3com 8807 User Guide
658
C
HAPTER
53: VRRP C
ONFIGURATION
In a network under possible security threat, the authentication type can be set to
simple. Then the switch will add the authentication key into the VRRP packets
before transmitting it. The receiver will compare the authentication key of the
packet with the locally configured one. If they are the same, the packet will be
taken as a true and legal one. Otherwise it will be regarded as an illegal packet to
be discarded. In this case, an authentication key not exceeding 8 characters should
be configured.
simple. Then the switch will add the authentication key into the VRRP packets
before transmitting it. The receiver will compare the authentication key of the
packet with the locally configured one. If they are the same, the packet will be
taken as a true and legal one. Otherwise it will be regarded as an illegal packet to
be discarded. In this case, an authentication key not exceeding 8 characters should
be configured.
In a totally unsafe network, the authentication type can be set to md5. The switch
will use the authentication type and MD5 algorithm provided by the
Authentication Header to authenticate the VRRP packets. In this case an
authentication key not exceeding 8 characters should be configured.
will use the authentication type and MD5 algorithm provided by the
Authentication Header to authenticate the VRRP packets. In this case an
authentication key not exceeding 8 characters should be configured.
Those packets failing to pass the authentication will be discarded and a trap
packet will be sent to the network management system.
packet will be sent to the network management system.
Perform the following configuration in VLAN interface view.
The authentication key is case sensitive.
n
The same authentication type and authentication key should be configured for all
VLAN interfaces that belong to the virtual router.
VLAN interfaces that belong to the virtual router.
Configuring Virtual
Router Timer
The Master switch advertises its normal operation state to the switches within the
VRRP virtual router by sending them VRRP packets regularly (at adver-interval).
And the backup switch only receives VRRP packets. If the Backup has not received
any VRRP packet from the Master after a period of time (specified by
master-down-interval), it will consider the Master as down, and then take its place
and become the Master.
VRRP virtual router by sending them VRRP packets regularly (at adver-interval).
And the backup switch only receives VRRP packets. If the Backup has not received
any VRRP packet from the Master after a period of time (specified by
master-down-interval), it will consider the Master as down, and then take its place
and become the Master.
You can use the following command to set a timer and adjust the interval,
adver-interval, between Master transmits VRRP packets. The master-down-interval
of the Backup switch is three times that of the adver-interval. The excessive
network traffic or the differences between different switch timers will result in
master-down-interval timing out and state changing abnormally. Such problems
can be solved through prolonging the adver-interval and setting delay time.
adver-interval is measured in seconds.
adver-interval, between Master transmits VRRP packets. The master-down-interval
of the Backup switch is three times that of the adver-interval. The excessive
network traffic or the differences between different switch timers will result in
master-down-interval timing out and state changing abnormally. Such problems
can be solved through prolonging the adver-interval and setting delay time.
adver-interval is measured in seconds.
Perform the following configuration in VLAN interface view.
Table 598 Configure authentication type and authentication key
Operation
Command
Configure authentication type and
authentication key
authentication key
vrrp authentication-mode
authentication-type authentication-key
authentication-type authentication-key
Remove authentication type and
authentication key
authentication key
undo vrrp authentication-mode
Table 599 Configure virtual router timer
Operation
Command
Configure virtual router timer
vrrp vrid virtual-router-ID timer advertise
adver-interval
adver-interval