beautypg.com

Vrrp router type – Brocade FastIron Ethernet Switch Layer 3 Routing Configuration Guide User Manual

Page 607

background image

Syntax: ip vrrp-extended auth-type no-auth | simple-text-auth auth-data | md5-auth [ 0 |1 ] key

For IPv6 VRRP-E:

Syntax: ipv6 vrrp-extended auth-type no-auth | simple-text-auth auth-data | md5-auth [ 0 | 1 ] key

The values for the no-auth and simple-text-auth auth-data options are the same as for VRRP.

The md5-auth option configures the interface to use HMAC-MD5-96 for VRRP-E authentication.

The key variable is the MD5 encryption key, which can be up to 64 characters long. The optional 0 or1
parameters configure whether the MD5 password is encrypted, as follows:

• If you do not enter this parameter and enter the key as clear text, the key appears encrypted in the

device configuration and command outputs.

• If you enter 0 and enter the key as clear text, the key appears as clear text in the device configuration

and command outputs.

• If you enter 1 and enter the key in encrypted format, the key appears in encrypted format in the

device configuration and command outputs.

Syslog messages for VRRP-E HMAC-MD5-96 authentication

If an interface is configured with HMAC-MD5-96 authentication, all VRRP-E packets received on this
interface are authenticated with the HMAC-MD5-96 algorithm using the shared secret key configured on
the interface.

If a packet is received that fails this HMAC-MD5-96 authentication check, the packet gets dropped.
Additionally, if syslog is enabled, a syslog message is generated to notify the administrator about an
authentication failure. The message includes the VRID received in the packet's VRRP message and the
interface on which the packet was received. These syslog messages will be rate limited to 20 log
messages within a span of 5 minutes, starting from the first packet received that fails the HMAC-
MD5-96 authentication check.

For Example:

SYSLOG: <13>Apr 30 14:14:57 ICX6610 VRRP: VRRPE authentication failure, intf v555,

vrid 55, auth_type MD5 authentication

SYSLOG: <13>Apr 30 14:14:58 ICX6610 VRRP: VRRPE authentication failure, intf v555,

vrid 55, auth_type MD5 authentication

SYSLOG: <13>Apr 30 14:14:59 ICX6610 VRRP: VRRPE authentication failure, intf v555,

vrid 55, auth_type MD5 authentication

VRRP router type

A VRRP interface is either an Owner or a Backup router for a given VRID. By default, the Owner
becomes the Master. A Backup router becomes the Master only if the Master becomes unavailable.

A VRRP-E interface is always a Backup router for its VRID. The Backup router with the highest VRRP
priority becomes the Master.

This section describes how to specify the interface type, how to change the type for VRRP, and how to
set or change the interface VRRP or VRRP-E priority and track priority for the VRID.

NOTE
You can force a VRRP Master router to abdicate (give away control) of the VRID to a Backup router by
temporarily changing the Master VRRP priority to a value less than the Backup.

Syslog messages for VRRP-E HMAC-MD5-96 authentication

FastIron Ethernet Switch Layer 3 Routing Configuration Guide

607

53-1003087-04

See also other documents in the category Brocade Computer Accessories: