Manualshelf

R0106-HP MSR Router Series High Availability Command Reference(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR2003 AC Router
21222324252627282930
25
<Sysname> system-view
[Sysname] interface gigabitethernet 2/0/1
[Sysname-GigabitEthernet2/0/1] vrrp version 2
vrrp vrid authentication-mode
Use vrrp vrid authentication-mode to configure the authentication mode and the authentication key for
an IPv4 VRRP group to send and receive VRRP packets.
Use undo vrrp vrid authentication-mode to restore the default.
Syntax
vrrp vrid virtual-router-id authentication-mode { md5 | simple } { cipher | plain } key
undo vrrp vrid virtual-router-id authentication-mode
Default
Authentication is disabled when a VRRP group sends and receives VRRP packets.
Views
Interface view
Predefined user roles
network-admin
Parameters
virtual-router-id: Specifies an IPv4 VRRP group by its virtual router ID in the range of 1 to 255.
md5: Specifies the MD5 authentication mode.
simple: Specifies the simple authentication mode.
cipher: Sets a ciphertext authentication key.
plain: Sets a plaintext authentication key.
key: Sets the authentication key. This argument is case sensitive. It must be a ciphertext string of 1 to 41
characters if the cipher keyword is specified or a plaintext string of 1 to 8 characters if the plain keyword
is specified.
Usage guidelines
To avoid attacks from unauthorized users, VRRP member routers add authentication keys in VRRP packets
to authenticate one another. VRRP provides the following authentication modes:
simple—Simple text authentication.
The sender fills an authentication key into the VRRP packet, and the receiver compares the received
authentication key with its local authentication key. If the two authentication keys are the same, the
received VRRP packet is legitimate. Otherwise, the received packet is illegitimate.
md5—MD5 authentication.
The sender computes a digest for the packet to be sent by using the authentication key and MD5
algorithm, and it saves the result in the authentication header. The receiver performs the same
operation by using the authentication key and MD5 algorithm, and it compares the result with the
content in the authentication header. If the results are the same, the received VRRP packet is
legitimate. Otherwise, the received packet is illegitimate.
The MD5 authentication is more secure than the simple text authentication, but it costs more resources.