Configuring authentication, Configuring security features on a vsrp-aware, Device – Brocade FastIron Ethernet Switch Platform and Layer 2 Switching Configuration Guide User Manual
Page 106
Configuring authentication
If the interfaces on which you configure the VRID use authentication, the VSRP packets on those
interfaces also must use the same authentication. VSRP supports the following authentication types:
• No authentication - The interfaces do not use authentication.
• Simple - The interfaces use a simple text-string as a password in packets sent on the interface. If
the interfaces use simple password authentication, the VRID configured on the interfaces must use
the same authentication type and the same password.
To configure a simple password, enter a command such as the following at the VLAN configuration
level.
device(config-vlan-10)#vsrp auth-type simple-text-auth ourpword
This command configures the simple text password "ourpword".
Syntax: [no] vsrp auth-type { no-auth | simple-text-auth auth-data }
The auth-type no-auth parameter indicates that the VRID and the interface it is configured on do not
use authentication.
The auth-type simple-text-auth auth-data parameter indicates that the VRID and the interface it is
configured on use a simple text password for authentication. The auth-data value is the password, and
can be up to eight characters. If you use this parameter, make sure all interfaces on all the devices
supporting this VRID are configured for simple password authentication and use the same password.
Configuring security features on a VSRP-aware device
This section shows how to configure security features on a VSRP-aware device. For an overview of
this feature, refer to
on page 100.
Specifying an authentication string for VSRP hello packets
The following configuration defines pri-key as the authentication string for accepting incoming VSRP
hello packets. In this example, the VSRP-aware device will accept all incoming packets that have this
authorization string.
device(config)#vlan 10
device(config-vlan-10)#vsrp-aware vrid 3 simple-text-auth pri-key
Syntax: vsrp-aware vrid vridnumber simple-text-auth string
Specifying no authentication for VSRP hello packets
The following configuration specifies no authentication as the preferred VSRP-aware security method.
In this case, the VSRP device will not accept incoming packets that have authentication strings.
device(config)#vlan 10
device(config-vlan-10)#vsrp-aware vrid 2 no-auth
Syntax: vsrp-aware vrid vridnumber no-auth
The following configuration specifies no authentication for VSRP hello packets received on ports 1/1,
1/2, 1/3, and 1/4 in VRID 4. For these ports, the VSRP device will not accept incoming packets that
have authentication strings.
device(config)#vlan 10
device(config-vlan-10)#vsrp-aware vrid 4 no-auth port-list ethe 1/1 to 1/4
Configuring authentication
106
FastIron Ethernet Switch Platform and Layer 2 Switching Configuration Guide
53-1003086-04