Configuring MD5 authentication on VRRP interfaces

Interfaces can be configured with an MD5 encrypted password for authentication, and VRRP can use the same authentication type associated with the interfaces on which you define the virtual router ID (VRID).

If you configure your device interfaces to use an MD5 encrypted password to authenticate traffic, VRRP interfaces can be configured with the same MD5 password, and VRRP packets that do not contain the password are dropped. If your interfaces do not use authentication, neither does VRRP. Repeat this task on all interfaces on all devices that support the VRID.
  1. From privileged EXEC mode, enter global configuration mode by issuing the configure terminal command. 
    device# configure terminal
  2. Globally enable VRRP. 
    device(config)# router vrrp
  3. Specify an interface associated with the VRRP VRID. 
    device(config)# interface ethernet 1/1/6
  4. Enter the MD5 password configuration using the ip vrrp auth-type command with a text password. The password will be encrypted when saved in the configuration file. When an MD5 authentication password is configured on an interface, a syslog message is displayed. 
    device(config-if-e1000-1/1/6)# ip vrrp auth-type md5-auth gy42mb
  5. Verify the password on the interface using the show ip vrrp command. 
    device(config-if-e1000-1/1/6-vrid-1)# show ip vrrp

Total number of VRRP routers defined: 1
Interface ethernet 1/1/6
auth-type MD5 authentication 
VRID 1
state backup
administrative-status enabled
mode owner
priority 99
current priority 99
hello-interval 1 sec
ip-address 10.53.5.1
backup routers 10.53.5.2
    In this example, the auth-type is MD5 authentication where the entered password is encrypted. A show run command with appropriate parameters will actually display the encrypted password, and you can use the enable password-display command to actually display the encrypted password. The output verifies the type of authentication.

The following example enables MD5 authentication on Ethernet interface 1/1/6 and verifies the authentication type. 

device# configure terminal
device(config)# router vrrp
device(config)# interface ethernet 1/1/6
device(config-if-e1000-1/1/6)# ip vrrp auth-type MD5 yourpwd
device(config-if-e1000-1/1/6-vrid-1)# show ip vrrp

Total number of VRRP routers defined: 1
Interface ethernet 1/1/6
auth-type MD5 authentication 
VRID 1
state backup
administrative-status enabled
mode owner
priority 99
current priority 99
hello-interval 1 sec
ip-address 10.53.5.1
backup routers 10.53.5.2
Parent topic: VRRPv2