No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S12700 V200R010C00 Configuration Guide - Reliability

This document describes the configuration of BFD, DLDP, VRRP, SmartLink, CFM, EFM, Y.1731 and MAC swap loopback to ensure reliability on the device.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
(Optional) Setting the Authentication Mode of VRRP Advertisement Packets

(Optional) Setting the Authentication Mode of VRRP Advertisement Packets

Context

Different authentication modes and authentication keys can be set in VRRPv2 Advertisement packets:
  • Non-authentication: The local device does not send authentication information in outgoing VRRP Advertisement packets, and does not authenticate received VRRP Advertisement packets, considering them all to be valid.
  • Simple authentication: The local device encapsulates the authentication mode and authentication key into an outgoing VRRP Advertisement packet. When a device receives a VRRP Advertisement packet, it compares the authentication mode and authentication key in the packet with those configured on the device. If the values are the same, the device considers the received VRRP Advertisement packet to be valid; otherwise, it discards it.
  • MD5 authentication: The local device uses the MD5 algorithm to encrypt the authentication key and encapsulates the key in the Authentication Data field of an outgoing VRRP Advertisement packet. The device that receives the VRRP Advertisement packet matches the authentication mode with the decrypted authentication key in the packet.
NOTE:

Only VRRPv2 supports authentication. VRRPv3 does not support authentication. VRRPv2 reserves the authentication field in VRRP Advertisement packets to be compatible with VRRP defined in earlier versions. VRRP authentication cannot improve security.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    interface interface-type interface-number

    The interface view is displayed.

  3. (Optional) On an Ethernet interface, run undo portswitch

    The interface is switched to Layer 3 mode.

    By default, an Ethernet interface works in Layer 2 mode.

  4. Run:

    vrrp vrid virtual-router-id authentication-mode { simple { key | plain key | cipher cipher-key } | md5 md5-key }

    The authentication mode in VRRP Advertisement packets is configured.

    By default, a VRRP group uses non-authentication.

    NOTE:
    • Devices in a VRRP group must be configured with the same authentication mode and authentication key; otherwise, the VRRP group cannot negotiate the Master and Backup states.

    • To ensure security, you are advised to use MD5 authentication.

Translation
Download
Updated: 2019-08-21

Document ID: EDOC1000142090

Views: 95431

Downloads: 109

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next