Tales from the Trenches: Why an HSRP Priority Value of 255 is NOT a Legitimate Way to Secure HSRP

Yes, it was bound to happen sooner or later. There I was in my spacious cubicle reading about MPLS L3 VPNs when all of a sudden a member of the “Security Team” appeared. “None of your HSRP configurations are secure and we need you to change the HSRP priority to 255 on all ‘active’ nodes”, they said while wildly gesticulating with the latest security scan results in hand. In this tutorial we go over the fallacy of the ‘highest priority value’ (read: 255) in HSRP being a legitimate solution to secure your HSRP environment and we discuss the proper way to truly protect yourself from a rogue node inserting itself into your HSRP group: HSRP MD5 Authentication. BOOM!