cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1801
Views
15
Helpful
4
Replies

VRRP MD5 authentication on IOS-XE

n.moss
Level 1
Level 1

Hi all,

Would anybody know why IOS-XE does not appear to support MD5 authentication for VRRP?

Feature navigator has support for MD5 on IOS, but not XE.

It seems like such a step backwards, and means ASRs and the 43/4400 series boxes won't support it. 

The other reason why this is poor, is any IOS or other vendor devices which can support it, can’t interoperate with these model boxes, as all members of the group need to support the same authentication method.

I've tried VRRPv3 and that doesn't support it either.  Does anybody have any bright ideas?

 

These two commands seems to be missing on XE:

vrrp 1 authentication md5 key-string

or
vrrp 1 authentication md5 key-chain

 

Thanks, Neil

 

4 Replies 4

Hello,

 

I seem to recall that VRRP version 3 does not support MD5, but version 2 does. Can you try and use 2 ?

Hi, thanks for responding.  I'm afraid I can't get it working on the earlier versions either.  Does anybody else know of a way, or why they stopped support for this feature?

 

Thanks, Neil

Hello,

 

I just ran this through the Feature Navigator, it appears that the last IOS version to support MD5 authentication for VRRP is 15.6T. No XE or 16,x version is listed.

I don't know why they would have dropped it in XE...

Please refer section:9 of RFC5798.

 

https://tools.ietf.org/html/rfc5798#section-9

 

Review Cisco Networking for a $25 gift card