nanog mailing list archives
Re: Juniper fails to change keys (More MD5 fun: Cisco uses wrongMD5key for old session after key change)
From: "Wayne E. Bouchard" <web () typo org>
Date: Sun, 25 Apr 2004 11:03:05 -0700
Aha! An answer to what I saw when configuring a client's box! In my case, the messages stopped after about 10 minutes and everything settled down but it was qute confusing.. On Sun, Apr 25, 2004 at 11:52:45AM -0600, James Edwards wrote:
On Sun, 2004-04-25 at 04:46, sthaug () nethelp no wrote:It certainly doesn't work between Cisco and Juniper, because the Juniper always resets the session when you configure a new MD5 key.Ah, that explains way I flapped sessions that were juniper/cisco and not ones that were cisco/cisco when setting the key. It looked like this in the logs, this is on a session that did not have a key, previous. Ouch !: Apr 22 14:45:51.105 MDT: %TCP-6-BADAUTH: No MD5 digest from xxx.xxx.xxx.205(1156) to xxx.xxx.xxx.206(179) Apr 22 14:45:51.145 MDT: %TCP-6-BADAUTH: No MD5 digest from xxx.xxx.xxx.205(1156) to xxx.xxx.xxx.206(179) Apr 22 14:45:52.105 MDT: %TCP-6-BADAUTH: No MD5 digest from xxx.xxx.xxx.205(1156) to xxx.xxx.xxx.206(179) Apr 22 14:45:52.917 MDT: %SYS-5-CONFIG_I: Configured from console by vty0 (xxx.xxx.5.205) Apr 22 14:45:54.105 MDT: %TCP-6-BADAUTH: No MD5 digest from xxx.xxx.xxx.205(1156) to xxx.xxx.xxx.206(179) Apr 22 14:45:58.113 MDT: %TCP-6-BADAUTH: No MD5 digest from xxx.xxx.xxx.205(1156) to xxx.xxx.xxx.206(179) Apr 22 14:46:06.105 MDT: %TCP-6-BADAUTH: No MD5 digest from xxx.xxx.xxx.205(1156) to xxx.xxx.xxx.206(179) Apr 22 14:46:22.106 MDT: %TCP-6-BADAUTH: No MD5 digest from xxx.xxx.xxx.205(1156) to xxx.xxx.xxx.206(179) Apr 22 14:46:54.106 MDT: %TCP-6-BADAUTH: No MD5 digest from xxx.xxx.xxx.205(1156) to xxx.xxx.xxx.206(179) Apr 22 14:47:20.295 MDT: %BGP-5-ADJCHANGE: neighbor xxx.xxx.xxx.205 Down BGP Notification sent Apr 22 14:47:20.295 MDT: %BGP-3-NOTIFICATION: sent to neighbor xxx.xxx.xxx.205 4/0 (hold time expired) 0 bytes Apr 22 14:47:39.083 MDT: %BGP-5-ADJCHANGE: neighbor xxx.xxx.xxx.205 Up Apr 22 14:47:58.183 MDT: %TCP-6-BADAUTH: No MD5 digest from xxx.xxx.xxx.205(1156) to xxx.xxx.xxx.206(179) Apr 22 14:49:02.121 MDT: %TCP-6-BADAUTH: No MD5 digest from xxx.xxx.xxx.205(1156) to xxx.xxx.xxx.206(179) Apr 22 14:50:06.113 MDT: %TCP-6-BADAUTH: No MD5 digest from xxx.xxx.xxx.205(1156) to xxx.xxx.xxx.206(179) Apr 22 14:51:10.117 MDT: %TCP-6-BADAUTH: No MD5 digest from xxx.xxx.xxx.205(1156) to xxx.xxx.xxx.206(179) Apr 22 14:52:14.135 MDT: %TCP-6-BADAUTH: No MD5 digest from xxx.xxx.xxx.205(1156) to xxx.xxx.xxx.206(179) Apr 22 14:53:18.125 MDT: %TCP-6-BADAUTH: No MD5 digest from xxx.xxx.xxx.205(1156) to xxx.xxx.xxx.206(179) I am assuming the log entries about BADAUTH after the session came up were the effect of log buffering ?
--- Wayne Bouchard web () typo org Network Dude http://www.typo.org/~web/
Current thread:
- Re: Juniper failes to change keys (More MD5 fun: Cisco uses wrongMD5key for old session after key change) sthaug (Apr 25)
- Re: Juniper fails to change keys (More MD5 fun: Cisco uses wrongMD5key for old session after key change) James Edwards (Apr 25)
- Re: Juniper fails to change keys (More MD5 fun: Cisco uses wrongMD5key for old session after key change) Wayne E. Bouchard (Apr 25)
- Re: Juniper fails to change keys (More MD5 fun: Cisco uses wrongMD5key for old session after key change) James Edwards (Apr 25)