MasterPriority : 90
Preempt : YES Delay Time : 0
TimerRun : 1
TimerConfig : 1
Auth Type : NONE
Virtual Mac : 0000-5e00-010a
Check TTL : YES
Config type : normal-vrrp
Config track link-bfd down-number : 0
Track BFD : 1 Priority reduced : 10
BFD-session state : UP
6.6 Configuring VRRP Security
On a network at security risks, by configuring an authentication mode of VRRP packets, you
can protect devices against attacks.
6.6.1 Establishing the Configuration Task
Before configuring VRRP security authentication, familiarize yourself with the applicable
environment and complete pre-configuration task of configuring a VRRP backup group.
Applicable Environment
In a secure network, by default, the switch considers received and sent VRRP packets real and
valid without authenticating them. In this case, you need not configure an authentication key.
VRRP provides simple text authentication and MD5 authentication for networks that are
vulnerable to attacks. In simple text authentication mode, a string of 1 to 8 characters can be
configured as the authentication key. In MD5 authentication mode, a string of 1 to 8 characters
in plain text or a string of 24 characters in encrypted text can be configured as the authentication
key.
The process of simple text authentication is as follows:
l Device that sends packets adds the authentication key into VRRP packets.
l Device that receives packets compares the received authentication key with the local
authentication key. If they are the same, VRRP packets are valid. Otherwise, the switch
discards the received VRRP packets and sends a Trap packet to the Network Management
System (NMS).
The process of MD5 authentication is as follows:
l The switch adds the authentication key to the VRRP packet.
l The receiver generates a summary based on the locally configured authentication key and
compares the summary of the received VRRP packet with the locally generated summary.
If they are the same, the receiver considers the received VRRP packet valid. Otherwise,
the receiver considers the received VRRP packet illegal and discards it, and then reports a
trap message to the network management system.
Pre-configuration Tasks
Before configuring the VRRP security function, complete the following tasks:
l Configuring network layer attributes for interfaces to connect the network
l Configuring the VRRP backup group
Quidway S6700 Series Ethernet Switches
Configuration Guide - Reliability 6 VRRP and VRRP6 Configuration
Issue 01 (2011-07-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
231
To Next Page
Loading...
Need help?
General
