[c-nsp] %STANDBY-3-BADAUTH log messages

Bruce Pinsky bep at whack.org
Tue Nov 8 14:12:49 EST 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Matti Saarinen wrote:
>  [ Back to my old question ]
> 
> "Dale W. Carder" <dwcarder at doit.wisc.edu> writes:
> 
> 
>>>$router: Oct 21 13:26:19.164: %STANDBY-3-BADAUTH: Bad authentication \ 
>>>from $address, group 0, remote state Active
>>
>>I found that watching for HSRP messages is a good indicator of a
>>network loop of some sort, be it the vlan bridged to itself, or to
>>another vlan.
> 
> 
>  Now, I've time enough to run tcpdump and found out that there is a
>  leakage of HSRP packets between two vlans. Surprisingly enough, the
>  leakage seems to be one way.
> 
> 
>>ALso note that I think HSRP uses the same mac address for each
>>vlan interface, 
> 
> 
>  As Rubens Kuhl Jr pointed out, the HSRP group number defines the mac
>  address used. Unfortunately, we use the same group number for every
>  interface on a router. (There must be some reason why this is done,
>  but I'm not aware of it.) Also, the vlans between which the leakage
>  happens are way too large, so it may be that we're hitting some limit
>  in some switch that has ports configured for both vlans.
> 


I've also seen leakage on some switches where the CAM can have only 1
instance of any given MAC address, even if there are multiple VLANs
defined.  Causes havoc for both HSRP and for multi-hosted Sun
workstations/servers where a single MAC address is assigned to all
interfaces by default.

- --
=========
bep

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)

iD8DBQFDcPixE1XcgMgrtyYRApy9AJ9HZ7alHw3k9STtpQn92M+dWTZ9KACfaV+J
SdgoKGtMt9yRwOKSgse9AFw=
=ATRm
-----END PGP SIGNATURE-----


More information about the cisco-nsp mailing list