Sunday, November 2, 2008

VRRP - Part 1 Authentication




VRRP is a non-proprietary router redundancy protocol (as opposed to the CISCO proprietary HSRP) defined by RFC2338. The aim of boths protocols is to provide a redundant default gateway for hosts on the same subnet. This is achieved by enabling a virtual IP address that in effect both (or more) routers service.

On the DOC CD HSRP is found under 12.2 ip services. I found VRRP under 12.3 ip services.

http://www.cisco.com/en/US/docs/ios/12_0st/12_0st18/feature/guide/st_vrrpx.html

The good news as far as i can see is that vrrp config is almost identical to HSRP: just substitute vrrp keyword instead of the standby keyword.

In this example i make R2 and R3 vrrp partners

Router 2
interface fastethernet 0/0
vrrp 1 ip 10.0.0.254

Router 3
interface fastethernet 0/0
vrrp 1 ip 10.0.0.254

Router_3#s vrrp
FastEthernet0/0 - Group 1
State is Master
Virtual IP address is 10.0.0.254
Virtual MAC address is 0000.5e00.0101
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 100
Master Router is 10.0.0.3 (local), priority is 100
Master Advertisement interval is 1.000 sec
Master Down interval is 3.609 sec

Router_2#s vrrp
FastEthernet0/0 - Group 1
State is Backup
Virtual IP address is 10.0.0.254
Virtual MAC address is 0000.5e00.0101
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 100
Master Router is 10.0.0.3, priority is 100
Master Advertisement interval is 1.000 sec
Master Down interval is 3.609 sec (expires in 2.741 sec)

Unlike HSRP preemption comes pre enabled. VRRP has the concept of master and backup router as opposed to HSRPs active and standby.

Now to introduce authentication. This feature only allows plain text authentication, so in itself it is not really a security feature but rather a feature to prevent misconfigured hosts joing the group.

To enable

Router 1
interface fastethernet 0/0
vrrp 1 authentication text RICH

Router 3
interface fastethernet 0/0
vrrp 1 authentication text RICH

Now to review the vrrp status again

Router_2#s vrrp
FastEthernet0/0 - Group 1
State is Master
Virtual IP address is 10.0.0.254
Virtual MAC address is 0000.5e00.0101
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 100
Authentication is enabled
Master Router is 10.0.0.2 (local), priority is 100
Master Advertisement interval is 1.000 sec
Master Down interval is 3.609 sec
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)