656CHAPTER 46: CONFIGURING VRRP

Configuring Preemption Once a router in the standby group becomes the master router, so long as it still Mode and Delay of functions properly, other routers, even configured with higher priority later, cannot

Standby Group Routers become the master router unless they are configured with preemption mode. The router in preemption mode becomes the master router if it finds its own priority is higher than that of the present master router. Accordingly, the former master router becomes the backup router.

Along with preemption mode, delay can also be configured. This delays the coming of the point when the backup router becomes the master router. The purpose for this is: in an unstable network if the backup router has not received the packets from the master router punctually, it will become the master router (failure of backup to receive the packets may be due to network congestion, not due to malfunction of the master router). Therefore, a delay insures the reception of the packet from the master router and thus avoids frequent state switches.

The default mode is preemption without delay. The delay is set in seconds, ranging from 1 to 255.

Perform the following configuration in Ethernet interface view:

Table 706 Configure Preemption Mode and Delay of Standby Group Routers

Operation

Command

 

 

 

Configure the preemption mode and

vrrp vrid virtual_router_id

delay for standby group.

preempt-mode [

timer-delay seconds ]

 

 

 

Delete preemption mode

undo vrrp vrid

virtual_router_id

 

preempt-mode

 

 

 

 

Configuring the

Authentication Method

and Authentication Key

VRRP provides simple character authentication method.

In a secure network, authentication can be configured to No, which means no authentication will be conducted by the router to the VRRP packets being sent out. And the router receiving the VRRP packets will take them as true and legal without any authentication. In this case no authentication key is needed.

In a network under possible security threat, the authentication method can be configured to simple. That means the router sending out the VRRP packets fills the authentication key into the VRRP packets, while the router receiving the VRRP packet will compare the authentication key of the packet with the locally configured authentication key. If they are the same, the packet will be taken as a true and legal one. Otherwise, it will be regarded as an illegal packet to be discarded. In this case, an authentication key of less than 8 bits will be configured.

Perform the following configuration in Ethernet interface view:

Table 707 Configure Authentication Method and Authentication Key

Operation

Command

 

 

Configure authentication method and

vrrp authentication-mode simple [ key

authentication key

]

 

 

Disabled VRRP authentication

undo vrrp authentication-mode simple

 

 

The same authentication method and authentication key should be configured for the standby group of an interface.

Page 660
Image 660
3Com 10014299 Configuring Authentication Method Authentication Key, Vrrp provides simple character authentication method