Re: HSRP authentication

From: Ravi (s_ravichandran@xxxxxxxxxxx)
Date: Tue Aug 14 2001 - 21:56:14 GMT-3

• Next message: YJC: "Re: Distance command in EIGRP"
• Previous message: Brian Hescock: "Re: Mobile IP"
• Maybe in reply to: Jefferson, Dave: "HSRP authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Hi,

I just checked HSRP authentication on IOS12.1(9) and found not working. Now
the improvement is that there is no error message even????
The following is the config. I configured authentication on one router only.
AS you can see both are working fine and there is no error messages. I have
turned on debug standby error and events , but did not get any error
messages.

Regards,
Ravi

R8#sh standby
Ethernet0 - Group 1
  Local state is Active, priority 110, may preempt
  Hellotime 3 holdtime 10
  Next hello sent in 00:00:00.442
  Hot standby IP address is 100.100.100.100 configured
  Active router is local
  Standby router is 100.100.100.2 expires in 00:00:08
  Standby virtual mac address is 0000.0c07.ac01
  6 state changes, last state change 00:04:01

R8#
interface Ethernet0
 ip address 100.100.100.1 255.255.255.0
 no ip redirects
 media-type 10BaseT
 standby 1 ip 100.100.100.100
 standby 1 priority 110
 standby 1 preempt
 standby 1 authentication cisco

R7#sh standby
Ethernet0 - Group 1
  Local state is Standby, priority 105, may preempt
  Hellotime 3 holdtime 10
  Next hello sent in 00:00:00.834
  Hot standby IP address is 100.100.100.100 configured
  Active router is 100.100.100.1 expires in 00:00:09, priority 110
  Standby router is local
  4 state changes, last state change 00:05:05
R7#
interface Ethernet0
 ip address 100.100.100.2 255.255.255.0
 no ip redirects
 media-type 10BaseT
 standby 1 ip 100.100.100.100
 standby 1 priority 105
 standby 1 preempt

R7#c
Enter configuration commands, one per line. End with CNTL/Z.
R7(config)#int e0
R7(config-if)#shut
R7(config-if)#
5d09h: %LINK-5-CHANGED: Interface Ethernet0, changed state to
administratively d
own
5d09h: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed
state
to down
5d09h: SB: Et0 Interface down
5d09h: SB1: Et0 Standby: b/HSRP disabled
5d09h: SB1: Et0 Active router is unknown, was 100.100.100.1
5d09h: SB1: Et0 Standby router is unknown, was local
5d09h: SB1: Et0 Standby -> Init
5d09h: %STANDBY-6-STATECHANGE: Standby: 1: Ethernet0 state Standby ->
Init

R7(config-if)#
R7(config-if)#
R7(config-if)#no shut
R7(config-if)#
5d09h: SB1: Et0 Active router is 100.100.100.1
5d09h: %LINK-3-UPDOWN: Interface Ethernet0, changed state to up
5d09h: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed
state
to up
5d09h: SB: Et0 Interface up
5d09h: SB1: Et0 Init: a/HSRP enabled
5d09h: SB1: Et0 Init -> Listen
5d09h: SB1: Et0 Listen: d/Standby timer expired (unknown)
5d09h: SB1: Et0 Listen -> Speak
5d09h: SB1: Et0 Speak: d/Standby timer expired (unknown)
5d09h: SB1: Et0 Standby router is local
5d09h: SB1: Et0 Speak -> Standby
5d09h: %STANDBY-6-STATECHANGE: Standby: 1: Ethernet0 state Speak ->
Stan
dby
R7(config-if)#
R7(config-if)#^Z
R7#sh s
5d09h: %SYS-5-CONFIG_I: Configured from console by consoletan
R7#sh standby
Ethernet0 - Group 1
  Local state is Standby, priority 105, may preempt
  Hellotime 3 holdtime 10
  Next hello sent in 00:00:02.450
  Hot standby IP address is 100.100.100.100 configured
  Active router is 100.100.100.1 expires in 00:00:07, priority 110
  Standby router is local
  6 state changes, last state change 00:00:38
R7#sh ver
Cisco Internetwork Operating System Software
IOS (tm) 4000 Software (C4000-IS56I-M), Version 12.1(9), RELEASE SOFTWARE
(fc1)

----- Original Message -----
From: Jefferson, Dave <djefferson@jhancock.com>
To: 'Ravi' <s_ravichandran@hotmail.com>; <ccielab@groupstudy.com>
Sent: Tuesday, August 14, 2001 1:01 PM
Subject: RE: HSRP authentication

> I just finished researching this issue after getting the same results.
> According to the Cisco TAC until very recently (12.1.9) HSRP
authentication
> does not prevent non-authenticating routers from joining a group but
instead
> just issues a badauth message. I haven't tried 12.1.9 yet but supposedly
it
> is fixed in this release and will prevent routers from join a group if
they
> fail to authenticate.
>
> -----Original Message-----
> From: Ravi [mailto:s_ravichandran@hotmail.com]
> Sent: Wednesday, August 22, 2001 11:57 AM
> To: ccielab@groupstudy.com
> Subject: HSRP authentication
>
>
> Hi,
>
> I was trying HSRP authentication, I configured standby 1 authentication
> Cisco on one of the HSRP router. The other side I did not configure for
> authentication. I expected that router not participate in the HSRP. But
the
> results are different. It works fine. It becomes standby and or active as
> normal. Only thing I see is a error message keeps coming from the router,
> says bad authentication. I don't understand how it happens and I tried
this
> in couple of different IOS. The latest I used was 12.0 (18)
>
> Regards,
> Ravi
> **Please read:http://www.groupstudy.com/list/posting.html
> **Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html

• Next message: YJC: "Re: Distance command in EIGRP"
• Previous message: Brian Hescock: "Re: Mobile IP"
• Maybe in reply to: Jefferson, Dave: "HSRP authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:31:51 GMT-3