When a single default gateway fails, every host that relies on it loses connectivity — unless you have a First Hop Redundancy Protocol (FHRP) in place. VRRP (Virtual Router Redundancy Protocol) and GLBP (Gateway Load Balancing Protocol) are two such protocols that provide high availability and, in GLBP's case, load sharing for default gateways. For the CCNA 200-301 exam (objective 3.8), understanding their differences, operation, and configuration is critical because you'll be asked to choose the right protocol for a given scenario and to troubleshoot FHRP issues.
Jump to a section
Imagine a large hotel with a single concierge desk. Guests (hosts) go to the desk for directions (default gateway). If the concierge (router) is on a break, all guests are stuck. VRRP solves this by having a backup concierge stand by, ready to take over if the primary steps away. The primary has a name tag that says 'Concierge 1' (virtual router IP), and the backup wears a different tag but can quickly grab the 'Concierge 1' tag if needed. However, only one concierge serves at a time — the backup just waits. GLBP, on the other hand, is like having a team of concierges all wearing the same 'Concierge' name tag (virtual IP). When a guest asks for directions, the lead concierge (AVG) assigns one of the team members (AVF) to help, distributing the workload. Guests don't know which specific concierge they spoke to, but they remember the unique 'desk number' (virtual MAC) they were given. If one concierge leaves, the lead reassigns their desk number to another team member. The key mechanistic insight: VRRP uses a single active/standby model with a common virtual MAC (0000.5e00.01xx), while GLBP uses an active virtual gateway that assigns unique virtual MACs to multiple forwarding routers, allowing all routers to forward traffic simultaneously.
VRRP (Virtual Router Redundancy Protocol) is an open standard FHRP defined in RFC 5798. It allows a group of routers to share a virtual IP and MAC address, with one router acting as the Master (active forwarder) and the others as Backups. If the Master fails, a Backup takes over with minimal disruption. GLBP (Gateway Load Balancing Protocol) is a Cisco-proprietary FHRP that not only provides redundancy but also load balances traffic across multiple routers. GLBP uses a single virtual IP address but multiple virtual MAC addresses, each assigned to a different router in the group.
Why Use VRRP or GLBP?
Without an FHRP, if a host's default gateway router fails, the host must use a different gateway IP (if configured) or rely on dynamic routing — neither of which is practical for end hosts. VRRP and GLBP provide a virtual IP that hosts use as their default gateway. The physical routers in the group cooperate to ensure that at least one router is always available to forward traffic for that virtual IP. GLBP adds the benefit of load sharing, which can improve throughput and reduce latency by distributing traffic across multiple routers.
VRRP Operation
VRRP elects a Master router based on priority (1-255, default 100). The Master owns the virtual IP and responds to ARP requests with the virtual MAC (0000.5e00.01xx, where xx is the VRRP group number in hex). It sends VRRP advertisements (protocol number 112) every 1 second (default) to the multicast address 224.0.0.18. Backups listen for advertisements; if they miss three consecutive advertisements (3-second hold timer), they declare the Master dead and initiate an election. The Backup with the highest priority becomes the new Master. Preemption is enabled by default, meaning a higher-priority router that comes online later will take over from the current Master. VRRP supports up to 255 group numbers per interface.
GLBP Operation
GLBP introduces two roles: Active Virtual Gateway (AVG) and Active Virtual Forwarder (AVF). The AVG is elected (highest priority) and is responsible for assigning virtual MAC addresses to other routers. The AVG responds to ARP requests for the virtual IP, handing out different virtual MACs to different hosts, thereby distributing traffic. Each router in the group (including the AVG) can be an AVF, forwarding traffic for one or more virtual MACs. GLBP uses a single virtual IP, but each AVF is assigned a unique virtual MAC (0007.b400.xxyy, where xx is the group number and yy is the forwarder number). GLBP sends hello messages every 1 second to 224.0.0.102 (protocol number 112). The hold time is 3 seconds by default. GLBP supports load balancing methods: round-robin (default), weighted, or host-dependent. Preemption is disabled by default for AVF but enabled for AVG.
Key Differences at the Packet Level
Virtual MAC: VRRP uses 0000.5e00.01xx; GLBP uses 0007.b400.xxyy.
Multicast Address: VRRP uses 224.0.0.18; GLBP uses 224.0.0.102.
Advertisement Interval: Both default to 1 second.
Hold Timer: VRRP defaults to 3 seconds (3 x advertisement); GLBP defaults to 3 seconds.
Preemption: VRRP enabled by default; GLBP enabled for AVG, disabled for AVF by default.
Load Balancing: VRRP does not load balance; GLBP does (round-robin, weighted, host-dependent).
Configuration Example for VRRP
interface GigabitEthernet0/0
ip address 192.168.1.2 255.255.255.0
vrrp 10 ip 192.168.1.1
vrrp 10 priority 120
vrrp 10 preemptOn another router:
interface GigabitEthernet0/0
ip address 192.168.1.3 255.255.255.0
vrrp 10 ip 192.168.1.1
vrrp 10 priority 100
vrrp 10 preemptConfiguration Example for GLBP
interface GigabitEthernet0/0
ip address 192.168.1.2 255.255.255.0
glbp 10 ip 192.168.1.1
glbp 10 priority 120
glbp 10 preemptOn another router:
interface GigabitEthernet0/0
ip address 192.168.1.3 255.255.255.0
glbp 10 ip 192.168.1.1
glbp 10 priority 100
glbp 10 preemptVerification Commands
show vrrp brief
show vrrp
show glbp brief
show glbpExample output for show vrrp brief:
Interface Grp Pri Time Own Pre State Master addr Group addr
Gi0/0 10 120 3214 Y Master 192.168.1.2 192.168.1.1Example output for show glbp brief:
Interface Grp Fwd Pri State Address Active router Standby router
Gi0/0 10 - 120 Active 192.168.1.1 local 192.168.1.3
Gi0/0 10 1 7 Active 0007.b400.0a01 local -
Gi0/0 10 2 7 Standby 0007.b400.0a02 192.168.1.3 -Interaction with Other Protocols
Both VRRP and GLBP operate independently of dynamic routing protocols like OSPF or EIGRP. They provide a default gateway for hosts; the routers themselves still run a routing protocol to learn routes to remote networks. VRRP and GLBP do not affect routing protocol adjacencies, but they do rely on the underlying IP connectivity. Spanning Tree Protocol (STP) can interact with FHRPs if the virtual IP is on a VLAN interface; ensure the STP root bridge aligns with the FHRP master to avoid suboptimal forwarding.
Configure VRRP on Router A
On Router A, enter interface configuration mode for the LAN interface (e.g., GigabitEthernet0/0). Assign an IP address to the interface. Then use the `vrrp group-number ip virtual-ip` command to enable VRRP and set the virtual IP. For example: `vrrp 10 ip 192.168.1.1`. Optionally, set a higher priority (e.g., `vrrp 10 priority 120`) to make this router the Master. Enable preemption with `vrrp 10 preempt` (enabled by default, but explicit is good). Verify with `show vrrp brief`.
Configure VRRP on Router B
On Router B, configure the same interface with a different IP address (e.g., 192.168.1.3). Use the same VRRP group number and virtual IP: `vrrp 10 ip 192.168.1.1`. Leave the priority at default (100) or set lower. Enable preemption. Since Router A has higher priority, Router B will become the Backup. Verify with `show vrrp brief` — Router B should show State: Backup and Master address: 192.168.1.2.
Configure GLBP on Router A
On Router A, enter interface configuration mode. Use `glbp group-number ip virtual-ip` to enable GLBP. For example: `glbp 10 ip 192.168.1.1`. Set priority higher than the other router (e.g., `glbp 10 priority 120`). Enable preemption for the AVG role with `glbp 10 preempt`. By default, GLBP uses round-robin load balancing. Verify with `show glbp brief` — Router A should be the Active Virtual Gateway (AVG) and also an Active Virtual Forwarder (AVF) for virtual MAC 0007.b400.0a01.
Configure GLBP on Router B
On Router B, configure the same interface with `glbp 10 ip 192.168.1.1`. Set priority lower (default 100). Enable preemption. Router B will become the Standby Virtual Gateway and an AVF for a different virtual MAC (e.g., 0007.b400.0a02). Verify with `show glbp brief`. Note that both routers are forwarding traffic — each for its own virtual MAC.
Verify VRRP and GLBP Operation
Use `show vrrp` and `show glbp` for detailed information. For VRRP, check the Master router, priority, and state. For GLBP, check the AVG, AVF list, and load balancing method. Use `debug vrrp events` or `debug glbp events` cautiously in a lab to see state transitions. Also, check the ARP table on a host: for VRRP, the virtual IP maps to the virtual MAC (0000.5e00.010a); for GLBP, different hosts may have different MACs for the same virtual IP.
Test Failover
Simulate a failure by shutting down the Master/AVG interface (e.g., `shutdown` on Router A's LAN interface). On Router B, watch the state change: VRRP should transition from Backup to Master after missing three advertisements (about 3 seconds). GLBP should elect a new AVG if the current one fails, and the Standby AVG becomes Active. Use `show vrrp brief` or `show glbp brief` to confirm. Also, verify that hosts can still ping the virtual IP and reach remote networks.
In enterprise networks, VRRP is often chosen for multi-vendor environments where interoperability is required. For example, a company with a mix of Cisco and Juniper routers might use VRRP because it is an open standard. A typical deployment involves two routers connected to the same VLAN, each with a link to the upstream network. The virtual IP is configured as the default gateway for all hosts. The network engineer sets priorities to ensure the preferred router is Master, and enables preemption so that if the Master recovers, it resumes forwarding. This is common in data center access layers or campus distribution blocks.
GLBP is preferred when load sharing across multiple routers is beneficial, such as in a high-traffic environment where a single router might become a bottleneck. For instance, a large office with hundreds of users might deploy GLBP across two routers, each handling roughly half the traffic. The network engineer can adjust the load balancing method — weighted, based on router capacity, or host-dependent for session persistence. One challenge is that GLBP is Cisco-proprietary, so it only works with Cisco devices. In a mixed-vendor environment, VRRP is the only choice.
Scale considerations: Both protocols support up to 255 groups per interface, but in practice, you rarely need more than a few. Performance is generally excellent, but the advertisement interval and hold timers can be tuned for faster convergence (e.g., 200 ms hello, 700 ms hold) at the cost of increased CPU usage. Misconfiguration often involves mismatched virtual IP addresses or group numbers between routers, causing split-brain scenarios where both routers think they are the Master. This can lead to intermittent connectivity. Another common mistake is forgetting to enable preemption, causing a recovered router to stay in backup while the lower-priority router remains Master. Always verify with show vrrp or show glbp after configuration.
The CCNA 200-301 exam objective 3.8 covers 'Configure and verify first-hop redundancy protocols' including VRRP and GLBP. Expect scenario-based questions that ask you to select the appropriate FHRP based on requirements (e.g., 'Which protocol provides load balancing and is Cisco-proprietary?'). Also, be prepared to interpret show vrrp brief and show glbp brief output to determine the Master, priority, and state.
Common wrong answers: 1. 'VRRP uses virtual MAC 0007.b400.xxyy.' — This is GLBP's MAC; VRRP uses 0000.5e00.01xx. 2. 'GLBP uses multicast 224.0.0.18.' — That's VRRP; GLBP uses 224.0.0.102. 3. 'VRRP supports load balancing.' — It does not; only GLBP does. 4. 'Preemption is disabled by default in VRRP.' — It is enabled by default.
Specific values to memorize: VRRP group number range (0-255), default priority (100), advertisement interval (1 second), hold timer (3 seconds). GLBP group number range (0-1023), default priority (100), hello interval (1 second), hold time (3 seconds). Load balancing methods: round-robin (default), weighted, host-dependent.
Elimination strategy: If the question mentions 'open standard' or 'multi-vendor', choose VRRP. If it mentions 'load balancing' or 'Cisco-proprietary', choose GLBP. If it asks about virtual MAC format, match 0000.5e00 with VRRP and 0007.b400 with GLBP. For state determination, remember that in VRRP, the Master has the highest priority (or highest IP if tie). In GLBP, the AVG is elected similarly, but AVFs are determined by virtual MAC assignment.
VRRP is an open standard FHRP (RFC 5798) that provides redundancy with a single active router.
VRRP uses virtual MAC 0000.5e00.01xx and multicast address 224.0.0.18.
GLBP is Cisco-proprietary and provides both redundancy and load balancing across multiple routers.
GLBP uses virtual MAC 0007.b400.xxyy and multicast address 224.0.0.102.
VRRP default advertisement interval is 1 second; hold timer is 3 seconds (3 missed hellos).
GLBP default hello interval is 1 second; hold time is 3 seconds.
Preemption is enabled by default in VRRP; in GLBP, preemption is enabled for AVG but disabled for AVF by default.
These come up on the exam all the time. Here's how to tell them apart.
VRRP
Open standard (RFC 5798)
Single active forwarder (Master)
Virtual MAC: 0000.5e00.01xx
Multicast: 224.0.0.18
Preemption enabled by default
No load balancing
GLBP
Cisco proprietary
Multiple active forwarders (AVFs)
Virtual MAC: 0007.b400.xxyy
Multicast: 224.0.0.102
Preemption: enabled for AVG, disabled for AVF
Load balancing (round-robin, weighted, host-dependent)
Mistake
VRRP and GLBP both use the same virtual MAC format.
Correct
VRRP uses 0000.5e00.01xx (xx = group number in hex), while GLBP uses 0007.b400.xxyy (xx = group number, yy = forwarder number).
Candidates often confuse the two because both are FHRPs with similar virtual IP concepts.
Mistake
GLBP can only have one active forwarder at a time.
Correct
GLBP can have multiple Active Virtual Forwarders (AVFs) simultaneously, each forwarding traffic for a different virtual MAC.
The term 'Active Virtual Gateway' might be misinterpreted as the only forwarding router, but AVG only handles ARP responses; all routers can forward.
Mistake
VRRP supports load balancing by using multiple virtual IPs.
Correct
VRRP does not support load balancing; it only provides redundancy. Load balancing with VRRP would require multiple VRRP groups with different virtual IPs, which is not true load sharing.
Some think VRRP can load balance because it can have multiple groups, but each group has a single Master.
Mistake
Preemption is disabled by default in both VRRP and GLBP.
Correct
Preemption is enabled by default in VRRP. In GLBP, preemption is enabled by default for AVG but disabled for AVF.
Cisco defaults vary; many assume all protocols have the same default behavior.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
HSRP (Hot Standby Router Protocol) is Cisco-proprietary, while VRRP is an open standard. Both provide redundancy with a single active router. Key differences: HSRP uses UDP port 1985 and multicast 224.0.0.2, while VRRP uses IP protocol 112 and multicast 224.0.0.18. HSRP has a standby router that can take over, but VRRP has multiple backups. HSRP uses virtual MAC 0000.0c07.acxx, VRRP uses 0000.5e00.01xx. For the CCNA, know that HSRP is Cisco proprietary, VRRP is open standard.
No, VRRP does not load balance. It only provides redundancy by having one Master router forward traffic. To achieve load balancing with VRRP, you would need to create multiple VRRP groups with different virtual IPs and configure hosts to use different gateways, but that is not true load sharing and adds administrative overhead. GLBP is designed for load balancing.
Both VRRP and GLBP have a default priority of 100. The priority range is 1-255. A higher priority increases the chance of becoming the Master (VRRP) or AVG (GLBP). If priorities are equal, the highest IP address is used as a tiebreaker.
Use the `show vrrp brief` command to see a summary of all VRRP groups, their state (Master/Backup), priority, and virtual IP. For detailed information, use `show vrrp`. Example output: Interface Gi0/0, Grp 10, State Master, Priority 120, Virtual IP 192.168.1.1.
The Standby Virtual Gateway (if any) takes over as the new AVG. If no standby is configured, the AVF with the highest priority becomes the AVG. The new AVG continues to assign virtual MACs to hosts. The AVFs continue forwarding traffic for their assigned virtual MACs.
No, you cannot run both VRRP and GLBP on the same interface because they both use the same IP protocol number (112) and would conflict. Choose one FHRP per interface.
The `preempt` command allows a router with a higher priority to take over as Master even if the current Master is still operational. By default, preemption is enabled in VRRP. If disabled, the current Master remains Master until it fails, even if a higher-priority router comes online.
You've just covered VRRP and GLBP — now see how well it sticks with free CCNA 200-301 practice questions. Full explanations included, no account needed.
Done with this chapter?