Configuring simple text authentication on VRRP interfaces

A simple text password can be used for interface authentication in a network. VRRP uses the authentication type associated with the interfaces on which you define the virtual router ID (VRID).

A VRRP session must be configured and running.

If you configure your device interfaces to use a simple password to authenticate traffic, VRRP interfaces can be configured with the same simple password, and VRRP packets that do not contain the password are dropped. If your interfaces do not use authentication, neither does VRRP. Repeat this task on all interfaces on all devices that support the VRID.

NOTE
This task supports VRRPv2 and VRRP-Ev2 only. VRRPv3 and VRRP-Ev3 are not supported.
  1. From privileged EXEC mode, enter global configuration mode by issuing the configure terminal command. 
    device# configure terminal
  2. Globally enable VRRP. 
    device(config)# router vrrp
  3. Configure an Ethernet interface. 
    device(config)# interface ethernet 1/1/6
  4. Enter the simple text password configuration using the ip vrrp auth-type command with a text password. 
    device(config-if-e1000-1/1/6)# ip vrrp auth-type simple-text-auth yourpwd
  5. Verify the password on the interface using the show ip vrrp command with either the VRID or Ethernet options. 
    device(config-if-e1000-1/1/6-vrid-1)# show ip vrrp

Total number of VRRP routers defined: 1
Interface ethernet 1/1/6
auth-type simple text authentication 
VRID 1
state backup
administrative-status enabled
mode owner
priority 99
current priority 99
hello-interval 1 sec
ip-address 10.53.5.1
backup routers 10.53.5.2
    In this example, the authentication type is simple text authentication. A show running-config command with appropriate parameters will actually display the password. The output verifies the type of authentication.
Parent topic: VRRPv2