Configuring Authentication Type And Authentication Key; Configuring The Vrrp Timer - 3Com 7700 Configuration Manual
Hide thumbs
Also See for 7700:
- Configuration manual (390 pages) ,
- Installation manual (59 pages) ,
- Datasheet (8 pages)
Table of Contents
Advertisement
Configuring
Authentication Type and
Authentication Key
Configuring the VRRP
Timer
The delay ranges from 0 to 255, measured in seconds. The default mode is
preemption with a delay of 0 second.
Note: If the preemption mode is cancelled, the delay time automatically becomes
0 seconds.
VRRP provides following authentication types:
simple: Simple character authentication
■
md5: MD5 authentication
■
In a network under possible security threat, the authentication type can be set to
simple. Then the switch adds the authentication key to the VRRP packets before
transmitting it. The receiver compares the authentication key of the packet to the
locally configured authentication key. If they are the same, the packet is accepted
as a true and legal one. If the keys are not the same the packet is considered illegal
and is discarded. A simple authentication key should not exceed 8 characters.
In an unsafe network, the authentication type can be set to md5. The switch uses
the authentication type and MD5 algorithm provided by the authentication header
to authenticate VRRP packets. An md5 authentication key should not exceed 16
Packets that fail to pass the authentication test are discarded and a trap packet is
sent to the network management system.
Perform the following configuration in VLAN interface view.
Table 6 Configure Authentication Type and Authentication Key.
Operation
Configure authentication type and
authentication key.
Clear authentication type and
authentication key.
Note: The same authentication type and authentication key should be configured
for all vlan interfaces that belong to the virtual router.
The Master switch advertises its normal operation state to the switches within the
VRRP virtual router by sending them VRRP packets regularly (at adver-interval). If
the backup switch does not receive a VRRP packet from the master after a period
of time (specified by master-down-interval), the master is assumed to have failed
and the backup switch takes the role of master.
You can use the following command to set a timer and adjust the interval,
adver-interval at which the master transmits VRRP packets. The duration of the
backup switch's master-down-interval is three times the duration of the
adver-interval. Excessive network traffic or the differences between different
switch timers results in master-down-interval timing out and state changing
abnormally. Such problems can be solved through prolonging the adver-interval
and setting delay time. The duration of adver-interval is measured in seconds.
Command
vrrp authentication-mode type [ key ]
undo vrrp authentication-mode
Configuring VRRP
267
Advertisement
Table of Contents
Troubleshooting
