Filter
Top Products
154 CHAPTER 12: VRRP CONFIGURATION
Configuring switch priority
The status of each switch in a backup group is determined by its priority. The master
switch in a backup group is the one currently with the highest priority.
Switch priority ranges from 0 to 255 (a larger number indicates a higher switch
priority) and defaults to 100. Note that only 1 through 254 are available to users.
Switch priority of 255 is reserved for IP address owners.
The switch priority of an IP address owner is fixed to 255.
Configuring preemptive mode for a switch in a backup group
As long as a switch in the backup group becomes the master switch, other switches,
even if they are configured with a higher priority later, do not preempt the master
switch unless they operate in preemptive mode. The switch operating in preemptive
mode will become the master switch when it finds its priority is higher than that of
the current master switch, and the former master switch becomes a backup switch
accordingly.
You can configure an SWITCH 5500 series switch to operate in preemptive mode. You
can also set the delay period. A backup switch waits for a period of time (the delay
period) before becoming a master switch. Setting a delay period aims at:
■ In an unstable network, backup switches in a backup group possibly cannot
receive packets from the master in time due to network congestions even if the
master operates properly. This causes the master of the backup group being
determined frequently.
■ With the configuration of delay period, the backup switch will wait for a while if it
does not receive packets from the master switch in time. The master is
redetermined only after the backup switches do not receive packets from the
master switch after the specified delay time.
Configuring authentication type and authentication key for a switch in a
backup group
VRRP provides following authentication types:
■ simple: Simple character authentication
■ md5: MD5 authentication
In a network under possible security threat, the authentication type can be set to
simple. Then the switch adds the authentication key into the VRRP packets before
transmitting them. The receiver will compare the authentication key of the packet
with the locally configured one. If they are the same, the packet will be taken as a
true and legal one. Otherwise it will be regarded as an illegal packet and be
discarded. In this case, a simple authentication key should not exceed eight
characters.
In a vulnerable network, the authentication type can be set to md5. The switch will
use the authentication type and MD5 algorithm provided by the Authentication
Header to authenticate the VRRP packets. In this case, you need to set an
authentication key comprising up to eight characters or a 24-character encrypted
string.
A switch discards the packets that fail to pass the authentication and then sends trap
packets to the network management system.