Community discussions

MikroTik App
 
User avatar
Alferez
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 70
Joined: Mon Sep 12, 2016 9:40 am
Location: Seville / Spain
Contact:

Doubts with VRRP

Wed Dec 14, 2016 4:16 pm

I just started a CCR1072 and although it is not 100% if it is already running two full bgp and routing traffic with a minimum cpu consumption.

So we have ventured to see more possibilities to eliminate the old Ciscos that we have to give him the changed by two other CCR1072.

I have several doubts:

* Can you create the VRRP through a direct cable between both (for example using the eth interface) so that because v3 does not support securization with keys nobody in the same network can make a fist to get in, since by mac The VRID is removed and it is very easy to get inside the group and that that ip is for example seen and given by sfp1? (Logically a bridge does not suit me because in addition to making a loop you are in the same as if you put it by normal connection)

* If the previous answer is negative, how can I secure it so that nobody without authorization is cuele in the group (using v3, with v2 is put password and no problem)

* Once the routes are established, what we have seen is that if the physical interface has 1.1.1.5 and the float is 1.1.1.1 the equipment that has 1.1.1.25 and as a gateway 1.1.1.1 makes a mtr The gateway does not appear anywhere, the first jump is 1.1.1.5. Is there any way to mask this so the client sees that their first jump is to 1.1.1.1

Best Regards and sorry for my bad english and google translate used.
 
User avatar
Alferez
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 70
Joined: Mon Sep 12, 2016 9:40 am
Location: Seville / Spain
Contact:

Re: Doubts with VRRP

Thu Dec 15, 2016 11:22 pm

I get this reply from Mikrotik support:
You can set VRRP on directly connected ports and as far as I know there are no problems with VRRP and bonding.

VRRP can be secured with plain passowrd or AH for both v2 and v3.

At the moment you cannot force source address the same way cisco can do it, only option to change source address is by NAT.
But when i try activate v3 and authentication, give this message:

Couldn't add New Interface - authentication not supported in v3 (6)
 
User avatar
Alferez
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 70
Joined: Mon Sep 12, 2016 9:40 am
Location: Seville / Spain
Contact:

Re: Doubts with VRRP

Mon Dec 19, 2016 12:32 pm

Support confirm that in v3 no it's possible use password or AH.

Who is online

Users browsing this forum: No registered users and 122 guests