HP 6125XLG R2306-HP 6125XLG Blade Switch High Availability Command Reference - Page 79

vrrp vrid preempt-mode, Usage guidelines, Examples, Related commands, Syntax

Get HP 6125XLG PDF manuals and user guides View all HP 6125XLG manuals
Add to My Manuals
Save this manual to your list of manuals

Page 79 highlights

key: Sets the authentication key. This argument is case sensitive. It must be a ciphertext string of 1 to 41 characters if the cipher keyword is specified or a plaintext string of 1 to 8 characters if the plain keyword is specified. Usage guidelines To avoid attacks from unauthorized users, VRRP member routers add authentication keys in VRRP packets to authenticate one another. VRRP provides the following authentication modes: • simple-Simple text authentication. The sender fills an authentication key into the VRRP packet, and the receiver compares the received authentication key with its local authentication key. If the two authentication keys are the same, the received VRRP packet is legitimate. Otherwise, the received packet is illegitimate. • md5-MD5 authentication. The sender computes a digest for the packet to be sent by using the authentication key and MD5 algorithm, and it saves the result in the authentication header. The receiver performs the same operation by using the authentication key and MD5 algorithm, and it compares the result with the content in the authentication header. If the results are the same, the received VRRP packet is legitimate. Otherwise, the received packet is illegitimate. The MD5 authentication is more secure than the simple text authentication, but it costs more resources. For security purposes, all keys, including keys configured in plain text, are saved in cipher text. IMPORTANT: • You can configure different authentication modes and authentication keys for the VRRP groups on an interface. However, members of the same VRRP group must use the same authentication mode and authentication key. • For VRRPv3, this command does not take effect. Examples # Set the authentication mode to simple and the authentication key to Sysname for VRRP group 1 on VLAN-interface 2. system-view [Sysname] interface vlan-interface 2 [Sysname-Vlan-interface2] vrrp vrid 1 authentication-mode simple plain Sysname Related commands • display vrrp • vrrp version vrrp vrid preempt-mode Use vrrp vrid preempt-mode to enable the preemptive mode for the device in an IPv4 VRRP group and configure the preemption delay. Use undo vrrp vrid preempt-mode to disable the preemptive mode for the device in an IPv4 VRRP group. Use undo vrrp vrid preempt-mode delay to restore the default preemption delay. Syntax vrrp vrid virtual-router-id preempt-mode [ delay delay-value ] 74

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
74
key
: Sets the authentication key. This argument is case sensitive. It must be a ciphertext string of 1 to 41
characters if the
cipher
keyword is specified or a plaintext string of 1 to 8 characters if the
plain
keyword
is specified.
Usage guidelines
To avoid attacks from unauthorized users, VRRP member routers add authentication keys in VRRP packets
to authenticate one another. VRRP provides the following authentication modes:
simple
—Simple text authentication.
The sender fills an authentication key into the VRRP packet, and the receiver compares the received
authentication key with its local authentication key. If the two authentication keys are the same, the
received VRRP packet is legitimate. Otherwise, the received packet is illegitimate.
md5
—MD5 authentication.
The sender computes a digest for the packet to be sent by using the authentication key and MD5
algorithm, and it saves the result in the authentication header. The receiver performs the same
operation by using the authentication key and MD5 algorithm, and it compares the result with the
content in the authentication header. If the results are the same, the received VRRP packet is
legitimate. Otherwise, the received packet is illegitimate.
The MD5 authentication is more secure than the simple text authentication, but it costs more resources.
For security purposes, all keys, including keys configured in plain text, are saved in cipher text.
IMPORTANT:
You can configure different authentication modes and authentication keys for the VRRP groups on an
interface. However, members of the same VRRP group must use the same authentication mode and
authentication key.
For VRRPv3, this command does not take effect.
Examples
# Set the authentication mode to
simple
and the authentication key to
Sysname
for VRRP group 1 on
VLAN-interface 2.
<Sysname> system-view
[Sysname] interface vlan-interface 2
[Sysname-Vlan-interface2] vrrp vrid 1 authentication-mode simple plain Sysname
Related commands
display
vrrp
vrrp
version
vrrp vrid preempt-mode
Use
vrrp
vrid preempt-mode
to enable the preemptive mode for the device in an IPv4 VRRP group and
configure the preemption delay.
Use
undo vrrp
vrid preempt-mode
to disable the preemptive mode for the device in an IPv4 VRRP group.
Use
undo vrrp vrid preempt-mode delay
to restore the default preemption delay.
Syntax
vrrp vrid
virtual-router-id
preempt-mode
[
delay
delay-value
]