05-13-2012 08:00 PM - edited 03-07-2019 06:40 AM
Hi everybody
I configured HSRP on R1( 199.199.199.1) with md5 authentication as shown below:
interface FastEthernet0/0
ip address 199.199.199.1 255.255.255.0
duplex auto
speed auto
standby 1 ip 199.199.199.10
standby 1 authentication md5 key-string 7 14141B180F0B
R1#show version
Cisco IOS Software, 2600 Software (C2691-ADVIPSERVICESK9-M), Version 12.4(15)T6, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2008 by Cisco Systems, Inc.
Compiled Mon 07-Jul-08 04:30 by prod_rel_team
=============================================================
When I captured the hello packet sent by R1, I don't see md5 hashed value .
Below is one of the packet:
No. Time Source Destination Protocol Length Info
172 189.484000 199.199.199.1 224.0.0.2 HSRP 92 Hello (state Standby)
Frame 172: 92 bytes on wire (736 bits), 92 bytes captured (736 bits)
Ethernet II, Src: c0:00:03:d8:00:00 (c0:00:03:d8:00:00), Dst: IPv4mcast_00:00:02 (01:00:5e:00:00:02)
Internet Protocol Version 4, Src: 199.199.199.1 (199.199.199.1), Dst: 224.0.0.2 (224.0.0.2)
User Datagram Protocol, Src Port: hsrp (1985), Dst Port: hsrp (1985)
Source port: hsrp (1985)
Destination port: hsrp (1985)
Length: 58
Checksum: 0x9c4c [validation disabled]
Cisco Hot Standby Router Protocol
Version: 0
Op Code: Hello (0)
State: Standby (8)
Hellotime: Default (3)
Holdtime: Default (10)
Priority: 100
Group: 1
Reserved: 0
Authentication Data: Non-Default ()
Virtual IP Address: 199.199.199.10 (199.199.199.10)
My book says HSRP md5 authentication was introduced into some cat switches platform with cisco ios 12.2(25)S. At press time, this feature was available only on the cat 3560 and 3750
My question is since the option for md5 authentication is available in the ios i am using, therefore ios must support it. However, as can be seen in above packet capture, I don't see any hashed md5 value.
I will appreciate any help
Thanks and have a great week.
Solved! Go to Solution.
05-14-2012 01:21 AM
Hello Sarah,
you should look at the packet in hexadecimal format and not in text format.
notice that it says :
Authentication Data: Non-Default ()
the default authentication is null, so this packet should contain the MD5 hash.
However, the MD5 hash should be at the end of the packet as it is a sort of strong checksum of the packet content.
Also MD5 is 128 bit in length and HSRP authentication data is only 8 bytes long ( = 64 bit).
see
http://www.networksorcery.com/enp/protocol/hsrp.htm
So the MD5 hash should be at the end of the packet in last 16 bytes.
Authentication Data field should only provide information about the type of authentication not the MD5 hash itself.
notice also the size of the packet that is 92 bytes. I would expect size of HSRP packet to increase if MD5 authentication is enabled.
Hope to help
Giuseppe
05-14-2012 01:21 AM
Hello Sarah,
you should look at the packet in hexadecimal format and not in text format.
notice that it says :
Authentication Data: Non-Default ()
the default authentication is null, so this packet should contain the MD5 hash.
However, the MD5 hash should be at the end of the packet as it is a sort of strong checksum of the packet content.
Also MD5 is 128 bit in length and HSRP authentication data is only 8 bytes long ( = 64 bit).
see
http://www.networksorcery.com/enp/protocol/hsrp.htm
So the MD5 hash should be at the end of the packet in last 16 bytes.
Authentication Data field should only provide information about the type of authentication not the MD5 hash itself.
notice also the size of the packet that is 92 bytes. I would expect size of HSRP packet to increase if MD5 authentication is enabled.
Hope to help
Giuseppe
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide