Manualshelf

R3166-R3206-HP High-End Firewalls High Availability Command Reference-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
21222324252627282930
16
The master of a VRRP group periodically sends VRRP advertisements to indicate its existence. The VRRP
advertisements are multicast onto the local network segment and not forwarded by a router, and
therefore the packet TTL value will not be changed. When the master of a VRRP group advertises VRRP
packets, it sets the packet TTL to 255. After you configure to check the VRRP packet TTL, when the backups
of the VRRP group receive VRRP packets, they check the packet TTL and drop the VRRP packets whose TTL
is smaller than 255 to prevent attacks from other network segments.
Because devices of different vendors might implement VRRP in a different way, when the device is
interoperating with devices of other vendors, VRRP packet TTL check might result in dropping packets that
should not be dropped. In this case, use the vrrp un-check ttl command to disable TTL check on VRRP
packets.
Examples
# Disable TTL check on VRRP packets.
<Sysname> system-view
[Sysname] interface GigabitEthernet0/1
[Sysname-GigabitEthernet0/1] vrrp un-check ttl
vrrp vrid authentication-mode
Syntax
vrrp vrid virtual-router-id authentication-mode { md5 | simple } key
undo vrrp vrid virtual-router-id authentication-mode
View
Interface view
Default level
2: System level
Parameters
virtual-router-id: VRRP group number, which ranges from 1 to 255.
md5: Authentication using the MD5 algorithm.
simple: Plain text authentication mode.
key: Authentication key, which is case-sensitive.
When md5 authentication applies, the authentication key is in MD5 cipher text or in plain text and
the length of the key depends on its input format. If the key is input in plain text, its length is 1 to 8
characters, such as 1234567. If the key is input in cipher text, its length must be 24 characters, such
as _(TT8F]Y\5SQ=^Q`MAF4<1!!.
When simple authentication applies, the authentication key is in plain text with a length of 1 to 8
characters.
Description
Use the vrrp vrid authentication-mode command to configure authentication mode and authentication
key for a VRRP group to send and receive VRRP packets.
Use the undo vrrp vrid authentication-mode command to restore the default.
By default, authentication is disabled.