A Commands


This chapter describes the Cisco NX-OS Hot Standby Router Protocol (HSRP) commands that begin with A.

authentication (HSRP)

To configure authentication for the Hot Standby Router Protocol (HSRP), use the authentication command. To disable authentication, use the no form of this command.

authentication {string | md5 {key-chain key-chain | key-string {0 | 7} text [timeout seconds]} | text string}

no authentication {string | md5 {key-chain key-chain | key-string {0 | 7} text [timeout seconds]} | text string}

Syntax Description

md5

Specifies the Message Digest 5 (MD5) authentication.

key-chain key-chain

Identifies a group of authentication keys.

key-string

Specifies the secret key for MD5 authentication.

0

Specifies a clear text string.

7

Specifies an encrypted string.

text

Secret key for MD5 authentication. The range is from 1 to 255 characters. We recommend that you use at least 16 characters.

timeout seconds

(Optional) Specifies the authentication timeout value. The range is from 0 to 32767.

text string

Specifies an authentication string. The range is from 1 to 255 characters. The default string is "cisco".


Command Default

Disabled

Command Modes

HSRP configuration or HSRP template mode

Command History

Release
Modification

5.0(3)N1(1)

This command was introduced.


Usage Guidelines

Use the authentication text command to prevent misconfigured routers from participating in HSRP groups that they are not intended to participate in. The authentication string is sent unencrypted in all HSRP messages. The same authentication string must be configured on all routers in the same group to ensure interoperation. HSRP protocol packets that do not authenticate are ignored.


Caution If you configure two routers with identical HSRP IP addresses but with different authentication strings, then neither router is aware of the duplication.

Examples

This example shows how to configure an authentication string for HSRP group 2:

switch# configure terminal
switch(config)# interface ethernet 0/1
switch(config-if)# no switchport
switch(config-if)# ip address 10.0.0.1 255.255.255.0
switch(config-if)# hsrp 2
switch(config-if-hsrp)# priority 110
switch(config-if-hsrp)# preempt
switch(config-if-hsrp)# authentication text sanjose
switch(config-if-hsrp)# ip 10.0.0.3
switch(config-if-hsrp)# end
switch(config-if-hsrp)#

Related Commands

Command
Description

feature hsrp

Enables HSRP and enters HSRP configuration mode.

hsrp group

Creates an HSRP group.