Configuration Guide User guide
FastIron Configuration Guide 639
53-1002494-02
VSRP
MAC address failover on VSRP-aware devices
VSRP-aware devices maintain a record of each VRID and its VLAN. When the device has received a
Hello message for a VRID in a given VLAN, the device creates a record for that VRID and VLAN and
includes the port number in the record. Each subsequent time the device receives a Hello
message for the same VRID and VLAN, the device checks the port number:
• If the port number is the same as the port that previously received a Hello message, the
VSRP-aware device assumes that the message came from the same VSRP Master that sent
the previous message.
• If the port number does not match, the VSRP-aware device assumes that a VSRP failover has
occurred to a new Master, and moves the MAC addresses learned on the previous port to the
new port.
The VRID records age out if unused. This can occur if the VSRP-aware device becomes
disconnected from the Master. The VSRP-aware device will wait for a Hello message for the period
of time equal to the following.
VRID Age = Dead Interval + Hold-down Interval + (3 x Hello Interval)
The values for these timers are determined by the VSRP device sending the Hello messages. If the
Master uses the default timer values, the age time for VRID records on the VSRP-aware devices is
as follows.
3 + 3 + (3 x 1) = 9 seconds
In this case, if the VSRP-aware device does not receive a new Hello message for a VRID in a given
VLAN, on any port, the device assumes the connection to the Master is unavailable and removes
the VRID record.
VSRP interval timers
The VSRP Hello interval, Dead interval, Backup Hello interval, and Hold-down interval timers are
individually configurable. You also can easily change all the timers at the same time while
preserving the ratios among their values. To do so, change the timer scale. The timer scale is a
value used by the software to calculate the timers. The software divides a timer value by the timer
scale value. By default, the scale is 1. This means the VSRP timer values are the same as the
values in the configuration.
VSRP-aware security features
This feature protects against unauthorized VSRP hello packets by enabling you to configure
VSRP-aware security parameters. Without VSRP-aware security, a VSRP-aware device passively
learns the authentication method conveyed by the received VSRP hello packet. The VSRP-aware
device then stores the authentication method until it ages out with the aware entry.
The VSRP-aware security feature enables you to perform the following:
• Define the specific authentication parameters that a VSRP-aware device will use on a VSRP
backup switch. The authentication parameters that you define will not age out.
• Define a list of ports that have authentic VSRP backup switch connections. For ports included
in the list, the VSRP-aware switch will process VSRP hello packets using the VSRP-aware
security configuration. Conversely, for ports not included in the list, the VSRP-aware switch will
not use the VSRP-aware security configuration.