vrrp virtual-ip ping enable

Function

The vrrp virtual-ip ping enable command enables the master device to respond to ping packets sent to a virtual IP address.

The undo vrrp virtual-ip ping enable command disables the master device from responding to ping packets sent to a virtual IP address.

By default, the master device is enabled to respond to ping packets sent to a virtual IP address.

Format

vrrp virtual-ip ping enable

undo vrrp virtual-ip ping enable

Parameters

None

Views

System view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
vrrp write

Usage Guidelines

Usage Scenario

The device allows user devices to ping a virtual IP address to serve the following purposes:

  • Monitors the operating status of the master Router in a VRRP group.
  • Monitors communication between a user device and a network connected by a default gateway using the virtual IP address.

Configuration Impact

If the ping to the virtual IP address is enabled, a device on an external network can ping a virtual address. This imposes the Router to ICMP-based attacks.

Precautions

After the undo vrrp virtual-ip ping enable command is run to disable the master device from responding to ping packets sent to a virtual IP address, the host route for the virtual IP address is deleted. As a result, services transmitted over the host route are interrupted. For example, after the undo vrrp virtual-ip ping enable command is run, the status of a GRE tunnel with the source IP address set to a virtual IP address changes to Down.

Example

# Disable the master device from responding to ping packets.
<HUAWEI> system-view
[~HUAWEI] undo vrrp virtual-ip ping enable
Parent Topic: VRRP Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >