jjchen978 Thu, 04/30/2009 - 01:52

hi,


when you say key, are you referring to authentication key? vrrp can support authentication (i.e. text or md5).



carl_townshend Thu, 04/30/2009 - 02:08

If you have multiple LACP groups on the same switch, how does it distinguish between them ?

crow930us Thu, 04/30/2009 - 02:08

Yes, there is an option for an authentication password. If you set it on one system it should be the same on every other device in the VRRP group.

The command for it is vrrp group-number authentication {md5 keyname spi index | text password}


crow930us Thu, 04/30/2009 - 04:30

You can configure up to 255 virtual routers on a router physical interface. The actual number of virtual routers that a router interface can support depends on the following factors:


•Router processing capability


•Router memory capability


•Router interface support of multiple MAC addresses


I think the memory and interface have a bigger limitation on the number of groups than anything else.


In a topology where multiple virtual routers are configured on a router interface, the interface can act as a master for one virtual router and as a backup for one or more virtual routers.


http://www.cisco.com/en/US/docs/ios/ipapp/configuration/guide/ipapp_vrrp.html



carl_townshend Fri, 05/01/2009 - 00:26

when you say routers, do you mean groups ?

So I could have say 300 vlans but in the same group ? or do you mean 255 virtual ip's ?

dazza_johnson Sun, 03/31/2013 - 19:17

Resurrecting an old thread here.... Always use MD5 authentication for your VRRP deployment. A demonstration of VRRP being attacked/compromised can be downloaded from the location below. In addition, it shows how plain-text authentication can be simply viewed using a sniffer. As the biased author of the document, I believe its a good read :-)


Download the demonstration from here:

http://www.og150.com/tutorials.php

Go to: "VRRP (Virtual Router Redundancy Protocol) Attack"

Actions

This Discussion