[c-nsp] Apple Mac + iPhone = strange network loop?
Jay Hennigan
jay at west.net
Tue May 25 12:06:59 EDT 2010
On 5/25/10 8:28 AM, Peter Rathlev wrote:
> 002660: May 21 09:16:50.426 CEST: %HSRP-4-BADAUTH: Bad authentication
> from 10.100.0.134, group 22, remote state Standby
>
> It turns out this (10.100.0.134) is the IP address of the MacBook.
> Capturing the traffic, we can see that it is exactly the HSRP hellos,
> but just with the IP address replaced, a la NAT.
>
> Without HSRP authentication (we tried that too!) it actually "steals"
> the primary role, i.e. when it "reflects" the primary router's hello the
> two real routers assume a "Standby" role.
>
> It doesn't cause broadcast loops or anything, so it seems to only
> forward/bridge unicast packets.
>
> Apart from telling people not to connect their wonderful Apple devices
> in this way, what can we do? :-)
Make sure that you use HSRP authentication everywhere. Have the Apple
customers open bug reports with Apple, and suggest that they mention
"Cisco HSRP protocol conflict" in their reports.
Be prepared to wait a while for Apple to realize the issue, do
regression testing, and roll it out in their next updates.
--
Jay Hennigan - CCIE #7880 - Network Engineering - jay at impulse.net
Impulse Internet Service - http://www.impulse.net/
Your local telephone and internet company - 805 884-6323 - WB6RDV
More information about the cisco-nsp
mailing list