BGP neighbor/configuration testing

• Previous message (by thread): BGP neighbor/configuration testing
• Next message (by thread): BGP neighbor/configuration testing
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Here are a couple of examples of syslog messages that could be seen depending on the configuration of the MD5 passwords on each side:

Troubleshooting Examples

If BGP neighbor authentication is incorrectly configured (for example, it is either configured on only one peer or the MD5 shared secret (password) does not match on both peers), the following types of syslog messages will be generated:

No Password Set on Remote Peer

    Dec 3 15:01:52: %TCP-6-BADAUTH: 
    No MD5 digest from 192.0.2.2(179) to 192.0.2.1(51954)

Incorrect Password Set on Remote Peer

    Dec 3 15:01:57: %TCP-6-BADAUTH: 
    Invalid MD5 digest from 192.0.2.2(22285) to 192.0.2.1(179)


Thanks,
John

"We can't help everyone, but everyone can help someone."

 


John Stuppi, CISSP
Technical Leader
Strategic Security Research
jstuppi at cisco.com
Phone: +1 732 516 5994
Mobile: 732 319 3886

CCIE, Security - 11154
Cisco Systems
Mail Stop INJ01/2/ 
111 Wood Avenue South 
Iselin, New Jersey 08830
United States
Cisco.com



Think before you print.
This email may contain confidential and privileged material for the sole use of the intended recipient. Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply email and delete all copies of this message.
For corporate legal information go to:
http://www.cisco.com/web/about/doing_business/legal/cri/index.html





-----Original Message-----
From: Daniel Rohan [mailto:drohan at gmail.com] 
Sent: Monday, November 25, 2013 1:56 PM
To: Eric A Louie
Cc: nanog at nanog.org
Subject: Re: BGP neighbor/configuration testing

Seems like:


> Nov 25 06:28:34.837 pacific: %BGP-3-NOTIFICATION: received from 
> neighbor
> xxx.118.92.149 2/5 (authentication failure) 0 bytes
>

should be a good starting place. I'm assuming you've already discussed auth keys with your provider and if everyone is putting that in correctly, I'd suggest turning on debugging to see what exactly that message is all about.

Dan

• Previous message (by thread): BGP neighbor/configuration testing
• Next message (by thread): BGP neighbor/configuration testing
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]