Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1141
Views
0
Helpful
4
Replies

No HSRP Version 2 authentication after XR 4.3.0??

Go to solution
arriejones
Level 1
Level 1

‎02-02-2016 07:35 AM

Hi all.  I see there is no more authentication option for HSRP after the 4.3.0 release.  This is a feature we require and I'm wondering why Cisco did this and if they had another solution that I don't know about.

Thanks!!

Arrie

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
smilstea
Cisco Employee
Cisco Employee
In response to arriejones

‎02-03-2016 05:10 AM

Yes for HSRPv2 authentication was removed. There are several problems with the security of HSRPv2 which led to its removal.Section 9 of RFC5798 gives a good overview of the security issues for VRRP (similar applies to HSRP) https://tools.ietf.org/html/rfc5798#section-9 Sam

View solution in original post

0 Helpful
4 Replies 4

Go to solution
smilstea
Cisco Employee
Cisco Employee

‎02-02-2016 08:11 AM

Hi Arrie,

The syntax changed in 4.2.0 to 'authentication'.

http://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/addr_serv/command/reference/b-ipaddr-cr-asr9k/b-ipaddr-cr-asr9k_chapter_0110.html#wp1918271281

Thanks,

Sam

0 Helpful

Go to solution
arriejones
Level 1
Level 1
In response to smilstea

‎02-02-2016 08:54 AM

See the note in this confg guide for ASR9K 5.3.2.  It says it’s not supported.  Wondering why and if there is another method of authentication I should be looking at.  Pretty new to XR.

 

http://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k_r5-3/addr-serv/configuration/guide/b-ipaddr-cg53asr9k/b-ipaddr-cg53asr9k_chapter_0111.html#p

 

HSRP version 2 authentication is not supported from release 4.3.x onwards.

 

0 Helpful

Go to solution
smilstea
Cisco Employee
Cisco Employee
In response to arriejones

‎02-03-2016 05:10 AM

Yes for HSRPv2 authentication was removed. There are several problems with the security of HSRPv2 which led to its removal.Section 9 of RFC5798 gives a good overview of the security issues for VRRP (similar applies to HSRP) https://tools.ietf.org/html/rfc5798#section-9 Sam

0 Helpful

Go to solution
arriejones
Level 1
Level 1
In response to smilstea

‎02-03-2016 06:03 AM

Thank you Sam!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents