No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Reliability

CloudEngine 8800, 7800, 6800, and 5800 V200R005C00

This document describes the configurations of Reliability, including BFD Configuration, VRRP Configuration, DLDP Configuration, Smart Link and Monitor Link Configuration, EFM Configuration, and CFM Configuration.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
(Optional) Setting the Authentication Mode of VRRP Advertisement Packets

(Optional) Setting the Authentication Mode of VRRP Advertisement Packets

Context

Different authentication modes and authentication keys can be set in VRRPv2 Advertisement packets:
  • Non-authentication: The local device does not authenticate VRRP Advertisement packets before sending them. The remote device does not authenticate the received VRRP Advertisement packets and considers all the received packets valid.
  • Simple authentication: The local device encapsulates the authentication mode and authentication key into an outgoing VRRP Advertisement packet. When the remote device receives the VRRP Advertisement packet, it checks whether the authentication mode and authentication key in the packet are the same as those configured locally. If so, the device considers the received VRRP Advertisement packet valid. If not, the device considers the received VRRP Advertisement packet invalid and discards it.
  • MD5 authentication: The local device uses the MD5 algorithm to encrypt the authentication key and encapsulates the key in the Authentication Data field of an outgoing VRRP Advertisement packet. Upon receipt of the VRRP Advertisement packet, the remote device decrypts the authentication key and checks whether the authentication mode and authentication key are the same as those configured locally. If they are the same, the remote device accepts the packet; otherwise, it discards the packet.
NOTE:

Only VRRPv2 supports authentication. VRRPv3 does not support authentication. VRRPv2 reserves the authentication field in VRRP Advertisement packets to be compatible with VRRP defined in RFC 2338. VRRP authentication cannot improve security.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run interface interface-type interface-number

    The interface view is displayed.

  3. On an Ethernet interface, run undo portswitch

    The interface is switched to Layer 3 mode.

    By default, an Ethernet interface works in Layer 2 mode.

    The mode switching function takes effect when the interface only has attribute configurations (for example, shutdown and description configurations). Alternatively, if configuration information supported by both Layer 2 and Layer 3 interfaces exists (for example, mode lacp and lacp system-id configurations), no configuration that is not supported after the working mode of the interface is switched can exist. If unsupported configurations exist on the interface, delete the configurations first and then run the undo portswitch command.

    NOTE:

    If many Ethernet interfaces need to be switched to Layer 3 mode, run the undo portswitch batch interface-type { interface-number1 [ to interface-number2 ] } &<1-10> command in the system view to switch these interfaces to Layer 3 mode in batches.

  4. Run vrrp vrid virtual-router-id authentication-mode { simple { key | plain key | cipher cipher-key } | md5 md5-key }

    The authentication mode in VRRP Advertisement packets is configured.

    By default, a VRRP group uses non-authentication.

    NOTE:
    • Devices in a VRRP group must be configured with the same authentication mode and authentication key; otherwise, the VRRP group cannot negotiate the Master and Backup states.

    • For security purposes, you are advised to use MD5 as the authentication algorithm of VRRP.

  5. Run commit

    The configuration is committed.

Translation
Download
Updated: 2019-04-20

Document ID: EDOC1100040245

Views: 38544

Downloads: 118

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next