VRRP Extended (VRRP-E) must be configured on the device and the interface associated with a virtual router group.
Any VRRP-E packets that do not contain the password are dropped. If your interfaces do not use authentication, neither does VRRP-E. Repeat this task on all interfaces on all devices that support the same virtual router group.
Note
VRRP-E is supported on the devices described in this guide. In a mixed-device environment, consult your documentation for the other devices to determine if VRRP-E is supported.device# configure terminal
device(config)# protocol vrrp-extended
device(config)# interface ve 10
device(config-if-Ve-10)# ip vrrp-extended auth-type md5-auth kfhb61qp
Note
MD5 passwords cannot have ASCII character 32 ('SPACE') as a part of the password string.device(config-if-Ve-10)# end
device# show vrrp Total number of VRRP session(s) : 1 VRID 1 Interface: Ve 10; Ifindex: 1207959562 Mode: VRRPE Admin Status: Enabled Description : Address family: IPv4 Version: 2 Authentication type: MD5 Authentication State: Initialize Session Master IP Address: Virtual IP(s): 192.168.4.100 Configured Priority: 110 (default: 100); Current Priority: unset Advertisement interval: 1 sec (default: 1 sec) Preempt mode: DISABLE (default: DISABLED) Advertise-backup: DISABLE (default: DISABLED) Backup Advertisement interval: 60 sec (default: 60 sec) Short-path-forwarding: Disabled Revert Priority: unset; SPF reverted: No Hold time: 0 sec (default: 0 sec) Trackport: Port(s) Priority Port Status ======= ======== =========== Statistics: Advertisements: Rx: 0, Tx: 0 Gratuitous ARP: Tx: 0
The following example configures MD5 authentication for the specified VRRP-E interface.
device# configure terminal device(config)# protocol vrrp-extended device(config)# interface ve 10 device(config-if-Ve-10)# ip vrrp-extended auth-type md5-auth kfhb61qp device(config-if-Ve-10)# end device# show vrrp