Alcatel-Lucent 7750 SR Manual page 1344
Os services guide
Hide thumbs
Also See for 7750 SR:
- Service manual (1506 pages) ,
- Interface configuration manual (628 pages) ,
- System configuration manual (484 pages)
Table of Contents
Advertisement
VPRN Service Configuration Commands
authentication-type
Syntax
authentication-type {password | message-digest}
no authentication-type
Context
config>service>vprn>if>vrrp
Description
The authentication-type command, within the vrrp virtual-router-id context, is used to assign the
authentication method to generate master VRRP advertisement messages and validate received
VRRP advertisement messages.
NOTE: The authentication management for VRRP closely follows the authentication management
format used for IS-IS.
The authentication-type command is one of the commands not affected by the presence of the owner
keyword. If authentication is not required, the authenticaton-type command must not be executed. If
the command is re-executed with a different authentication type defined, the new type will be used. If
the no authentication-type command is executed, authentication is removed and no authentication is
performed. The authentication-type command may be executed at any time, altering the
authentication method used by the virtual router instance.
The no form of this command removes authentication from the virtual router instance. All VRRP
Advertisement messages sent will have the Authentication Type field set to 0 and the Authentication
Data fields will contain 0 in all octets. VRRP Advertisement messages received with Authentication
Type fields containing a value other than 0 will be discarded.
password — The password keyword identifies VRRP Authentication Type 1. Type 1 requires the
message-digest — The message-digest keyword identifies VRRP Authentication Type 2. Type 2
Page 1344
definition of a string of eight octets long using the authentication-key command. All transmitted
VRRP Advertisement messages must have the Authentication Type field set to 1 and the
Authentication Data fields must contain the authentication-key password.
All received VRRP advertisement messages must contain a value of 1 in the Authentication Type
field and the Authentication Data fields must match the defined authentication-key. All other
received messages will be silently discarded.
defines a lower IP layer MD5 authentication mechanism using HMAC and IP authentication
header standards. An MD5 key must be defined using the message-digest-key command. All
transmitted VRRP advertisement messages must have the Authentication Type field set to 2 and
the Authentication Data fields must contain 0 in all octets. The message-digest key is used in the
hashing process when populating the IP Authentication Header fields. A sequential incrementing
counter (set to zero when the message-digest-key is set) is incremented and then used in the IP
Authentication Header to prevent replay attacks on authorized participating virtual router
instances.
All received VRRP advertisement messages must contain a value of 2 in the Authentication Type
field and the Authentication Data fields are ignored. The message must have been authorized by
the lower layer IP Authentication Header process with the sequential counter field and the source
IP address presented to the virtual router instance. To track the validity of the received counter,
the virtual router instance maintains a master counter table containing up to 32 source IP
addresses and the last received counter value. Populate the table as follows:
1. Check to see if source IP address exists in table.
–
If non-existent, create an entry if available.
7750 SR OS Services Guide
Advertisement
Table of Contents
