[70016] in North American Network Operators' Group
Re: Juniper fails to change keys (More MD5 fun: Cisco uses
daemon@ATHENA.MIT.EDU (James Edwards)
Sun Apr 25 13:53:21 2004
From: James Edwards <hackerwacker@cybermesa.com>
Reply-To: hackerwacker@cybermesa.com
To: nanog@merit.edu
In-Reply-To: <88910.1082889968@bizet.nethelp.no>
Date: Sun, 25 Apr 2004 11:52:45 -0600
Errors-To: owner-nanog-outgoing@merit.edu
--=-1UuVSwMJ3ReGxJbaftBJ
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
On Sun, 2004-04-25 at 04:46, sthaug@nethelp.no wrote:
> It certainly doesn't work between Cisco and Juniper, because the Juniper
> always resets the session when you configure a new MD5 key.
Ah, that explains way I flapped sessions that were juniper/cisco=20
and not ones that were cisco/cisco when setting the key. It looked
like this in the logs, this is on a session that did not have
a key, previous. Ouch !:
Apr 22 14:45:51.105 MDT: %TCP-6-BADAUTH: No MD5 digest from xxx.xxx.xxx.205=
(1156) to xxx.xxx.xxx.206(179)
Apr 22 14:45:51.145 MDT: %TCP-6-BADAUTH: No MD5 digest from xxx.xxx.xxx.205=
(1156) to xxx.xxx.xxx.206(179)
Apr 22 14:45:52.105 MDT: %TCP-6-BADAUTH: No MD5 digest from xxx.xxx.xxx.205=
(1156) to xxx.xxx.xxx.206(179)
Apr 22 14:45:52.917 MDT: %SYS-5-CONFIG_I: Configured from console by vty0 (=
xxx.xxx.5.205)
Apr 22 14:45:54.105 MDT: %TCP-6-BADAUTH: No MD5 digest from xxx.xxx.xxx.205=
(1156) to xxx.xxx.xxx.206(179)
Apr 22 14:45:58.113 MDT: %TCP-6-BADAUTH: No MD5 digest from xxx.xxx.xxx.205=
(1156) to xxx.xxx.xxx.206(179)
Apr 22 14:46:06.105 MDT: %TCP-6-BADAUTH: No MD5 digest from xxx.xxx.xxx.205=
(1156) to xxx.xxx.xxx.206(179)
Apr 22 14:46:22.106 MDT: %TCP-6-BADAUTH: No MD5 digest from xxx.xxx.xxx.205=
(1156) to xxx.xxx.xxx.206(179)
Apr 22 14:46:54.106 MDT: %TCP-6-BADAUTH: No MD5 digest from xxx.xxx.xxx.205=
(1156) to xxx.xxx.xxx.206(179)
Apr 22 14:47:20.295 MDT: %BGP-5-ADJCHANGE: neighbor xxx.xxx.xxx.205 Down BG=
P Notification sent
Apr 22 14:47:20.295 MDT: %BGP-3-NOTIFICATION: sent to neighbor xxx.xxx.xxx.=
205 4/0 (hold time expired) 0 bytes
Apr 22 14:47:39.083 MDT: %BGP-5-ADJCHANGE: neighbor xxx.xxx.xxx.205 Up
Apr 22 14:47:58.183 MDT: %TCP-6-BADAUTH: No MD5 digest from xxx.xxx.xxx.205=
(1156) to xxx.xxx.xxx.206(179)
Apr 22 14:49:02.121 MDT: %TCP-6-BADAUTH: No MD5 digest from xxx.xxx.xxx.205=
(1156) to xxx.xxx.xxx.206(179)
Apr 22 14:50:06.113 MDT: %TCP-6-BADAUTH: No MD5 digest from xxx.xxx.xxx.205=
(1156) to xxx.xxx.xxx.206(179)
Apr 22 14:51:10.117 MDT: %TCP-6-BADAUTH: No MD5 digest from xxx.xxx.xxx.205=
(1156) to xxx.xxx.xxx.206(179)
Apr 22 14:52:14.135 MDT: %TCP-6-BADAUTH: No MD5 digest from xxx.xxx.xxx.205=
(1156) to xxx.xxx.xxx.206(179)
Apr 22 14:53:18.125 MDT: %TCP-6-BADAUTH: No MD5 digest from xxx.xxx.xxx.205=
(1156) to xxx.xxx.xxx.206(179)
I am assuming the log entries about BADAUTH after the session came up were =
the effect of log buffering ?
=20
--=-1UuVSwMJ3ReGxJbaftBJ
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQBAi/rtoe/P7NB2GVsRAvNFAJ9XxVfg/oua2sJwwCAPUmfnQcZ81QCeLyIn
Gxncvma58ytbeqqu5aJZLeY=
=gpqz
-----END PGP SIGNATURE-----
--=-1UuVSwMJ3ReGxJbaftBJ--
