[c-nsp] %STANDBY-3-BADAUTH log messages

Matti Saarinen mjsaarin at cc.helsinki.fi
Fri Oct 21 06:52:12 EDT 2005


We've been seeing the following log messages during the last 7 days:

$router: Oct 21 13:26:19.164: %STANDBY-3-BADAUTH: Bad authentication \ 
from $address, group 0, remote state Active

The $address belongs to one of the interfaces of the router sending
the log messages. So, it must be that the router receives HSRP packets
it sent out from the interface having the IP-address $address. This
must be a result of two vlans connected somewhere eiher by a badly
placed cable (possible) or broken switch/switch having buggy software
(possible, too).

The log message appears about once in every half an hour. 

Does a router generate such a message every time it sees an HSRP
packet that has bad authentication data? Or does a router wait for
some period of time and then it generates a log message? 

I'm just thinking how long I need to snoop a single vlan in order to
see an offending HSRP packet.

Cheers,

-- 
- Matti -


More information about the cisco-nsp mailing list