Help
FortiSwitch
FortiSwitch: secure, simple and scalable Ethernet solutions
jcamacho1
Staff
Staff

Created on ‎05-28-2025 10:35 PM Edited on ‎08-26-2025 07:11 AM By Staff

Article Id 394054

Technical Tip: How To Properly Configure VRRP For Secondary IP Address

Description This article describes how to configure VRRP in a situation where it is necessary to apply the parameter over a secondary IP address.
Scope FortiSwitch v7.2.10, 7.4.6, 7.6.2 and above.
Solution

When VRRP is required for a secondary IP address, a network mask must be added to match the secondary IP address. The configuration is as shown in the following example:

 

config system interface
    edit "Test"
        set ip 20.1.1.12 255.255.255.0
        set allowaccess ping https http ssh telnet
        set vrrp-virtual-mac enable
        config vrrp
            edit 5
                set vrip 20.1.1.1
            next
            edit 9
                set netmask 255.255.255.0  <-----
                set vrip 20.2.2.100
            next
        end
        set secondary-IP enable
        set vlanid 24
        set interface "internal"
        config secondaryip
            edit 1
                set ip 20.2.2.12 255.255.255.0
            next
        end
    next
end

 

This is because VRRP always compares the network mask with the primary IP address. For the secondary IP address, the 'netmask' parameter is required to be added.

 

359
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.