GLBP GLBP-4-BADAUTH

Unanswered Question
Sep 16th, 2009

Hi

I have two 4500 switches running GLBP and I recive some strange log messages. I can't find out what the problem is. Hope you could help:

s-aala8-24-1-core2#sh run inter vlan 120

Building configuration...

Current configuration : 451 bytes

!

interface Vlan120

description ** Printers **

ip address 149.212.19.243 255.255.255.240 secondary

ip address 149.212.19.163 255.255.255.224

ip helper-address 149.212.3.228

no ip redirects

no ip unreachables

no ip proxy-arp

glbp 1 ip 149.212.19.161

glbp 1 ip 149.212.19.241 secondary

glbp 1 timers msec 250 msec 750

glbp 1 priority 150

glbp 1 preempt delay minimum 180

glbp 1 authentication md5 key-string 7 113A0E353043093C253F3F2C

end

s-aala0-1-1-core# sh run inter vlan 120

Building configuration...

Current configuration : 451 bytes

!

interface Vlan120

description ** Printers **

ip address 149.212.19.242 255.255.255.240 secondary

ip address 149.212.19.162 255.255.255.224

ip helper-address 149.212.3.228

no ip redirects

no ip unreachables

no ip proxy-arp

glbp 1 ip 149.212.19.161

glbp 1 ip 149.212.19.241 secondary

glbp 1 timers msec 250 msec 750

glbp 1 priority 150

glbp 1 preempt delay minimum 180

glbp 1 authentication md5 key-string 7 113A0E353043093C253F3F2C

end

Sep 15 13:09:47.308 CEST: %GLBP-4-BADAUTH: Bad authentication received from 149.212.19.162, group 1

Sep 15 13:57:09.645 CEST: %GLBP-4-BADAUTH: Bad authentication received from 149.212.19.162, group 1

Sep 15 13:59:07.582 CEST: %GLBP-4-BADAUTH: Bad authentication received from 149.212.19.162, group 1

Sep 15 14:01:16.851 CEST: %GLBP-4-BADAUTH: Bad authentication received from 149.212.19.162, group 1

Sep 15 14:02:01.264 CEST: %GLBP-4-BADAUTH: Bad authentication received from 149.212.19.162, group 1

Sep 15 14:02:33.592 CEST: %GLBP-4-BADAUTH: Bad authentication received from 149.212.19.162, group 1

Sep 15 14:03:08.872 CEST: %GLBP-4-BADAUTH: Bad authentication received from 149.212.19.162, group 1

Sep 15 14:04:32.712 CEST: %GLBP-4-BADAUTH: Bad authentication received from 149.212.19.162, group 1

The switches is running IOS Version 12.2(46)SG (Enterprice)

Regards

Mikkel

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Lucien Avramov Wed, 09/16/2009 - 00:05

%GLBP-4-BADAUTH : Bad authentication received from [IP_address], group [dec]

Explanation Two routers participating in a Gateway Load Balancing Protocol group disagree on the valid authentication string.

Recommended Action Use the glbp authentication interface command to repair the GLBP authentication discrepancy between the local system and the one whose IP address is reported.

Siemens_SWP Wed, 09/16/2009 - 00:11

Hi

Thanks for the reply.

I know. The problem is that I have tryed that many times. But it don't seems to help. Could there be any other reason for this problem?

It is not only on VL120 there is a problem, but on every VL on the two switches.

Best regards

Mikkel

Joseph W. Doherty Wed, 09/16/2009 - 03:50

You didn't note whether GLBP status seems to be correct for this group.

You might first try re-entering GLBP key-string, as clear text, on both 4500s.

e.g.

glbp 1 authentication md5 key-string SwPG1bPAuthH

You might confirm that this VLAN isn't seeing a GLBP hello from any other VLAN. I.e., confirm there isn't any possible leakage between VLANs.

Siemens_SWP Wed, 09/16/2009 - 03:54

Hi

Oki I will try that, and tell you later if it works.

Just one question:

What do you mean: You might confirm that this VLAN isn't seeing a GLBP hello from any other VLAN. I.e., confirm there isn't any possible leakage between VLANs.

And how will I do that?

Thanks

Joseph W. Doherty Wed, 09/16/2009 - 04:06

"What do you mean: You might confirm that this VLAN isn't seeing a GLBP hello from any other VLAN. I.e., confirm there isn't any possible leakage between VLANs. "

I mean you should verify your topology to insure that VLANs and subnets don't (unexpectedly) share the same wire. Unlikely, but I see you're using secondary addressing which is unusual when you have VLAN support. (I.e. normally would expect your two subnets to be in their own VLANs.)

"And how will I do that? "

Perhaps activate debug for GLBP and see what GLBP packets you're receiving. Confirm they're from the neighbor you expect.

Actions

This Discussion