vrrp vrid authentication-mode
Function
The vrrp vrid authentication-mode command configures an authentication mode and an authentication key for a VRRP group.
The undo vrrp vrid authentication-mode command cancels the authentication mode and authentication key for a VRRP group.
By default, a VRRP group uses non-authentication.
Format
vrrp vrid virtual-router-id authentication-mode { simple { key | plain key | cipher cipher-key } | md5 md5-key }
undo vrrp vrid virtual-router-id authentication-mode
Parameters
Parameter |
Description |
Value |
|---|---|---|
vrid virtual-router-id |
Specifies the VRID of a VRRP group. |
The value is an integer that ranges from 1 to 255. |
simple |
Indicates simple authentication. |
- |
key |
Specifies the authentication key in simple authentication mode. |
The value is a string of 1 to 8 case-sensitive characters without spaces. When double quotation marks are used around the string, spaces are allowed in the string. |
plain key |
Specifies the authentication key in plain text authentication mode. NOTE:
If plain is selected, the password is saved in the configuration file in plain text. This brings security risks. It is recommended that you select cipher to save the password in cipher text. |
The value is a string of 1 to 8 case-sensitive characters without spaces. When double quotation marks are used around the string, spaces are allowed in the string. |
cipher cipher-key |
Specifies the authentication key in cipher text authentication mode. |
The value a string of case-sensitive
characters, spaces not supported. When double quotation marks are
used around the string, spaces are allowed in the string. Passwords
are saved in ciphertext in the configuration file with the length
of 48. Either of the following passwords can be set:
NOTE:
A 32-character ciphertext password configured in an earlier version is also supported in this version. |
md5 md5-key |
Specifies the authentication key in MD5 authentication mode. |
The value a string of case-sensitive
characters, spaces not supported. When double quotation marks are
used around the string, spaces are allowed in the string. Passwords
are saved in ciphertext in the configuration file with the length
of 48. Either of the following passwords can be set:
NOTE:
A 32-character ciphertext password configured in an earlier version is also supported in this version. |
For security purposes, you are advised to use MD5 as the authentication algorithm of VRRP.
Usage Guidelines
Usage Scenario
To be compatible with VRRP defined in earlier version and interwork with other devices, VRRP provides simple authentication and MD5 authentication. The vrrp vrid authentication-mode command configures an authentication mode and an authentication key for a VRRP group.
Prerequisites
A VRRP group has been configured on a specified interface.
Precautions
Devices in a VRRP group must be configured with the same authentication mode and authentication key; otherwise, the VRRP group cannot negotiate the Master and Backup states.
Example
<HUAWEI> system-view [HUAWEI] interface vlanif 100 [HUAWEI-Vlanif100] vrrp vrid 2 virtual-ip 10.1.1.1 [HUAWEI-Vlanif100] vrrp vrid 2 authentication-mode md5 Huawei-1
<HUAWEI> system-view [HUAWEI] interface gigabitethernet 0/0/1 [HUAWEI-GigabitEthernet0/0/1] undo portswitch [HUAWEI-GigabitEthernet0/0/1] vrrp vrid 2 virtual-ip 10.1.1.1 [HUAWEI-GigabitEthernet0/0/1] vrrp vrid 2 authentication-mode md5 Huawei-1