Increasing HSRP Security
Problem
You want to increase the Security of HSRP between two (or more) routers.
Solution
You can configure HSRP to use password authentication with the following commands:
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z. Router1(config)#interface
Router1(config-if)#
FastEthernet 0/1
standby 1 ip
Router1(config-if)#
172.22.1.1
standby 1 priority
Router1(config-if)#
120
standby 1 authentication
Router1(config-if)#
OREILLY
exit
Router1(config)#end
Router1#
You must configure the same authentication password on all routers within the same HSRP group or the conflicts will prevent HSRP from working:
Router2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z. Router2(config)#interface
Router2(config-if)#
FastEthernet 1/0
standby 1 ip
Router2(config-if)#
172.22.1.1
standby 1 priority
Router2(config-if)#
110
standby 1 authentication
Router2(config-if)#
OREILLY
exit
Router2(config)#end
Router2#
Beginning with IOS Version 12.3(2)T, Cisco introduced support for MD5-encrypted passwords. To configure strong MD5-encrypted passwords, use the following commands:
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z. Router1(config)#interface
Router1(config-if)#
FastEthernet0/1
standby
1
ip
Router1(config-if)#
10.1.1.1
standby
1
priority
Router1(config-if)#
200
standby
1
authentication md5 key-string
Router1(config-if)#
OREILLY
end
Router1#
You must also configure the same password and encryption ...
Get Cisco IOS Cookbook, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.