vrrp vrid authentication-mode

Use vrrp vrid authentication-mode to configure the authentication mode and the authentication key for an IPv4 VRRP group to send and receive VRRP packets.

Use undo vrrp vrid authentication-mode to restore the default.

Syntax

vrrp vrid virtual-router-id authentication-mode { md5 | simple } { cipher | plain } key

undo vrrp vrid virtual-router-id authentication-mode

Default

Authentication is disabled when a VRRP group sends and receives VRRP packets.

Views

Interface view

Predefined user roles

network-admin

Parameters

virtual-router-id: Specifies an IPv4 VRRP group by its virtual router ID in the range of 1 to 255.

md5: Specifies the MD5 authentication mode.

simple: Specifies the simple authentication mode.

cipher: Sets a ciphertext authentication key.

plain: Sets a plaintext authentication key.

key: Sets the authentication key. This argument is case-sensitive. It must be a ciphertext string of 1 to 41 characters if the cipher keyword is specified or a plaintext string of 1 to 8 characters if the plain keyword is specified.

Usage guidelines

To avoid attacks from unauthorized users, VRRP member routers add authentication keys in VRRP packets to authenticate one another. VRRP provides the following authentication modes:

The MD5 authentication is more secure than the simple text authentication, but it costs more resources.

For security purposes, all keys, including keys configured in plain text, are saved in cipher text.


[IMPORTANT: ]

IMPORTANT:

  • You can configure different authentication modes and authentication keys for the VRRP groups on an interface. However, members of the same VRRP group must use the same authentication mode and authentication key.

  • For VRRPv3, this command does not take effect.


Examples

# Set the authentication mode to simple and the authentication key to Sysname for VRRP group 1 on VLAN-interface 2.

<Sysname> system-view
[Sysname] interface vlan-interface 2
[Sysname-Vlan-interface2] vrrp vrid 1 authentication-mode simple plain Sysname

Related commands