Configuring MD5 authentication on IPv4 VRRP-E interfaces

Interfaces can be configured with an MD5 encrypted password for authentication, and VRRP-E can use the same authentication type associated with the interfaces on which you define the virtual router.

Before you begin

VRRP Extended (VRRP-E) must be configured on the device and the interface associated with a virtual router group.

About this task

Any VRRP-E packets that do not contain the password are dropped. If your interfaces do not use authentication, neither does VRRP-E. Repeat this task on all interfaces on all devices that support the same virtual router group.

Note

Note

VRRP-E is supported on the devices described in this guide. In a mixed-device environment, consult your documentation for the other devices to determine if VRRP-E is supported.

Procedure

  1. From privileged EXEC mode, enter global configuration mode.
    device# configure terminal
    
  2. Globally enable VRRP-E.
    device(config)# protocol vrrp-extended
    
  3. Configure the Virtual Ethernet (VE) interface link for the VRRP-E device.
    device(config)# interface ve 10
    
    Only ve interfaces are supported by VRRP-E.
  4. Enter the MD5 password configuration using the ip vrrp-extended auth-type command with a text password. The password will be encrypted when saved in the configuration file.
    device(config-if-Ve-10)# ip vrrp-extended auth-type md5-auth kfhb61qp
    
  5. Exit to privileged EXEC mode.
    device(config-if-Ve-10)# end
    
  6. Display the VRRP-E configuration to verify that MD5 authentication is enabled.
    device# show vrrp
    
    Total number of VRRP session(s)   : 1
    
    VRID 1
      Interface: Ve 10;  Ifindex: 1207959562
      Mode: VRRPE
      Admin Status: Enabled
      Description :
      Address family: IPv4
      Version: 2
      Authentication type: MD5 Authentication
      State: Initialize
      Session Master IP Address:
      Virtual IP(s): 192.168.4.100
      Configured Priority: 110 (default: 100); Current Priority: unset
      Advertisement interval: 1 sec  (default: 1 sec)
      Preempt mode: DISABLE  (default: DISABLED)
      Advertise-backup: DISABLE  (default: DISABLED)
      Backup Advertisement interval: 60 sec  (default: 60 sec)
      Short-path-forwarding: Disabled
      Revert Priority: unset; SPF reverted: No
      Hold time: 0 sec  (default: 0 sec)
      Trackport:
        Port(s)                    Priority  Port Status
        =======                    ========  ===========
      Statistics:
        Advertisements: Rx: 0, Tx: 0
        Gratuitous ARP: Tx: 0

Example

The following example configures MD5 authentication for the specified VRRP-E interface.

device# configure terminal
device(config)# protocol vrrp-extended
device(config)# interface ve 10
device(config-if-Ve-10)# ip vrrp-extended auth-type md5-auth kfhb61qp
device(config-if-Ve-10)# end
device# show vrrp