Enabling/Disabling A Virtual Router - Alcatel OmniSwitch 6624 Network Configuration Manual

Configuring VRRP
Note. The only scenario where authentication is not recommended is an environment with minimal secu-
rity risk and little chance for configuration error (such as two VRRP routers on a LAN).
Typically, simple text password authentication should be configured for VRRP. Simple text password
authentication is similar to simple text authentication for the Open Shortest Path First (OSPF) routing
protocol.
Simple text authentication is recommended because it protects against accidental misconfiguration of rout-
ers on a LAN and inadvertently backing up another router. If authentication is used, all virtual routers on
the LAN must be configured with the same password and the password must not be the same as any
significant security password.
This type of authentication is recommended when there is minimal risk of nodes on a LAN actively
disrupting VRRP operation. If this type of authentication is used, the user should be aware that the clear
text password is sent out frequently. It is possible for the password to be learned by a node snooping
VRRP packets on the LAN; however, the simple text authentication combined with VRRP's built-in TTL
check make it difficult for a VRRP packet to be sent from a remote network to disrupt VRRP operation.
To configure authentication for a virtual router, use the authenticate keyword and the desired password
with the vrrp command. For example:
-> vrrp 6 4 disable
-> vrrp 6 4 authenticate wwwtoe
In this example, virtual router 6 is disabled. (If you are modifying an existing virtual router, the virtual
router must be disabled before it may be modified.) The virtual router is then configured for authentica-
tion with the password wwwtoe. VRRP packets will be authenticated with this password.
Note. All VRRP routers on the same LAN should be configured with the same authentication setting. If
authentication is enabled, all routers must have the same password.
To remove authentication from a virtual router, use the keyword with no. For example:
-> vrrp 6 4 no authenticate
Note that if you are modifying an existing virtual router, the virtual router must be disabled before authen-
tication may be disabled.

Enabling/Disabling a Virtual Router

Virtual routers are disabled by default. To enable a virtual router, use the
keyword. Note that at least one IP address must be configured for the virtual router through the
command. For example:
-> vrrp 7 3 priority 150
-> vrrp ip 7 3 10.10.2.3
-> vrrp 7 3 enable
In this example, a virtual router is created on VLAN 3 with a VRID of 7. An IP address is then assigned to
the virtual router. The virtual router is then enabled on the switch.
OmniSwitch 6624/6648 Network Configuration Guide
vrrp
April 2004
Configuration Overview
command with the enable
vrrp ip
page 16-11