vrrp check-ttl enable

Use vrrp check-ttl enable to enable TTL check for IPv4 VRRP packets.

Use undo vrrp check-ttl enable to disable TTL check for IPv4 VRRP packets.

Syntax

vrrp check-ttl enable

undo vrrp check-ttl enable

Default

TTL check for IPv4 VRRP packets is enabled.

Views

Interface view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

The master in an IPv4 VRRP group periodically sends VRRP advertisements to declare its presence. The VRRP advertisements are multicast in the local subnet and cannot be forwarded by routers, so the TTL value is not changed. When the master sends VRRP advertisements, it sets the TTL value to 255. If you enable TTL check, the backups drop the VRRP advertisements with TTL other than 255, preventing attacks from other subnets.

Devices from different vendors might implement VRRP differently. When the device is interoperating with devices of other vendors, TTL check on VRRP packets might result in unexpected dropping of packets. In this scenario, use the undo vrrp check-ttl enable command to disable TTL check on VRRP packets.

Examples

# Disable TTL check for IPv4 VRRP packets.

<Sysname> system-view
[Sysname] interface vlan-interface 2
[Sysname-Vlan-interface2] undo vrrp check-ttl enable