Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1317
Views
0
Helpful
8
Replies

vrrp setup

carl_townshend
Spotlight
Spotlight

‎04-30-2009 01:42 AM - edited ‎03-06-2019 05:28 AM

Hi all, when setting up vrrp ports, do I need to put in a key of some sort? On the Nortel switches you have to make sure the key is the same on the ports in the group.

Labels:
0 Helpful
8 Replies 8

jjchen978
Level 1
Level 1

‎04-30-2009 01:52 AM

hi,

when you say key, are you referring to authentication key? vrrp can support authentication (i.e. text or md5).

0 Helpful

carl_townshend
Spotlight
Spotlight
In response to jjchen978

‎04-30-2009 02:08 AM

If you have multiple LACP groups on the same switch, how does it distinguish between them ?

0 Helpful

crow930us
Level 3
Level 3

‎04-30-2009 02:08 AM

Yes, there is an option for an authentication password. If you set it on one system it should be the same on every other device in the VRRP group.

The command for it is vrrp group-number authentication {md5 keyname spi index | text password}

0 Helpful

carl_townshend
Spotlight
Spotlight
In response to crow930us

‎04-30-2009 03:19 AM

how many vrrp groups can you have on the cat 6500 ?

cheers

Carl

0 Helpful

crow930us
Level 3
Level 3
In response to carl_townshend

‎04-30-2009 04:30 AM

You can configure up to 255 virtual routers on a router physical interface. The actual number of virtual routers that a router interface can support depends on the following factors:

•Router processing capability

•Router memory capability

•Router interface support of multiple MAC addresses

I think the memory and interface have a bigger limitation on the number of groups than anything else.

In a topology where multiple virtual routers are configured on a router interface, the interface can act as a master for one virtual router and as a backup for one or more virtual routers.

http://www.cisco.com/en/US/docs/ios/ipapp/configuration/guide/ipapp_vrrp.html

0 Helpful

carl_townshend
Spotlight
Spotlight
In response to crow930us

‎05-01-2009 12:26 AM

when you say routers, do you mean groups ?

So I could have say 300 vlans but in the same group ? or do you mean 255 virtual ip's ?

0 Helpful

dazza_johnson
Level 5
Level 5
In response to carl_townshend

‎03-31-2013 07:17 PM

Resurrecting an old thread here.... Always use MD5 authentication for your VRRP deployment. A demonstration of VRRP being attacked/compromised can be downloaded from the location below. In addition, it shows how plain-text authentication can be simply viewed using a sniffer. As the biased author of the document, I believe its a good read :-)

Download the demonstration from here:

http://www.og150.com/tutorials.php

Go to: "VRRP (Virtual Router Redundancy Protocol) Attack"

0 Helpful

InayathUlla Sharieff
Cisco Employee
Cisco Employee

‎03-31-2013 08:19 PM

Hi Carl,

Kindly find the below link on VRRP which explains complete infomration inregards to it:

http://www.cisco.com/en/US/docs/ios/ios_xe/ipapp/configuration/guide/ipapp_vrrp_xe.pdf

HTH

Regards

Inayath

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card