beautypg.com

Configuring authentication, Configuring security features on a vsrp-aware, Device – Brocade FastIron Ethernet Switch Platform and Layer 2 Switching Configuration Guide User Manual

Page 106

background image

Configuring authentication

If the interfaces on which you configure the VRID use authentication, the VSRP packets on those
interfaces also must use the same authentication. VSRP supports the following authentication types:

• No authentication - The interfaces do not use authentication.
• Simple - The interfaces use a simple text-string as a password in packets sent on the interface. If

the interfaces use simple password authentication, the VRID configured on the interfaces must use
the same authentication type and the same password.

To configure a simple password, enter a command such as the following at the VLAN configuration
level.

device(config-vlan-10)#vsrp auth-type simple-text-auth ourpword

This command configures the simple text password "ourpword".

Syntax: [no] vsrp auth-type { no-auth | simple-text-auth auth-data }

The auth-type no-auth parameter indicates that the VRID and the interface it is configured on do not
use authentication.

The auth-type simple-text-auth auth-data parameter indicates that the VRID and the interface it is
configured on use a simple text password for authentication. The auth-data value is the password, and
can be up to eight characters. If you use this parameter, make sure all interfaces on all the devices
supporting this VRID are configured for simple password authentication and use the same password.

Configuring security features on a VSRP-aware device

This section shows how to configure security features on a VSRP-aware device. For an overview of
this feature, refer to

VSRP-aware security features

on page 100.

Specifying an authentication string for VSRP hello packets

The following configuration defines pri-key as the authentication string for accepting incoming VSRP
hello packets. In this example, the VSRP-aware device will accept all incoming packets that have this
authorization string.

device(config)#vlan 10

device(config-vlan-10)#vsrp-aware vrid 3 simple-text-auth pri-key

Syntax: vsrp-aware vrid vridnumber simple-text-auth string

Specifying no authentication for VSRP hello packets

The following configuration specifies no authentication as the preferred VSRP-aware security method.
In this case, the VSRP device will not accept incoming packets that have authentication strings.

device(config)#vlan 10

device(config-vlan-10)#vsrp-aware vrid 2 no-auth

Syntax: vsrp-aware vrid vridnumber no-auth

The following configuration specifies no authentication for VSRP hello packets received on ports 1/1,
1/2, 1/3, and 1/4 in VRID 4. For these ports, the VSRP device will not accept incoming packets that
have authentication strings.

device(config)#vlan 10

device(config-vlan-10)#vsrp-aware vrid 4 no-auth port-list ethe 1/1 to 1/4

Configuring authentication

106

FastIron Ethernet Switch Platform and Layer 2 Switching Configuration Guide

53-1003086-04