ip vrrp-extended auth-type
-
- Last UpdatedAug 13, 2021
- 2 minutes read
Configures the type of authentication used on a Virtual Router Redundancy Protocol Extended (VRRP-E) interface.
No authentication is configured for a VRRP-E interface.
no-auth
| Configures no authentication on the VRRP-E interface.
|
simple-text-auth
auth-text
| Configures a simple text string as a password used for authenticating packets on the interface. The maximum length of the text string is 64 characters.
|
md5-auth
auth-text
| Configures MD5 authentication on the interface. The maximum length of the text string is 64 characters.
|
Interface configuration mode
If the simple-text-auth option is configured, ensure that all interfaces on all devices that support the virtual router ID are configured to use simple password authentication with the same password.
If the md5-auth option is configured, syslog and SNMP traps are generated if a packet is being dropped due to MD5 authentication failure. Using MD5 authentication implies that the software does not need to run checksum verification on the receiving device and can rely on the authentication code (message digest 5 algorithm) to verify the integrity of the VRRP-E message header.
Use the show run command with appropriate parameters to display the encrypted password; use the enable password-display command to display the unencrypted password.
If the no-auth option is configured, ensure that all interfaces on all devices that support the virtual router ID do not use authentication.
The no form of this command removes the VRRP-E authentication from the interface.
The following example configures no authentication on Ethernet interface 1/1/6.
device# configure terminal
device(config)# router vrrp-extended
device(config-vrrpe-router)# interface ethernet 1/1/6
device(config-if-e1000-1/1/6)# ip vrrp-extended auth-type no-auth
The following example configures simple password authentication on Ethernet interface 1/1/6.
device# configure terminal
device(config)# router vrrp-extended
device(config-vrrpe-router)# interface ethernet 1/1/6
device(config-if-e1000-1/1/6)# ip vrrp-extended auth-type simple-text-auth yourpwd
The following example configures MD5 authentication on Ethernet interface 1/1/6. When MD5 authentication is configured, a syslog message is displayed.
device# configure terminal
device(config)# router vrrp-extended
device(config-vrrpe-router)# interface ethernet 1/1/6
device(config-if-e1000-1/1/6)# ip vrrp-extended auth-type md5-auth lyk28d3j
Aug 10 18:17:39 VRRP: Configuration VRRP_CONFIG_MD5_AUTHENTICATION request received
Aug 10 18:17:39 VRRP: Port 1/1/6, VRID 2 - send advertisement
Ver:3 Type:1 Vrid:2 Pri:240 #IP:1 AuthType:2 Adv:1 Chksum:0x0000
HMAC-MD5 CODE:[000000000000000000400010]
IpAddr: 10.53.5.1