We are trying to get BGP to our providers Cisco's working with tcp-md5-key and are failing. We can only get the connection with authentication disabled. Is there something that we are not doing right? Are we supposed to convert the ascii key through a md5 hash before putting it in the key field? So far all the examples we have seen have had the key disabled or null. Does someone have this working?
thanks!
Re: tcp-md5-key to cisco
Works fine for me using just the same ASCII key on both routers.
Cisco 2851 running 12.4(25c):
Just to save you the work, "010703174F" is level 7 encryption for "test", the command was entered as "neighbor 2.2.2.41 password 0 test".
x86 box running 5.2:
They're just peachy establishing adjacency and you can see the route it learned.
Only changes made are find/replace on the first three octets as the only quick lab routers I had available were public IPs.
Cisco 2851 running 12.4(25c):
Code:Select all
spoke#sh ip bgp summ BGP router identifier 2.2.2.162, local AS number 65531 BGP table version is 3, main routing table version 3 1 network entries using 117 bytes of memory 1 path entries using 52 bytes of memory 2/1 BGP path/bestpath attribute entries using 248 bytes of memory 0 BGP route-map cache entries using 0 bytes of memory 0 BGP filter-list cache entries using 0 bytes of memory BGP using 417 total bytes of memory BGP activity 1/0 prefixes, 1/0 paths, scan interval 60 secs Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 2.2.2.41 4 65530 3 4 3 0 0 00:00:47 0 spoke#show run | s router bgp router bgp 65531 no synchronization bgp log-neighbor-changes neighbor 2.2.2.41 remote-as 65530 neighbor 2.2.2.41 password 7 010703174F neighbor 2.2.2.41 ebgp-multihop 2 no auto-summary spoke# spoke#sh ip bgp nei 2.2.2.41 advertised-routes BGP table version is 3, local router ID is 2.2.2.162 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 1.1.1.0/24 0.0.0.0 0 32768 i Total number of prefixes 1 spoke#x86 box running 5.2:
Code:Select all
[admin@x86-lab-1] /routing bgp> exp # may/25/2011 15:41:20 by RouterOS 5.2 # software id = WTPH-Z5E2 # /routing bgp instance set default as=65530 client-to-client-reflection=yes disabled=no ignore-as-path-len=no name=default out-filter="" redistribute-connected=no redistribute-ospf=no redistribute-other-bgp=no redistribute-rip=no redistribute-static=no router-id=0.0.0.0 routing-table="" /routing bgp peer add address-families=ip as-override=no default-originate=never disabled=no hold-time=3m in-filter="" instance=default multihop=yes name=peer1 nexthop-choice=default out-filter="" passive=no remote-address=2.2.2.162 remote-as=65531 remove-private-as=no route-reflect=no tcp-md5-key=test ttl=2 use-bfd=no [admin@x86-vrrp-1] /routing bgp> [admin@x86-vrrp-1] /routing bgp> /ip route print where bgp Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit # DST-ADDRESS PREF-SRC GATEWAY DISTANCE 1 ADb 1.1.1.0/24 2.2.2.162 20 [admin@x86-lab-1] /routing bgp>Only changes made are find/replace on the first three octets as the only quick lab routers I had available were public IPs.
Re: tcp-md5-key to cisco
If your password has special characters then try removing any back or forward slashes or exclamation points. I have a password containing the following symbols and it works fine between ROS 4.11 and IOS 12.0S.
#}(>&:,;(special characters from my password)
#}(>&:,;(special characters from my password)
Who is online
Users browsing this forum: No registered users and 4 guests