Questo sito utilizza cookie di profilazione (propri e di terze parti) per ottimizzare la tua esperienza online e per inviarti pubblicità in linea con le tue preferenze. Continuando a utilizzare questo sito senza modificare le tue preferenze acconsenti all’uso dei cookie. Se vuoi saperne di più o negare il consenso a tutti o ad alcuni cookie clicca qui>
The website that you are visiting also provides Arabian language. Do you wish to switch language version?
يوفر موقع الويب الذي تزوره المحتوى باللغة العربية أيضًا. هل ترغب في تبديل إصدار اللغة؟
The website that you are visiting also provides Russia language Do you wish to switch language version?
Данный сайт есть в английской версии. Желаете ли Вы перейти на английскую версию?
The customer could not configure IPv6 authentication in a network where there is already a VRRP running for IPv4.
The customer typed the command below followed by question mark and noticed there are no paramenters for authentication of VRRP6.
[CE12800]vrrp6 vrid 2 ?
admin Specify the administrator VRRP6
join Join to load-balance VRRP
load-balance Specify load balance mode
preempt Specify preempt mode
priority Specify priority
timer Specify timer
track Specify track configuration
virtual-ip Specify a virtual IP address
After searching the documentation and thinking that IPv6 already have the Authentication Header included in the IP packet, so it's more secure than IPv4, checked the IANA webside for RFC5798. There I found that actually the VRRP has removed any type of authentication for both IPv4 and IPv6 later versions. Only IPv4 early versions still support it.
Security Considerations:VRRP for IPvX does not currently include any type of authentication. Earlier versions of the VRRP (for IPv4) specification included several types of authentication ranging from none to strong. Operational experience and further analysis determined that these did not provide sufficient security to overcome the vulnerability of misconfigured secrets, causing multiple Masters to be elected. Due to the nature of the VRRP protocol, even if VRRP messages are cryptographically protected, it does not prevent hostile nodes from behaving as if they are a VRRP Master, creating multiple Masters. Authentication of VRRP messages could have prevented a hostile node from causing all properly functioning routers from going into Backup state. However, having multiple Masters can cause as much disruption as no routers, which authentication cannot prevent. Also, even if a hostile node could not disrupt VRRP, it can disrupt ARP and create the same effect as having all routers go into Backup.