Vrrp Un-Check Ttl; Vrrp Vrid Authentication-Mode - H3C WX Series Command Reference Manual

vrrp un-check ttl

Syntax
vrrp un-check ttl
undo vrrp un-check ttl
View
Interface view
Default level
2: System level
Parameters
None
Description
Use vrrp un-check ttl to disable TTL check on VRRP packets.
Use undo vrrp un-check ttl to enable TTL check on VRRP packets.
By default, TTL check on VRRP packets is enabled.
The master of a VRRP group periodically sends VRRP advertisements to indicate its existence. The VRRP
advertisements are multicast onto the local network segment and not forwarded by a router, and
therefore the packet TTL value will not be changed. When the master of a VRRP group advertises VRRP
packets, it sets the packet TTL to 255. After you configure to check the VRRP packet TTL, when the backups
of the VRRP group receive VRRP packets, they check the packet TTL and drop the VRRP packets whose TTL
is smaller than 255 to prevent attacks from other network segments.
Because devices of different vendors might implement VRRP in a different way, when the device is
interoperating with devices of other vendors, VRRP packet TTL check might result in dropping packets that
should not be dropped. In this case, use the vrrp un-check ttl command to disable TTL check on VRRP
packets.
Examples
# Disable TTL check on VRRP packets.
<Sysname> system-view
[Sysname] interface vlan-interface 2
[Sysname-Vlan-interface2] vrrp un-check ttl

vrrp vrid authentication-mode

Syntax
vrrp vrid virtual-router-id authentication-mode { md5 | simple } key
undo vrrp vrid virtual-router-id authentication-mode
View
Interface view
Default level
2: System level
Parameters
14