HSRP Authentication方法

最新推荐文章于 2022-08-28 19:46:29 发布

wunderup

最新推荐文章于 2022-08-28 19:46:29 发布

阅读量1.4k

点赞数

CC 4.0 BY-SA版权

分类专栏： Networking 文章标签： HSRP

本文链接：https://blog.youkuaiyun.com/wunderup/article/details/38335391

Networking 专栏收录该内容

22 篇文章

订阅专栏

HSRP也可以使用authentication，如果authentication失败，那么，每个router都会变成active，但是，没有standby router了。

1. HSRP authentication configuration

ASR1004-5#sh run inter gi 0/0/0

Building configuration...

Current configuration : 306 bytes
!
interface GigabitEthernet0/0/0
 ip address 90.1.0.105 255.255.255.0
 ip nat outside
 standby 1 ip 90.1.0.1
 standby 1 timers 2 6
 standby 1 priority 180
 standby 1 preempt
 standby 1 authentication msrpc1
 standby 1 track 1 decrement 50
 standby 1 track 2 decrement 50
 negotiation auto
 cdp enable
end

2. authentication信息

2.1 group 1 authentication 失败后，只有一个active，没有standby

2.2 group 2 authentication 成功，既有active 又有standby

ASR1004-5#show standby brief 
Load for five secs: 0%/0%; one minute: 0%; five minutes: 0%
No time source, *05:58:43.549 UTC Fri Aug 1 2014
                     P indicates configured to preempt.
                     |
Interface   Grp  Pri P State   Active          Standby         Virtual IP
Gi0/0/0     1    180 P Active  local           unknown         90.1.0.1
Gi0/0/1     2    180 P Standby 100.100.100.115 local           100.100.100.1

3. console log for HSRP authentication failure

*Aug  1 06:01:55.951: %HSRP-4-BADAUTH: Bad authentication from 90.1.0.115, group 1, remote state Active
*Aug  1 06:02:27.361: %HSRP-4-BADAUTH: Bad authentication from 90.1.0.115, group 1, remote state Active
*Aug  1 06:02:58.372: %HSRP-4-BADAUTH: Bad authentication from 90.1.0.115, group 1, remote state Active

4. 正常HSRP信息

ASR1004-5#show standby all 
Load for five secs: 0%/0%; one minute: 0%; five minutes: 0%
No time source, *06:04:42.393 UTC Fri Aug 1 2014

GigabitEthernet0/0/0 - Group 1
  State is Standby
    15 state changes, last state change 00:00:45
  Virtual IP address is 90.1.0.1
  Active virtual MAC address is 0000.0c07.ac01 (MAC Not In Use)
    Local virtual MAC address is 0000.0c07.ac01 (v1 default)
  Hello time 2 sec, hold time 6 sec
    Next hello sent in 1.472 secs
  Authentication text, string "msrpc"
  Preemption enabled
  Active router is 90.1.0.115, priority 200 (expires in 5.984 sec)
  Standby router is local
  Priority 180 (configured 180)
    Track object 1 state Up decrement 50
    Track object 2 state Up decrement 50
  Group name is "hsrp-Gi0/0/0-1" (default)
GigabitEthernet0/0/1 - Group 2
  State is Standby
    10 state changes, last state change 00:14:37
  Virtual IP address is 100.100.100.1
  Active virtual MAC address is 0000.0c07.ac02 (MAC Not In Use)
    Local virtual MAC address is 0000.0c07.ac02 (v1 default)
  Hello time 2 sec, hold time 6 sec
    Next hello sent in 1.472 secs
  Authentication text, string "msrpc"
  Preemption enabled
  Active router is 100.100.100.115, priority 200 (expires in 6.576 sec)
  Standby router is local
  Priority 180 (configured 180)
    Track object 1 state Up decrement 50
    Track object 2 state Up decrement 50
  Group name is "hsrp-Gi0/0/1-2" (default)
ASR1004-5#

ASR1004-5#show standby neighbors 
Load for five secs: 0%/0%; one minute: 0%; five minutes: 0%
No time source, *06:05:23.899 UTC Fri Aug 1 2014

HSRP neighbors on GigabitEthernet0/0/0
  90.1.0.115
    Active groups: 1
    No standby groups

HSRP neighbors on GigabitEthernet0/0/1
  100.100.100.115
    Active groups: 2
    No standby groups
ASR1004-5#