I'm currently studdying for my CCNP certification exam and I need somes helps to understanding some concept.
#1 I would like to understand "key chain". In my book when I had read it I had understand key chain is a list of key with index number like a tableau in which the the index is use to tell which string I want to use.
" Alternatively, you can define an MD5 key string as a key on a key chain. This method is more
flexible, enabling you to define more than one key on the switch. Any of the keys then can be
associated with HSRP on any interface. If a key needs to be changed, you simply add a new key
to the key chain and retire (delete) an old key.
First define the key chain globally with the key chain command; then add one key at a time
with the key and key-string commands. The key-number index is arbitrary, but keys are tried in
sequential order. Finally, associate the key chain with HSRP on an interface by referencing its
chain-name. You can use the following commands to configure HSRP MD5 authentication:
Switch(config)# key chain chain-name
Switch(config-keychain)# key key-number
Switch(config-keychain-key)# key-string [0 | 7] string
Switch(config)# interface type mod/num
Switch(config-if)# standby group authentication md5 key-chain chain-name
But in the last command where is the index number, where he's tell he want to use second key in his list of keysâ¦.
#2 With GLBP when a AVF "A" as failed and other AVF "B" as took is MAC address for provide service to A's clients. When B respond back to A's client is it response always with AVF A's MAC address or B's MAC address ? I understand if it response with B's MAC address client arp table will update there arp cache with the new MAC address for there gateway and when A come back those client will no more use A they will continue to use B. If continue to use A's MAC address when trafic cameback to local network how client will be able to continue to work after expiration of the timeout timer ? they should restart there computer ? (client are'nt able to clear manually there arp cache on there computer no right's)