Which of the following are true statements regarding the Virtual Router Redundancy Protocol (VRRP) feature? (Choose two.)
Which of the following are true statements regarding the Virtual Router Redundancy Protocol (VRRP) feature? (Choose two.)
Pre-emption is enabled by default in VRRP, allowing a higher priority router to take over from a lower priority router if it becomes available. Additionally, VRRP supports the use of secondary IP addresses, allowing the virtual router to manage multiple IP addresses on an interface. The router priority, however, is not configurable from 0-4095, but rather from 0-255, and MD5 authentication is no longer supported in the standard VRRP protocol as per the latest RFCs. VRRP is also an open standard that can be used with devices from vendors other than Cisco.
ACD are correct. VRRP supports md5 authentication R1(config-if)#vrrp 1 authentication ? WORD Plain text authentication string md5 Use MD5 authentication text Plain text authentication VRRP supports secondary IP address R1(config-if)#vrrp 1 ip 192.168.1.250 ? secondary Specify an additional VRRP address for this group <cr> and VRRP has preempt enabled by default.
Option C is wrong. Authentication was revoked from VRRP with RFC 3768 and RFC 5798. Even though Cisco still support authentication for VRRP, the protocol itself does not. A 3rd party device may not supported as it is not required in the standard. https://datatracker.ietf.org/doc/html/rfc5798 https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp_fhrp/configuration/15-mt/fhp-15-mt-book/fhp-vrrp.html#GUID-B1CB24C0-2526-4790-A701-0105FDA69FC8
Interesting fact : First RFC 2338 says MD5 is a feature, but the last version 5798 of the RFC says "VRRP for IPvX does not currently include any type of authentication." (same satement is in RFC 3768) So A and D for me
A - Correct. Preemption is enabled by default on VRRP. B - Wrong. The priority goes from 0 - 255. C - Wrong. Authentication was revoked from VRRP with RFC 3768 and RFC 5798. Even though Cisco still support authentication for VRRP, the protocol itself does not. A 3rd party device may not supported as it is not required in the standard. D - Correct. As stated by others VRRP can manage multiple addresses, including secondary addresses. E- Wrong. VRRP is an open standard
AD is correct: according GPT Chat: Regarding the use of Message Digest Algorithm 5 (MD5) authentication with VRRP, it's important to note that VRRP itself does not have built-in support for MD5 authentication. VRRP provides a basic authentication mechanism through a simple plaintext password.
chatgpt...you must be kidding.
AD: are correct C: is not because MD5 i supported only in VRRP-E (extended)
obvious answers are A and D,
If you are familiar with VRRP, you would know that VRRP supports MD5 authentication, it also supports Secondary IP address, and Preempt is enabled by default. The question should say to "choose all that apply" instead of choose only two.
MD5 seems to be not allowed on all Cisco devices https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/7-x/unicast/configuration/guide/b_Cisco_Nexus_9000_Series_NX-OS_Unicast_Routing_Configuration_Guide_7x/b_Cisco_Nexus_9000_Series_NX-OS_Unicast_Routing_Configuration_Guide_7x_chapter_010011.pdf
B. wrong, since <1-254> Priority level D. wrong, the virtual IP can be a configured interface IP but not a secondary address/es E. wrong Right answers A. show vrrp "Preemption enabled" pre-emption obviously a typo C. vrrp 100 authentication ? WORD Plain text authentication string md5 Use MD5 authentication text Plain text authentication
C and D are correct answer. pre-emption doesn't exist....a tricky option
A & D are correct
i think A and C are correct. after some googling I found out that MD5 is not supported on VRRP and it depends on the vendor
i mean A and D are correct
By default, VRRP (Virtual Router Redundancy Protocol) does not support secondary IP addresses for the virtual IP address assignment. VRRP focuses on providing high availability for a single primary IP address per VRRP group. While a physical interface can have secondary IP addresses, the VRRP virtual IP address typically matches the primary IP address of the interface on the master router.
^ That's wrong It's A &D :) Early versions of VRRP included options for authentication, such as plaintext and MD5. However, with the publication of RFC 3768 (which was obsoleted by RFC 5798), authentication mechanisms, including MD5, were removed from the protocol standards for VRRP. The rationale was based on the recognition that such authentication methods provided limited security benefits and could be better addressed through other means, such as securing the management plane of the network. RFC 5798, which defines VRRPv3 for IPv4 and IPv6, does not include authentication in the VRRP protocol, focusing instead on the operational aspects of router redundancy. So, the accurate information reflecting the current standard is that VRRP, as defined in the latest RFCs, does not support MD5 authentication or any form of authentication within the protocol itself.
A and D are true but so is C, so there are 3 correct answers here!!
For me it's A&D too. Here from Cisco: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp_fhrp/configuration/15-mt/fhp-15-mt-book/fhp-vrrp.html#GUID-25707FA6-F3D5-4726-9E03-62112630F329 "By default, a preemptive scheme is enabled whereby a higher priority virtual router backup that becomes available takes over for the virtual router backup that was elected to become virtual router master. You can disable this preemptive scheme using the no vrrp preempt command." "The virtual router can manage multiple IP addresses, including secondary IP addresses." Therefore, if you have multiple subnets configured on an Ethernet interface, you can configure VRRP on each subnet.
According to the same page aboce, C would also be valid: "You can configure VRRP text authentication, authentication using a simple MD5 key string, or MD5 key chains for authentication."
Interesting as the labs in the online training have you configure VRRP with authentication but it's not recommended. Since I needed to do it as part of the official training course for ENCOR on Cisco's online training, I'll go with MD5. Preempt is enabled by default.
Must be a bonus question. To me, ACD are correct choices. "Pre-empt" and "Preempt" exactly means the same thing in English. But I concede that only the latter form of the spelling is the acceptable IOS command.
I think this question is looking for three answers: A, C, and D are all features of VRRP: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp_fhrp/configuration/15-mt/fhp-15-mt-book/fhp-vrrp.html#GUID-3A5601DB-95A3-48EE-9F46-ECB746E820FC
If I go by this Cisco documentation, then A and D are correct. https://www.cisco.com/c/en/us/td/docs/routers/crs/software/crs_r4-0/addr_serv/configuration/guide/ic40crs1book_chapter10.html