A network administrator has configured HSRP between RouterA and RouterB for VLAN 10. End hosts using the virtual IP 192.168.1.1 as their default gateway experience intermittent connectivity losses, and pings to 192.168.1.1 often fail. The output of 'show standby brief' on both routers shows the state as Active. What is the most likely cause?
Mismatched authentication (e.g., MD5 vs. text) causes each router to disregard the other's HSRP hellos. Each then assumes no peers exist and becomes Active, leading to both routers claiming the virtual IP and MAC, which results in ARP table flapping and intermittent connectivity.
Why this answer
When both routers show the HSRP state as Active, a 'dual-active' scenario exists, which causes intermittent connectivity because both routers forward traffic for the virtual IP. Mismatched HSRP authentication methods (e.g., one router using plain-text authentication and the other using MD5) prevent the routers from exchanging proper Hello messages, so they fail to negotiate a single Active router. This is the most likely cause because authentication mismatches break the HSRP adjacency, leading to both routers assuming the Active role.
Exam trap
Cisco often tests the concept that HSRP authentication mismatches cause a dual-active failure, while candidates may incorrectly assume that equal priorities or group number 0 are the root cause.
Why the other options are wrong
A missing virtual IP on one router does not cause both to be Active; the router without the virtual IP cannot claim the Active role for that address.
A group number mismatch does not cause both routers to appear as Active for the same virtual IP; they would be in separate groups.
Equal priority does not lead to multiple Active routers; HSRP uses the interface IP address as a tiebreaker to elect a single Active router.