Foundry Configuration Guide for the FESX, FSX, and FWSX
8 - 24 © Foundry Networks, Inc. December 2005
VSRP-Aware Security Features
Without VSRP-aware security configured, a VSRP-aware device passively learns the authentication method
conveyed by the received VSRP hello packet. The VSRP-aware device then stores the authentication method
until it ages out with the aware entry.
With VSRP-aware security, you can:
• Define the specific authentication parameters that a VSRP-aware device will use on a VSRP backup switch.
The authentication parameters that you define will not age out.
• Define a list of ports that have authentic VSRP backup switch connections. For ports included in the list, the
VSRP-aware switch will process VSRP hello packets using the VSRP-aware security configuration.
Conversely, for ports not included in the list, the VSRP-aware switch will not use the VSRP-aware security
configuration.
If VSRP hello packets do not meet the acceptance criteria, the VSRP-aware device forwards the packets normally,
without any VSRP-aware security processing.
VSRP Parameters
Table 8.5 lists the VSRP parameters.
Table 8.5: VSRP Parameters
Parameter Description Default See page...
Protocol VSRP state
Note: On a Layer 3 Switch, you must disable VSRP
to use VRRPE or VRRP.
Enabled 8-28
Virtual Router
ID (VRID)
The ID of the virtual switch you are creating by
configuring multiple devices as redundant links. You
must configure the same VRID on each device that
you want to use to back up the links.
None 8-27
Timer scale The value used by the software to calculate all VSRP
timers. Increasing the timer scale value decreases
the length of all the VSRP timers equally, without
changing the ratio of one timer to another.
18-28
Interface Parameters
Authentication
type
The type of authentication the VSRP devices use to
validate VSRP packets. On Layer 3 Switches, the
authentication type must match the authentication
type the VRID’s port uses with other routing protocols
such as OSPF.
• No authentication – The interfaces do not use
authentication. This is the VRRP default.
• Simple – The interface uses a simple text-string
as a password in packets sent on the interface. If
the interface uses simple password
authentication, the VRID configured on the
interface must use the same authentication type
and the same password.
Note: MD5 is not supported.
No authentication 8-29
To Next Page
Loading...
Need help?
General
