No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


AR500, AR510, AR531, AR550, AR1500, and AR2500 Security Hardening And Maintenance Guide

This document provides guidance for strengthening network and device security in terms of network security risks, security architecture, and security hardening policies. It also provides guidance for routine maintenance of device security in terms of the management, control, and forwarding planes.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).


Security Policy Introduction

  • Protocol security policies:

    • Authentication mode: VRRP supports simple text authentication and HAMC-MD5 authentication. VRRP also supports authentication exemption.

    • Packet check: VRRP checks the backup group ID, checksum, TTL, version number, packet type, timer, number of virtual addresses, virtual address, and packet length.

  • System security policies:

    Attack packet suppression: If a device receives more than five packets within the specified time or receives packets sent from the device itself, the device discards the packets.

Attack Method Introduction

  • Send many packets within a period of time.

  • Construct incorrect VRRP packets.

Configuration Guide

  • Authentication mode: Authentication exemption, simple authentication, or MD5 authentication can be used. In simple authentication, the password can be saved in plain text or cipher text. In MD5 authentication, the password is saved in cipher text by default.

  • Packet check: This function is supported by default and requires no additional configuration.

System security configuration: Attack packet suppression is supported by default and requires no additional configuration.

Configuration Suggestion

Authentication mode: MD5 authentication is recommended to enhance security.

Packet check and attack packet suppression: No additional configuration is required.

Updated: 2019-05-06

Document ID: EDOC1000097300

Views: 4749

Downloads: 72

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Previous Next