Authentication-type – Alcatel-Lucent 7750 SR OS User Manual

Configuration Commands

Page 228

7750 SR OS Router Configuration Guide

Parameters

authentication-key — The authentication key. Allowed values are any string up to 8 characters long

composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $,
spaces, etc.), the entire string must be enclosed within double quotes.

hash-key — The hash key. The key can be any combination of ASCII characters up to 22 (hash-key1)

or 121 (hash-key2) characters in length (encrypted). If spaces are used in the string, enclose the
entire string in quotation marks (“ ”).

This is useful when a user must configure the parameter, but for security purposes, the actual
unencrypted key value is not provided.

hash — Specifies the key is entered in an encrypted form. If the hash parameter is not used, the key

is assumed to be in a non-encrypted, clear text form. For security, all keys are stored in encrypted
form in the configuration file with the hash parameter specified.

hash2 — Specifies the key is entered in a more complex encrypted form. If the hash2 parameter is

not used, the less encrypted hash form is assumed.

authentication-type

Syntax

authentication-type {password}
no authentication

Context

config>router>if>vrrp

Description

This command configures the VRRP authentication Type 0 (no authentication), Type 1 (simple
password), or Type 2 (MD5) for the virtual router.

If authentication is not required, the authenticaton-type command must not be executed. If the
command is re-executed with a different authentication type defined, the new type is used.
If the no authentication-type command is executed, authentication is removed and no authentication
is performed. The authentication-type command can be executed at anytime, altering the
authentication method used by the virtual router instance.

The command is configurable in both non-owner and owner vrrp nodal contexts.

The VRRP specification supports three message authentication methods that provide varying degrees
of security: Type 0, Type 1 and Type 2.

VRRP Type 0 authentication provides no authentication. All compliant VRRP advertisement
messages are accepted.

VRRP Type 1 authentication provides a simple password check on incoming VRRP advertisement
messages.

VRRP Type 2 authentication provides an MD5 IP header authentication check on incoming VRRP
advertisement messages.

For all VRRP authentication types, VRRP messages not meeting the verification checks are
discarded.

The no form of the command removes authentication from the virtual router instance. All VRRP
advertisement messages sent will have the authentication type field set to 0 and the authentication
data fields will contain 0 in all octets. VRRP advertisement messages received with authentication
type fields containing a value other than 0 will be discarded.

Default

no authentication - VRRP Type 0 (no authentication) is used .