We are trying to get BGP to our providers Cisco's working with tcp-md5-key and are failing. We can only get the connection with authentication disabled. Is there something that we are not doing right? Are we supposed to convert the ascii key through a md5 hash before putting it in the key field? So far all the examples we have seen have had the key disabled or null. Does someone have this working?
thanks!
Re: tcp-md5-key to cisco
Works fine for me using just the same ASCII key on both routers.
Cisco 2851 running 12.4(25c):
Just to save you the work, "010703174F" is level 7 encryption for "test", the command was entered as "neighbor 2.2.2.41 password 0 test".
x86 box running 5.2:
They're just peachy establishing adjacency and you can see the route it learned.
Only changes made are find/replace on the first three octets as the only quick lab routers I had available were public IPs.
Cisco 2851 running 12.4(25c):
Code: Select all
spoke#sh ip bgp summ
BGP router identifier 2.2.2.162, local AS number 65531
BGP table version is 3, main routing table version 3
1 network entries using 117 bytes of memory
1 path entries using 52 bytes of memory
2/1 BGP path/bestpath attribute entries using 248 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 417 total bytes of memory
BGP activity 1/0 prefixes, 1/0 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
2.2.2.41 4 65530 3 4 3 0 0 00:00:47 0
spoke#show run | s router bgp
router bgp 65531
no synchronization
bgp log-neighbor-changes
neighbor 2.2.2.41 remote-as 65530
neighbor 2.2.2.41 password 7 010703174F
neighbor 2.2.2.41 ebgp-multihop 2
no auto-summary
spoke#
spoke#sh ip bgp nei 2.2.2.41 advertised-routes
BGP table version is 3, local router ID is 2.2.2.162
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.0/24 0.0.0.0 0 32768 i
Total number of prefixes 1
spoke#
x86 box running 5.2:
Code: Select all
[admin@x86-lab-1] /routing bgp> exp
# may/25/2011 15:41:20 by RouterOS 5.2
# software id = WTPH-Z5E2
#
/routing bgp instance
set default as=65530 client-to-client-reflection=yes disabled=no ignore-as-path-len=no name=default out-filter="" redistribute-connected=no redistribute-ospf=no redistribute-other-bgp=no redistribute-rip=no redistribute-static=no router-id=0.0.0.0 routing-table=""
/routing bgp peer
add address-families=ip as-override=no default-originate=never disabled=no hold-time=3m in-filter="" instance=default multihop=yes name=peer1 nexthop-choice=default out-filter="" passive=no remote-address=2.2.2.162 remote-as=65531 remove-private-as=no route-reflect=no tcp-md5-key=test ttl=2 use-bfd=no
[admin@x86-vrrp-1] /routing bgp>
[admin@x86-vrrp-1] /routing bgp> /ip route print where bgp
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
1 ADb 1.1.1.0/24 2.2.2.162 20
[admin@x86-lab-1] /routing bgp>Only changes made are find/replace on the first three octets as the only quick lab routers I had available were public IPs.
Re: tcp-md5-key to cisco
If your password has special characters then try removing any back or forward slashes or exclamation points. I have a password containing the following symbols and it works fine between ROS 4.11 and IOS 12.0S.
#}(>&:,; (special characters from my password)
#}(>&:,; (special characters from my password)
Who is online
Users browsing this forum: No registered users and 20 guests