BGP from Juniper to Cisco ASR

Pedro Cavaca pmsac.nanog at
Wed Dec 18 17:54:22 UTC 2013

On 18 December 2013 15:48, Philip Lavine <source_route at> wrote:

> Dec 18 07:46:33: %BGP-3-NOTIFICATION: received from neighbor <REMOTE PEER>
> active 2/5 (authentication failure) 0 bytes
> Dec 18 15:46:33.615: BGP: ses global <REMOTE PEER> (0x7FB1CD209CF0:0) act
> Receive NOTIFICATION 2/5 (authentication failure) 0 bytes
Although I have seem this on the message boards I am little confused in
> that the ISP is telling me that there is no authentication enabled on the
> Juniper and I do not have authentication enabled on the ASR. So what is
> going on here?

That's an error during the Open phase, so it can't be related to any MD5
authentication configuration - which is absent, as you say so yourself.

Make sure you're trying to initiate the BGP session from the right IP
address (eventually needing to use "neighbor X update-source <interface>")
and that their configuration matches your address correctly (i.e., they
have the right address on your side, without any typos on their

It probably wouldn't hurt to confirm they have your peering session
configured as "type external".


More information about the NANOG mailing list