jjchen978 Thu, 04/30/2009 - 01:52
User Badges:

hi,


when you say key, are you referring to authentication key? vrrp can support authentication (i.e. text or md5).



carl_townshend Thu, 04/30/2009 - 02:08
User Badges:

If you have multiple LACP groups on the same switch, how does it distinguish between them ?

crow930us Thu, 04/30/2009 - 02:08
User Badges:
  • Bronze, 100 points or more

Yes, there is an option for an authentication password. If you set it on one system it should be the same on every other device in the VRRP group.

The command for it is vrrp group-number authentication {md5 keyname spi index | text password}


crow930us Thu, 04/30/2009 - 04:30
User Badges:
  • Bronze, 100 points or more

You can configure up to 255 virtual routers on a router physical interface. The actual number of virtual routers that a router interface can support depends on the following factors:


•Router processing capability


•Router memory capability


•Router interface support of multiple MAC addresses


I think the memory and interface have a bigger limitation on the number of groups than anything else.


In a topology where multiple virtual routers are configured on a router interface, the interface can act as a master for one virtual router and as a backup for one or more virtual routers.


http://www.cisco.com/en/US/docs/ios/ipapp/configuration/guide/ipapp_vrrp.html



carl_townshend Fri, 05/01/2009 - 00:26
User Badges:

when you say routers, do you mean groups ?

So I could have say 300 vlans but in the same group ? or do you mean 255 virtual ip's ?

dazza_johnson Sun, 03/31/2013 - 19:17
User Badges:

Resurrecting an old thread here.... Always use MD5 authentication for your VRRP deployment. A demonstration of VRRP being attacked/compromised can be downloaded from the location below. In addition, it shows how plain-text authentication can be simply viewed using a sniffer. As the biased author of the document, I believe its a good read :-)


Download the demonstration from here:

http://www.og150.com/tutorials.php

Go to: "VRRP (Virtual Router Redundancy Protocol) Attack"

Actions

This Discussion