Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4013
Views
4
Helpful
8
Replies

BGP Authentication failure

deepak26deshpande
Level 1
Level 1

‎02-22-2006 02:35 AM - edited ‎03-03-2019 11:49 AM

Hi

I have a problem with BGP authentication with Back to Back Link.

I am getting Feb 21 17:54:27: %TCP-6-BADAUTH: Invalid MD5 digest from 172.28.14.126(57800) to 172.28.14.125(179)

I am sure that both routers has exactly same password as I have removed the service password encryption to check the password. But still getting the bad authentication..

IOS version is 11T7

Has anybody seen this problem? Any suggestions?

Labels:
0 Helpful
8 Replies 8

ikizoo4
Level 1
Level 1

‎02-22-2006 02:41 AM

hi

did you check the clock of both side, must be using same clock system. use show clock.

deepak26deshpande
Level 1
Level 1
In response to ikizoo4

‎02-22-2006 02:49 AM

yes.. We have configured following command on both routers.

clock summer-time utc recurring

There is same NTP server for both Routers.. When We Cleared the BGP again we had the same MD5 problem

0 Helpful

ikizoo4
Level 1
Level 1
In response to deepak26deshpande

‎02-22-2006 03:20 AM

hi

I have no idea exactly whats problem with that. why don't you try number as password like "1234". dont' forget to reset the BGP session.

0 Helpful

jarathbu
Level 1
Level 1

‎02-22-2006 03:25 AM

Hello,

Have you tried removing and re-adding the password to ensure there isn't an white character like a space at the end of one of the passwords? Are both routers running the same version of IOS?

Regards,

James

0 Helpful

jarathbu
Level 1
Level 1
In response to jarathbu

‎02-22-2006 03:29 AM

Hello,

Also verify that the MTU settings for the TCP connections are the same between both routers.

Regards,

James

0 Helpful

dwyerr
Level 1
Level 1

‎02-22-2006 04:54 AM

Hello,

First time I have ever heard that BGP peers need to be running same clock to authenticate ..... I could be wrong though.

I have had this message lead me astray in the past. I have seen the router complain about authentication when really the issue was with the TCP connection or source interface. If you are sure the passwords are the same then check other settings. Perhaps remove the password on both ends and see if the peer comes up. Once you have the peer up add authentication to it.

HTH

-Rob

0 Helpful

deepak26deshpande
Level 1
Level 1
In response to dwyerr

‎02-22-2006 07:25 AM

Hi

MTU is default 1500..

No spaces at the end..That why we removed the service password encryption..

We removed the password and configure the exact password in clear text and still we were seeing the bad auth.

This was really confusing..

Will the following lines could create any problem?

service tcp-keepalives-in

service tcp-keepalives-out

0 Helpful

pkhatri
Level 11
Level 11
In response to deepak26deshpande

‎02-22-2006 01:22 PM

Hi

Are you using the same IOS version at both ends ? I'm just wondering whether one router is using the old method of BGP authentication (which used BGP option 1 and carried authentication information in the Marker field) and the other is using the new way of doing authentication (using TCP MD5)

Paresh

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card