I believe the OP was about interop between cisco and juniper using
key-chains.
On Wed, Jun 3, 2020 at 1:56 AM Phil Bedard wrote:
> There shouldn't be an issue using keychains for these functions, I have XR
> and XE devices running IS-IS between each other with keychains on both
> without an
There shouldn't be an issue using keychains for these functions, I have XR and
XE devices running IS-IS between each other with keychains on both without an
issue.
One thing to always watch out for is inadvertent spaces after you type in a
clear text password.
Thanks,
Phil
On 5/28/20,
On 27/May/20 21:08, Eric Van Tol wrote:
> Unless I get suggestions otherwise, I suppose I'll just not use keys, which
> seems prohibitive, particularly if a password needs changing at some point.
> The 'lsp-password' without a key chain seems to work just fine. :-/
In IOS and IOS XE, we use
After messing a lot more with this, I decided to remove my IS-IS config
completely on both routers and start over. I found that when using a key chain
in IOS-XR, it seems to have trouble attaching the key to CSNP packets:
SEND L2 PSNP on TenGigabitEthernet0/0/0/19: Add of Key Chain
On Wed, 27 May 2020 at 12:58, Dave Bell
mailto:d...@geordish.org>> wrote:
>We've just turned up something similar. The difference is we are not using a
>keychain for the P2P password.
I changed the interface-level hello-password to just use the password only (no
key chain) and while the
On Wed, 27 May 2020 at 15:40, Eric Van Tol wrote:
> It was a hold-over from when there were separate levels with authenticating
> hellos and just hasn't changed since transitioning to a single level-2-only
> area. Irrespective of this, removing the hello-authentication at the
> interface
On 5/27/20, 8:21 AM, "Saku Ytti" wrote:
> What is the intended behaviour? As far as I know hello packets are
> covered by the main level authentication. You'd only really want to
> configure the interface level if you want to ONLY authenticate hellos
> or if you want to have separate
On Wed, 27 May 2020 at 14:49, Eric Van Tol wrote:
> protocols {
> isis {
> level 2 {
> authentication-key-chain isis-chain;
> }
> interface xe-0/0/0.0 {
> level 2 {
> hello-authentication-key-chain isis-chain;
> }
Keychain for XR would help too..
key chain ISIS-DOMAIN
key 1
accept-lifetime 00:00:00 january 01 2020 infinite
key-string password
send-lifetime 00:00:00 january 01 2020 infinite
cryptographic-algorithm HMAC-MD5
On Wed, 27 May 2020 at 12:58, Dave Bell wrote:
> We've just turned up
We've just turned up something similar. The difference is we are not using
a keychain for the P2P password.
>show configuration protocols isis
topologies ipv6-unicast;
overload timeout 300;
level 1 disable;
level 2 {
authentication-key-chain ISIS_DOMAIN;
wide-metrics-only;
}
interface
Sorry if this is a duplicate – Outlook chose the ‘bounces’ address as the one
to send to and I didn’t notice.
Hi all,
I’m testing out an NCS540 for use in our network and this is my first foray
into IOS-XR. We have a mix of Juniper and Cisco IOS/IOS-XE devices that the NCS
needs to
Trying to set up the XML API on an ASR 9K and find myself unable to
authenticate with the XML API using Netcat.
I've configured the box as below:
Building configuration...
!! IOS XR Configuration 5.1.2
!! Last configuration change at Wed Apr 15 07:19:42 2015 by root
!
username xml
group sysadmin
instead of using netcat?
Your configuration should work just fine.
Regards,
-lmn
From: Alexander Turner m...@alexturner.co
Date: Thu, 16 Apr 2015 00:40:45 +1000
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] IOS XR - XML API Authentication fails
Trying to set up the XML API on an ASR 9K
13 matches
Mail list logo