Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

BGP Authentication failure

Hi

I have a problem with BGP authentication with Back to Back Link.

I am getting Feb 21 17:54:27: %TCP-6-BADAUTH: Invalid MD5 digest from 172.28.14.126(57800) to 172.28.14.125(179)

I am sure that both routers has exactly same password as I have removed the service password encryption to check the password. But still getting the bad authentication..

IOS version is 11T7

Has anybody seen this problem? Any suggestions?

8 REPLIES
New Member

Re: BGP Authentication failure

hi

did you check the clock of both side, must be using same clock system. use show clock.

New Member

Re: BGP Authentication failure

yes.. We have configured following command on both routers.

clock summer-time utc recurring

There is same NTP server for both Routers.. When We Cleared the BGP again we had the same MD5 problem

New Member

Re: BGP Authentication failure

hi

I have no idea exactly whats problem with that. why don't you try number as password like "1234". dont' forget to reset the BGP session.

New Member

Re: BGP Authentication failure

Hello,

Have you tried removing and re-adding the password to ensure there isn't an white character like a space at the end of one of the passwords? Are both routers running the same version of IOS?

Regards,

James

New Member

Re: BGP Authentication failure

Hello,

Also verify that the MTU settings for the TCP connections are the same between both routers.

Regards,

James

New Member

Re: BGP Authentication failure

Hello,

First time I have ever heard that BGP peers need to be running same clock to authenticate ..... I could be wrong though.

I have had this message lead me astray in the past. I have seen the router complain about authentication when really the issue was with the TCP connection or source interface. If you are sure the passwords are the same then check other settings. Perhaps remove the password on both ends and see if the peer comes up. Once you have the peer up add authentication to it.

HTH

-Rob

New Member

Re: BGP Authentication failure

Hi

MTU is default 1500..

No spaces at the end..That why we removed the service password encryption..

We removed the password and configure the exact password in clear text and still we were seeing the bad auth.

This was really confusing..

Will the following lines could create any problem?

service tcp-keepalives-in

service tcp-keepalives-out

Purple

Re: BGP Authentication failure

Hi

Are you using the same IOS version at both ends ? I'm just wondering whether one router is using the old method of BGP authentication (which used BGP option 1 and carried authentication information in the Marker field) and the other is using the new way of doing authentication (using TCP MD5)

Paresh

1804
Views
4
Helpful
8
Replies