vrrp check-ttl enable
Use vrrp check-ttl enable to enable TTL check for IPv4 VRRP packets.
Use undo vrrp check-ttl enable to disable TTL check for IPv4 VRRP packets.
Syntax
vrrp check-ttl enable
undo vrrp check-ttl enable
Default
TTL check for IPv4 VRRP packets is enabled.
Views
Interface view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
The master in an IPv4 VRRP group periodically sends VRRP advertisements to declare its presence. The VRRP advertisements are multicast in the local subnet and cannot be forwarded by routers, so the TTL value is not changed. When the master sends VRRP advertisements, it sets the TTL value to 255. If you enable TTL check, the backups drop the VRRP advertisements with TTL other than 255, preventing attacks from other subnets.
Devices from different vendors might implement VRRP differently. When the device is interoperating with devices of other vendors, TTL check on VRRP packets might result in unexpected dropping of packets. In this scenario, use the undo vrrp check-ttl enable command to disable TTL check on VRRP packets.
Examples
# Disable TTL check for IPv4 VRRP packets.
<Sysname> system-view [Sysname] interface vlan-interface 2 [Sysname-Vlan-interface2] undo vrrp check-ttl enable