Re: HSRP standby-3-badauth msg in log

colpal · ‎11-19-2004

I am repeatedly getting a bad authentication message on a router "bad authentication from 199.1.21.3 remote state init". What could be the cause? Cure?

Here is the port config for the two routers. The message is logged on the first router whose config is listed.

=====================

this is a 7200

interface FastEthernet1/0

description back door ethernet backbone

ip address 199.1.26.6 255.255.255.0 secondary

ip address 199.1.21.6 255.255.255.0

no ip redirects

no keepalive

full-duplex

no mop enabled

standby 2 priority 105

standby 2 preempt

standby 2 ip 199.1.21.1

standby 2 track Hssi2/0

================

this is a 7500

interface FastEthernet5/0/0

description F5/0/0 BK door 199.1.21.X

ip address 199.1.26.1 255.255.255.0 secondary

ip address 199.1.21.3 255.255.255.0

no ip redirects

full-duplex

standby 2 ip 199.1.21.1

standby 2 preempt delay minimum 10

Prashanth Krishnappa · ‎11-19-2004

What IOS are you running? I think you are running into the following cosmetic bug

http://www.cisco.com/cgi-bin/bugtool/onebug.pl?bugid=CSCeb37175

colpal · ‎11-19-2004

Thanks for the reply, in fact all of the replies.

The 7200 is running IOS (tm) 7200 Software (C7200-DS-M), Version 11.2(17)P, while the 7500 is running IOS (tm) RSP Software (RSP-DSV-M), Version 12.2(19a), RELEASE SOFTWARE (fc2)

smif101 · ‎11-19-2004

What is the exact error message that you are receiving on the device? Everything looks fine with your config as far as hsrp is concerned. Can you post your total config up here.

colpal · ‎11-19-2004

Here is the entire msg, copied from the log.

".Nov 19 12:35:23 EST: %STANDBY-3-BADAUTH: Bad authentication from 199.1.21.3, remote state Init"

Thanks for the reply it sounds like a false alarm, though I do have to look into upgrading the OS on the one router.

Harold Ritter · ‎11-19-2004

I think you might be running into CSCeb37175.

CSCeb37175: STANDBY-3-BADAUTH: Bad authentication, remote state Init.

Here are the release notes for this DDTS:

Release notes:

A new HSRP advertisement message introduced in 12.1(3)T in order to

support ICMP redirects may cause a STANDBY-3-BADAUTH message in

routers running older versions of IOS:

"%STANDBY-3-BADAUTH: Bad authentication from x.x.x.x, remote state Init"

This is cosmetic issue and has no affect to HSRP operation.

Workaround is to not have an HSRP group 2 on the router with the older

IOS image.

Hope this helps,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

colpal · ‎11-19-2004

Thanks for the reply.

Kevin Dorrell · ‎11-19-2004

The thing that worries me most about the configuration is the no keepalive on the 7200. The interface will never be detected down.

Don't know whether that would explain the symptoms though.

Kevin Dorrell

Luxembourg

colpal · ‎11-19-2004

I wondered about that as well. We use one 7500 and three 7200 for HSRP. When you do a sh int there is a 10 second keepalive set on all interfaces. Must be a defualt. In contrast, sh int does not show any keepalive on any of a 7200's serial interfaces.

glen.grant · ‎11-19-2004

You might try putting in a specific standby authentication string in . "standby 2 authentication XXXXXX ,where XXXXX is the password . Make sure it is exactly the same on both ends .