Configuring security features on a vsrp-aware, Device, Configuring authentication – Brocade TurboIron 24X Series Configuration Guide User Manual

Page 345

Advertising
background image

Brocade TurboIron 24X Series Configuration Guide

311

53-1003053-01

Virtual Switch Redundancy Protocol (VSRP)

Configuring authentication

If the interfaces on which you configure the VRID use authentication, the VSRP packets on those
interfaces also must use the same authentication. VSRP supports the following authentication
types:

No authentication – The interfaces do not use authentication. This is the default.

Simple – The interfaces use a simple text-string as a password in packets sent on the
interface. If the interfaces use simple password authentication, the VRID configured on the
interfaces must use the same authentication type and the same password.

To configure a simple password, enter a command such as the following at the interface
configuration level.

TurboIron(config-if-6)#ip vsrp auth-type simple-text-auth ourpword

This command configures the simple text password “ourpword”.

Syntax: [no] ip vsrp auth-type no-auth | simple-text-auth <auth-data>

The auth-type no-auth parameter indicates that the VRID and the interface it is configured on do
not use authentication.

The auth-type simple-text-auth <auth-data> parameter indicates that the VRID and the interface it
is configured on use a simple text password for authentication. The <auth-data> value is the
password. If you use this parameter, make sure all interfaces on all the devices supporting this
VRID are configured for simple password authentication and use the same password.

Configuring security features on a VSRP-aware device

This section shows how to configure security features on a VSRP-aware device. For an overview of
this feature, refer to

“VSRP-Aware security features”

on page 305.

Specifying an authentication string for VSRP hello packets
The following configuration defines pri-key as the authentication string for accepting incoming
VSRP hello packets. In this example, the VSRP-aware device will accept all incoming packets that
have this authorization string.

TurboIron(config)#vlan 10

TurboIron(config-vlan-10)#vsrp-aware vrid 3 simple-text-auth pri-key

Syntax: vsrp-aware vrid <vrid number> simple text auth <string>

Specifying no authentication for VSRP hello packets
The following configuration specifies no authentication as the preferred VSRP-aware security
method. In this case, the VSRP device will not accept incoming packets that have authentication
strings.

TurboIron(config)#vlan 10

TurboIron(config-vlan-10)#vsrp-aware vrid 2 no-auth

Syntax: vsrp-aware vrid <vrid number> no-auth

The following configuration specifies no authentication for VSRP hello packets received on ports 1,
2, 3, and 4 in VRID 4. For these ports, the VSRP device will not accept incoming packets that have
authentication strings.

TurboIron(config)#vlan 10

TurboIron(config-vlan-10)#vsrp-aware vrid 4 no-auth port-list ethe 1 to 4

Advertising
See also other documents in the category Brocade Computer Accessories: