01-15-2009 11:56 AM - edited 03-06-2019 03:28 AM
Hi,
My HSRP is configure with no authentification. When I turn on md5 on the first router, how will the network behave. I will have a router with md5 and one with no authentication ofr a few second. Will they both try to be the gateway?
01-15-2009 12:06 PM
Dominic,
Yes there could be a state change. I would recommend adjusting the timers while you configure authentication on HSRP to ensure that doesn't happen.
The active router should have its key string changed no later than one holdtime period, specified by the "standby timers" command, after the non-active routers.
HTH,
Mark
01-15-2009 12:15 PM
You could make your changes on the standby first, and then go to the active router. Should be fine.
HTH,
John
01-15-2009 12:20 PM
John
This would be worth testing because once you modify the standby then the standby and the active would not be able to exchange hellos and so the standby could go active assuming the primary has gone down. Not saying it would but would be worth testing.
There is a timeout option on the md5 authentication command which specifies how long before you use the new key so i was wondering if you could give yourself a large enough timeout to configure both. But this may be to do with changing keys once md5 auth is in place rather than initially setting it up.
Jon
01-15-2009 01:39 PM
Hello Jon,
you mean using a key chain so that you can use lifetime and you can then deploy a new key.
A suggestion can be that of using the key chain from the beginning so that you will be able to change the key in the future with less effort.
But first time you will face a transition in which the two routers will not accept messages from the other one.
(EIGRP experience ...)
see
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t2/feature/guide/gthsrpau.html#wp1066832
the routers need to be NTP synchronized but again this has to be tested.
Hope to help
Giuseppe
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: