On 5/25/10 8:28 AM, Peter Rathlev wrote: > 002660: May 21 09:16:50.426 CEST: %HSRP-4-BADAUTH: Bad authentication > from 10.100.0.134, group 22, remote state Standby > > It turns out this (10.100.0.134) is the IP address of the MacBook. > Capturing the traffic, we can see that it is exactly the HSRP hellos, > but just with the IP address replaced, a la NAT. > > Without HSRP authentication (we tried that too!) it actually "steals" > the primary role, i.e. when it "reflects" the primary router's hello the > two real routers assume a "Standby" role. > > It doesn't cause broadcast loops or anything, so it seems to only > forward/bridge unicast packets. > > Apart from telling people not to connect their wonderful Apple devices > in this way, what can we do? :-)
Make sure that you use HSRP authentication everywhere. Have the Apple customers open bug reports with Apple, and suggest that they mention "Cisco HSRP protocol conflict" in their reports. Be prepared to wait a while for Apple to realize the issue, do regression testing, and roll it out in their next updates. -- Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/