02-02-2016 07:35 AM
Hi all. I see there is no more authentication option for HSRP after the 4.3.0 release. This is a feature we require and I'm wondering why Cisco did this and if they had another solution that I don't know about.
Thanks!!
Arrie
Solved! Go to Solution.
02-03-2016 05:10 AM
Yes for HSRPv2 authentication was removed. There are several problems with the security of HSRPv2 which led to its removal.Section 9 of RFC5798 gives a good overview of the security issues for VRRP (similar applies to HSRP) https://tools.ietf.org/html/rfc5798#section-9 Sam
02-02-2016 08:11 AM
Hi Arrie,
The syntax changed in 4.2.0 to 'authentication'.
http://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/addr_serv/command/reference/b-ipaddr-cr-asr9k/b-ipaddr-cr-asr9k_chapter_0110.html#wp1918271281
Thanks,
Sam
02-02-2016 08:54 AM
See the note in this confg guide for ASR9K 5.3.2. It says it’s not supported. Wondering why and if there is another method of authentication I should be looking at. Pretty new to XR.
HSRP version 2 authentication is not supported from release 4.3.x onwards.
02-03-2016 05:10 AM
Yes for HSRPv2 authentication was removed. There are several problems with the security of HSRPv2 which led to its removal.Section 9 of RFC5798 gives a good overview of the security issues for VRRP (similar applies to HSRP) https://tools.ietf.org/html/rfc5798#section-9 Sam
02-03-2016 06:03 AM
Thank you Sam!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: