Brocade Communications Systems Layer 3 Routing Configuration ICX 6650 User Manual

434

Brocade ICX 6650 Layer 3 Routing Configuration Guide

53-1002603-01

Additional VRRP and VRRP-E parameter configuration

VRRP-E syntax

For IPv4 VRRP-E:

Syntax: ip vrrp-extended auth-type no-auth | simple-text-auth auth-data | md5-auth [0 |1] key

For IPv6 VRRP-E:

Syntax: ipv6 vrrp-extended auth-type no-auth | simple-text-auth auth-data | md5-auth [0 |1] key

The values for the no-auth and simple-text-auth auth-data options are the same as for VRRP.

The md5-auth option configures the interface to use HMAC-MD5-96 for VRRP-E authentication.

The key variable is the MD5 encryption key, which can be up to 64 characters long. The optional [0
|1] parameter configures whether the MD5 password is encrypted, as follows:

•

If you do not enter this parameter and enter the key as clear text, the key appears encrypted in
the device configuration and command outputs.

•

If you enter 0 and enter the key as clear text, the key appears as clear text in the device
configuration and command outputs.

•

If you enter 1 and enter the key in encrypted format, the key appears in encrypted format in the
device configuration and command outputs.

Syslog messages for VRRP-E HMAC-MD5-96 authentication

If an interface is configured with HMAC-MD5-96 authentication, all VRRP-E packets received on this
interface are authenticated with the HMAC-MD5-96 algorithm using the shared secret key
configured on the interface.

If a packet is received that fails this HMAC-MD5-96 authentication check, the packet gets dropped.
Additionally, if syslog is enabled, a syslog message is generated to notify the administrator about
an authentication failure. The message includes the VRID received in the packet's VRRP message
and the interface on which the packet was received. These syslog messages will be rate limited to
20 log messages within a span of 5 minutes, starting from the first packet received that fails the
HMAC-MD5-96 authentication check.