[c-nsp] %STANDBY-3-BADAUTH log messages

Dale W. Carder dwcarder at doit.wisc.edu
Fri Oct 21 12:19:18 EDT 2005


Thus spake Matti Saarinen (mjsaarin at cc.helsinki.fi) on Fri, Oct 21, 2005 at 01:52:12PM +0300:
> We've been seeing the following log messages during the last 7 days:
> 
> $router: Oct 21 13:26:19.164: %STANDBY-3-BADAUTH: Bad authentication \ 
> from $address, group 0, remote state Active
> 
> Does a router generate such a message every time it sees an HSRP
> packet that has bad authentication data? Or does a router wait for
> some period of time and then it generates a log message? 


I found that watching for HSRP messages is a good indicator
of a network loop of some sort, be it the vlan bridged to
itself, or to another vlan.

My experience has been, IIRC, that you will only get roughly 1
per 30 seconds or so, which is much higher than the default
hello interval of 3 seconds.

So, if you're seeing them once per half hour, look for STP
topo changes, bpdu guard, or other churning in your network.
ALso note that I think HSRP uses the same mac address for each
vlan interface, so if you have a switch that doesn't have a 
mac address table per vlan, maybe that's something to look into
also.

Dale


----------------------------------
Dale W. Carder - Network Engineer   
University of Wisconsin at Madison  
http://net.doit.wisc.edu/~dwcarder



More information about the cisco-nsp mailing list