Configures the type of authentication used on a Virtual Router Redundancy Protocol Extended (VRRP-E) interface.

ip vrrp-extended auth-type { no-auth | simple-text-auth auth-text | md5-auth auth-text }
no ip vrrp-extended auth-type { no-auth | simple-text-auth auth-text | md5-auth auth-text }

No authentication is configured for a VRRP-E interface.

no-auth
Configures no authentication on the VRRP-E interface.
simple-text-auth auth-text
Configures a simple text string as a password used for authenticating packets on the interface. The maximum length of the text string is 64 characters.
md5-auth auth-text
Configures MD5 authentication on the interface. The maximum length of the text string is 64 characters.

Interface configuration mode

If the simple-text-auth option is configured, ensure that all interfaces on all devices that support the virtual router ID are configured to use simple password authentication with the same password.

If the md5-auth option is configured, syslog and SNMP traps are generated if a packet is being dropped due to MD5 authentication failure. Using MD5 authentication implies that the software does not need to run checksum verification on the receiving device and can rely on the authentication code (message digest 5 algorithm) to verify the integrity of the VRRP-E message header.

Use the show run command with appropriate parameters to display the encrypted password; use the enable password-display command to display the unencrypted password.

If the no-auth option is configured, ensure that all interfaces on all devices that support the virtual router ID do not use authentication.

The no form of this command removes the VRRP-E authentication from the interface.

Note: Authentication is not supported by VRRP-Ev3.

The following example configures no authentication on Ethernet interface 1/1/6.


device# configure terminal
device(config)# router vrrp-extended
device(config-vrrpe-router)# interface ethernet 1/1/6
device(config-if-e1000-1/1/6)# ip vrrp-extended auth-type no-auth

The following example configures simple password authentication on Ethernet interface 1/1/6.


device# configure terminal
device(config)# router vrrp-extended
device(config-vrrpe-router)# interface ethernet 1/1/6
device(config-if-e1000-1/1/6)# ip vrrp-extended auth-type simple-text-auth yourpwd

The following example configures MD5 authentication on Ethernet interface 1/1/6. When MD5 authentication is configured, a syslog message is displayed.


device# configure terminal
device(config)# router vrrp-extended
device(config-vrrpe-router)# interface ethernet 1/1/6
device(config-if-e1000-1/1/6)# ip vrrp-extended auth-type md5-auth lyk28d3j

Aug 10 18:17:39 VRRP: Configuration VRRP_CONFIG_MD5_AUTHENTICATION request received
Aug 10 18:17:39 VRRP: Port 1/1/6, VRID 2 - send advertisement
Ver:3 Type:1 Vrid:2 Pri:240 #IP:1 AuthType:2 Adv:1 Chksum:0x0000
HMAC-MD5 CODE:[000000000000000000400010]
IpAddr: 10.53.5.1