-policy
!
interface Loopback0
ip address 172.16.1.1 255.255.255.0
ipv6 address FE80::D1:2 link-local
ipv6 address 2001:DB8:172::1/64
!
interface Port-channel1
switchport mode trunk
!
interface Port-channel12
switchport mode trunk
!
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet1/0/1
switchport mode trunk
channel-group 12 mode active
!
interface GigabitEthernet1/0/2
switchport mode trunk
channel-group 12 mode active
!

 2020 - 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 17 of 28 www.netacad.com
Lab - Implement GLBP

interface GigabitEthernet1/0/3
switchport mode trunk
channel-group 12 mode active
!
interface GigabitEthernet1/0/4
switchport mode trunk
channel-group 12 mode active
!
interface GigabitEthernet1/0/5
switchport mode trunk
channel-group 1 mode active
!
interface GigabitEthernet1/0/6
switchport mode trunk
channel-group 1 mode active
!
interface GigabitEthernet1/0/7
shutdown
!
interface GigabitEthernet1/0/8
shutdown
!
interface GigabitEthernet1/0/9
shutdown
!
interface GigabitEthernet1/0/10
shutdown
!
interface GigabitEthernet1/0/11
shutdown
!
interface GigabitEthernet1/0/12
shutdown
!
interface GigabitEthernet1/0/13
shutdown
!
interface GigabitEthernet1/0/14
shutdown
!
interface GigabitEthernet1/0/15
shutdown
!
interface GigabitEthernet1/0/16
shutdown
!
interface GigabitEthernet1/0/17
shutdown
!
interface GigabitEthernet1/0/18

 2020 - 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 18 of 28 www.netacad.com
Lab - Implement GLBP

shutdown
!
interface GigabitEthernet1/0/19
shutdown
!
interface GigabitEthernet1/0/20
shutdown
!
interface GigabitEthernet1/0/21
shutdown
!
interface GigabitEthernet1/0/22
shutdown
!
interface GigabitEthernet1/0/23
shutdown
!
interface GigabitEthernet1/0/24
shutdown
!
interface GigabitEthernet1/1/1
shutdown
!
interface GigabitEthernet1/1/2
shutdown
!
interface GigabitEthernet1/1/3
shutdown
!
interface GigabitEthernet1/1/4
shutdown
!
interface Vlan1
no ip address
shutdown
!
interface Vlan99
ip address 192.168.99.1 255.255.255.0
ipv6 address FE80::D1:1 link-local
ipv6 address 2001:DB8:99::1/64
glbp 99 ip 192.168.99.254
glbp 99 priority 150
glbp 99 preempt
glbp 99 weighting 110 lower 85 upper 105
glbp 99 authentication md5 key-string Super53cret
glbp 99 weighting track 7 decrement 30
glbp 996 ipv6 FE80::99:254
glbp 996 priority 150
glbp 996 preempt
glbp 996 weighting 110 lower 85 upper 105

 2020 - 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 19 of 28 www.netacad.com
Lab - Implement GLBP

glbp 996 authentication md5 key-string Super53cret

glbp 996 weighting track 7 decrement 30
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
control-plane
service-policy input system-cpp-policy
!
banner motd ^C D1, Implement GLBP ^C
!
line con 0
exec-timeout 0 0
logging synchronous
stopbits 1
line aux 0
stopbits 1
line vty 0 4
exec-timeout 0 0
privilege level 15
password cisco123
logging synchronous
login
line vty 5 15
login
!
end

Switch D2
D2# show run
Building configuration...

Current configuration : 9899 bytes

!
version 16.9
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
! Call-home is enabled by Smart-Licensing.
service call-home
no platform punt-keepalive disable-kernel-core
!
hostname D2
!
vrf definition Mgmt-vrf
!
address-family ipv4

 2020 - 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 20 of 28 www.netacad.com
Lab - Implement GLBP

exit-address-family
!
address-family ipv6
exit-address-family
!
no aaa new-model
switch 1 provision ws-c3650-24ts
!
ip routing
!
no ip domain lookup
!
login on-success log
ipv6 unicast-routing
!
license boot level ipservicesk9
!
diagnostic bootup level minimal
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
redundancy
mode sso
!
transceiver type all
monitoring
!
track 7 interface Loopback0 line-protocol
!
class-map match-any system-cpp-police-topology-control
description Topology control
class-map match-any system-cpp-police-sw-forward
description Sw forwarding, L2 LVX data, LOGGING
class-map match-any system-cpp-default
description Inter FED, EWLC control, EWLC data
class-map match-any system-cpp-police-sys-data
description Learning cache ovfl, High Rate App, Exception, EGR Exception, NFL
SAMPLED DATA, RPF Failed
class-map match-any system-cpp-police-punt-webauth
description Punt Webauth
class-map match-any system-cpp-police-l2lvx-control
description L2 LVX control packets
class-map match-any system-cpp-police-forus
description Forus Address resolution and Forus traffic
class-map match-any system-cpp-police-multicast-end-station
description MCAST END STATION
class-map match-any system-cpp-police-multicast
description Transit Traffic and MCAST Data
class-map match-any system-cpp-police-l2-control

 2020 - 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 21 of 28 www.netacad.com
Lab - Implement GLBP

description L2 control
class-map match-any system-cpp-police-dot1x-auth
description DOT1X Auth
class-map match-any system-cpp-police-data
description ICMP redirect, ICMP_GEN and BROADCAST
class-map match-any system-cpp-police-stackwise-virt-control
description Stackwise Virtual
class-map match-any non-client-nrt-class
class-map match-any system-cpp-police-routing-control
description Routing control and Low Latency
class-map match-any system-cpp-police-protocol-snooping
description Protocol snooping
class-map match-any system-cpp-police-dhcp-snooping
description DHCP snooping
class-map match-any system-cpp-police-system-critical
description System Critical and Gold Pkt
!
policy-map system-cpp-policy
!
interface Loopback0
ip address 172.16.1.1 255.255.255.0
ipv6 address FE80::D2:2 link-local
ipv6 address 2001:DB8:172::1/64
!
interface Port-channel1
!
interface Port-channel2
switchport mode trunk
!
interface Port-channel12
switchport mode trunk
!
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet1/0/1
switchport mode trunk
channel-group 12 mode active
!
interface GigabitEthernet1/0/2
switchport mode trunk
channel-group 12 mode active
!
interface GigabitEthernet1/0/3
switchport mode trunk
channel-group 12 mode active
!

 2020 - 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 22 of 28 www.netacad.com
Lab - Implement GLBP

interface GigabitEthernet1/0/4
switchport mode trunk
channel-group 12 mode active
!
interface GigabitEthernet1/0/5
switchport mode trunk
channel-group 2 mode active
!
interface GigabitEthernet1/0/6
switchport mode trunk
channel-group 2 mode active
!
interface GigabitEthernet1/0/7
shutdown
!
interface GigabitEthernet1/0/8
shutdown
!
interface GigabitEthernet1/0/9
shutdown
!
interface GigabitEthernet1/0/10
shutdown
!
interface GigabitEthernet1/0/11
shutdown
!
interface GigabitEthernet1/0/12
shutdown
!
interface GigabitEthernet1/0/13
shutdown
!
interface GigabitEthernet1/0/14
shutdown
!
interface GigabitEthernet1/0/15
shutdown
!
interface GigabitEthernet1/0/16
shutdown
!
interface GigabitEthernet1/0/17
shutdown
!
interface GigabitEthernet1/0/18
shutdown
!
interface GigabitEthernet1/0/19
shutdown

 2020 - 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 23 of 28 www.netacad.com
Lab - Implement GLBP

!
interface GigabitEthernet1/0/20
shutdown
!
interface GigabitEthernet1/0/21
shutdown
!
interface GigabitEthernet1/0/22
shutdown
!
interface GigabitEthernet1/0/23
shutdown
!
interface GigabitEthernet1/0/24
shutdown
!
interface GigabitEthernet1/1/1
shutdown
!
interface GigabitEthernet1/1/2
shutdown
!
interface GigabitEthernet1/1/3
shutdown
!
interface GigabitEthernet1/1/4
shutdown
!
interface Vlan1
no ip address
shutdown
!
interface Vlan99
ip address 192.168.99.2 255.255.255.0
ipv6 address FE80::D2:1 link-local
ipv6 address 2001:DB8:99::2/64
glbp 99 ip 192.168.99.254
glbp 99 preempt
glbp 99 weighting 110 lower 85 upper 105
glbp 99 authentication md5 key-string Super53cret
glbp 99 weighting track 7 decrement 30
glbp 996 ipv6 FE80::99:254
glbp 996 preempt
glbp 996 weighting 110 lower 85 upper 105
glbp 996 authentication md5 key-string Super53cret
glbp 996 weighting track 7 decrement 30
!
ip forward-protocol nd
ip http server
ip http authentication local

 2020 - 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 24 of 28 www.netacad.com
Lab - Implement GLBP

ip http secure-server
!
control-plane
service-policy input system-cpp-policy
!
banner motd ^C D2, Implement GLBP ^C
!
line con 0
exec-timeout 0 0
logging synchronous
stopbits 1
line aux 0
stopbits 1
line vty 0 4
exec-timeout 0 0
privilege level 15
password cisco123
logging synchronous
login
line vty 5 15
login
!
end

Switch A1
A1# show run
Building configuration...

Current configuration : 2308 bytes

!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname A1
!
boot-start-marker
boot-end-marker
!
no aaa new-model
system mtu routing 1500
!
no ip domain-lookup
!
spanning-tree mode pvst
spanning-tree extend system-id
!

 2020 - 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 25 of 28 www.netacad.com
Lab - Implement GLBP

vlan internal allocation policy ascending

!
interface Port-channel1
switchport mode trunk
!
interface Port-channel2
switchport mode trunk
!
interface FastEthernet0/1
switchport mode trunk
channel-group 1 mode active
!
interface FastEthernet0/2
switchport mode trunk
channel-group 1 mode active
!
interface FastEthernet0/3
switchport mode trunk
channel-group 2 mode active
!
interface FastEthernet0/4
switchport mode trunk
channel-group 2 mode active
!
interface FastEthernet0/5
shutdown
!
interface FastEthernet0/6
shutdown
!
interface FastEthernet0/7
shutdown
!
interface FastEthernet0/8
shutdown
!
interface FastEthernet0/9
shutdown
!
interface FastEthernet0/10
shutdown
!
interface FastEthernet0/11
shutdown
!
interface FastEthernet0/12
shutdown
!
interface FastEthernet0/13
shutdown

 2020 - 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 26 of 28 www.netacad.com
Lab - Implement GLBP

!
interface FastEthernet0/14
shutdown
!
interface FastEthernet0/15
shutdown
!
interface FastEthernet0/16
shutdown
!
interface FastEthernet0/17
shutdown
!
interface FastEthernet0/18
shutdown
!
interface FastEthernet0/19
shutdown
!
interface FastEthernet0/20
shutdown
!
interface FastEthernet0/21
shutdown
!
interface FastEthernet0/22
shutdown
!
interface FastEthernet0/23
switchport access vlan 99
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/24
switchport access vlan 99
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/1
shutdown
!
interface GigabitEthernet0/2
shutdown
!
interface Vlan1
no ip address
shutdown
!
interface Vlan99
ip address 192.168.99.3 255.255.255.0

 2020 - 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 27 of 28 www.netacad.com
Lab - Implement GLBP

ipv6 address FE80::A1:1 link-local

ipv6 address 2001:DB8:99::3/64
!
ip default-gateway 192.168.99.254
ip http server
ip http secure-server
!
banner motd ^C A1, Implement GLBP ^C
!
line con 0
exec-timeout 0 0
logging synchronous
line vty 0 4
exec-timeout 0 0
privilege level 15
password cisco123
logging synchronous
login
line vty 5 15
login
!
end

 2020 - 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 28 of 28 www.netacad.com