Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Configuring VRRP Authentication (IPv4 Only)

 

VRRP (IPv4 only) protocol exchanges can be authenticated to guarantee that only trusted routing platforms participate in routing in an autonomous system (AS). By default, VRRP authentication is disabled. You can configure one of the following authentication methods. Each VRRP group must use the same method.

  • Simple authentication—Uses a text password included in the transmitted packet. The receiving routing platform uses an authentication key (password) to verify the packet.

  • Message Digest 5 (MD5) algorithm—Creates the authentication data field in the IP authentication header. This header is used to encapsulate the VRRP PDU. The receiving routing platform uses an authentication key (password) to verify the authenticity of the IP authentication header and VRRP PDU.

To enable authentication and specify an authentication method, include the authentication-type statement:

authentication can be simple or md5. The authentication type must be the same for all routing platforms in the VRRP group.

You can include this statement at the following hierarchy levels:

  • [edit interfaces interface-name unit logical-unit-number family inet address address vrrp-group group-id]

  • [edit logical-systems logical-system-name interfaces interface-name unit logical-unit-number family inet address address vrrp-group group-id]

If you include the authentication-type statement, you can configure a key (password) on each interface by including the authentication-key statement:

key (the password) is an ASCII string. For simple authentication, it can be from 1 through 8 characters long. For MD5 authentication, it can be from 1 through 16 characters long. If you include spaces, enclose all characters in quotation marks (“ ”). The key must be the same for all routing platforms in the VRRP group.

You can include this statement at the following hierarchy levels:

  • [edit interfaces interface-name unit logical-unit-number family inet address address vrrp-group group-id]

  • [edit logical-systems logical-system-name interfaces interface-name unit logical-unit-number family inet address address vrrp-group group-id]

Note

When VRRPv3 is enabled, the authentication-type and authentication-key statements cannot be configured for any VRRP groups. Therefore, if authentication is required, you need to configure alternative non-VRRP authentication mechanisms.