ACD are correct.
VRRP supports md5 authentication
R1(config-if)#vrrp 1 authentication ?
WORD Plain text authentication string
md5 Use MD5 authentication
text Plain text authentication
VRRP supports secondary IP address
R1(config-if)#vrrp 1 ip 192.168.1.250 ?
secondary Specify an additional VRRP address for this group
<cr>
and VRRP has preempt enabled by default.
Option C is wrong. Authentication was revoked from VRRP with RFC 3768 and RFC 5798. Even though Cisco still support authentication for VRRP, the protocol itself does not. A 3rd party device may not supported as it is not required in the standard.
https://datatracker.ietf.org/doc/html/rfc5798
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp_fhrp/configuration/15-mt/fhp-15-mt-book/fhp-vrrp.html#GUID-B1CB24C0-2526-4790-A701-0105FDA69FC8
Interesting fact :
First RFC 2338 says MD5 is a feature, but the last version 5798 of the RFC says "VRRP for IPvX does not currently include any type of authentication." (same satement is in RFC 3768)
So A and D for me
Should this question be "Choose three" ? The thing is seconday ip addres is supported so is md5 authentication and preemption is enabled by default too ....
By default, VRRP (Virtual Router Redundancy Protocol) does not support secondary IP addresses for the virtual IP address assignment. VRRP focuses on providing high availability for a single primary IP address per VRRP group. While a physical interface can have secondary IP addresses, the VRRP virtual IP address typically matches the primary IP address of the interface on the master router.
^ That's wrong It's A &D :)
Early versions of VRRP included options for authentication, such as plaintext and MD5. However, with the publication of RFC 3768 (which was obsoleted by RFC 5798), authentication mechanisms, including MD5, were removed from the protocol standards for VRRP. The rationale was based on the recognition that such authentication methods provided limited security benefits and could be better addressed through other means, such as securing the management plane of the network.
RFC 5798, which defines VRRPv3 for IPv4 and IPv6, does not include authentication in the VRRP protocol, focusing instead on the operational aspects of router redundancy.
So, the accurate information reflecting the current standard is that VRRP, as defined in the latest RFCs, does not support MD5 authentication or any form of authentication within the protocol itself.
AD is correct: according GPT Chat:
Regarding the use of Message Digest Algorithm 5 (MD5) authentication with VRRP, it's important to note that VRRP itself does not have built-in support for MD5 authentication. VRRP provides a basic authentication mechanism through a simple plaintext password.
A - Correct. Preemption is enabled by default on VRRP.
B - Wrong. The priority goes from 0 - 255.
C - Wrong. Authentication was revoked from VRRP with RFC 3768 and RFC 5798. Even though Cisco still support authentication for VRRP, the protocol itself does not. A 3rd party device may not supported as it is not required in the standard.
D - Correct. As stated by others VRRP can manage multiple addresses, including secondary addresses.
E- Wrong. VRRP is an open standard
If you are familiar with VRRP, you would know that VRRP supports MD5 authentication, it also supports Secondary IP address, and Preempt is enabled by default.
The question should say to "choose all that apply" instead of choose only two.
For me it's A&D too.
Here from Cisco:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp_fhrp/configuration/15-mt/fhp-15-mt-book/fhp-vrrp.html#GUID-25707FA6-F3D5-4726-9E03-62112630F329
"By default, a preemptive scheme is enabled whereby a higher priority virtual router backup that becomes available takes over for the virtual router backup that was elected to become virtual router master. You can disable this preemptive scheme using the no vrrp preempt command."
"The virtual router can manage multiple IP addresses, including secondary IP addresses." Therefore, if you have multiple subnets configured on an Ethernet interface, you can configure VRRP on each subnet.
According to the same page aboce, C would also be valid:
"You can configure VRRP text authentication, authentication using a simple MD5 key string, or MD5 key chains for authentication."
MD5 seems to be not allowed on all Cisco devices https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/7-x/unicast/configuration/guide/b_Cisco_Nexus_9000_Series_NX-OS_Unicast_Routing_Configuration_Guide_7x/b_Cisco_Nexus_9000_Series_NX-OS_Unicast_Routing_Configuration_Guide_7x_chapter_010011.pdf
Interesting as the labs in the online training have you configure VRRP with authentication but it's not recommended. Since I needed to do it as part of the official training course for ENCOR on Cisco's online training, I'll go with MD5. Preempt is enabled by default.
B. wrong, since <1-254> Priority level
D. wrong, the virtual IP can be a configured interface IP but not a secondary address/es
E. wrong
Right answers
A. show vrrp "Preemption enabled" pre-emption obviously a typo
C. vrrp 100 authentication ?
WORD Plain text authentication string
md5 Use MD5 authentication
text Plain text authentication
Must be a bonus question. To me, ACD are correct choices. "Pre-empt" and "Preempt" exactly means the same thing in English. But I concede that only the latter form of the spelling is the acceptable IOS command.
I think this question is looking for three answers:
A, C, and D are all features of VRRP: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp_fhrp/configuration/15-mt/fhp-15-mt-book/fhp-vrrp.html#GUID-3A5601DB-95A3-48EE-9F46-ECB746E820FC
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
[Removed]
Highly Voted 1 year, 5 months agoManvek
1 year, 4 months agopoy4242
Highly Voted 1 year, 11 months agozbeugene7
Most Recent 2 days, 20 hours ago[Removed]
6 months ago[Removed]
6 months, 3 weeks ago[Removed]
6 months, 1 week agosupershysherlock
8 months, 3 weeks agosupershysherlock
8 months, 3 weeks agoJasper
1 year ago3938278
8 months, 1 week agoEvreni
1 year, 1 month agoManvek
1 year, 4 months agoHosein
1 year, 5 months ago[Removed]
1 year, 5 months agoEntivo
1 year, 5 months agoBluntedcase
1 year, 6 months agoBluntedcase
1 year, 6 months agoCesar12345
1 year, 6 months agoforeignbishop
1 year, 6 months agogibblock
1 year, 8 months agoJackDRipper
1 year, 8 months agoJackDRipper
1 year, 7 months agoeojedad
1 year, 9 months ago