MikroTik

Posted: **Thu May 26, 2011 1:29 am**

We are trying to get BGP to our providers Cisco's working with tcp-md5-key and are failing. We can only get the connection with authentication disabled. Is there something that we are not doing right? Are we supposed to convert the ascii key through a md5 hash before putting it in the key field? So far all the examples we have seen have had the key disabled or null. Does someone have this working?

thanks!

Posted: **Thu May 26, 2011 1:45 am**

Works fine for me using just the same ASCII key on both routers.

Cisco 2851 running 12.4(25c):

spoke#sh ip bgp summ
BGP router identifier 2.2.2.162, local AS number 65531
BGP table version is 3, main routing table version 3
1 network entries using 117 bytes of memory
1 path entries using 52 bytes of memory
2/1 BGP path/bestpath attribute entries using 248 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 417 total bytes of memory
BGP activity 1/0 prefixes, 1/0 paths, scan interval 60 secs

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
2.2.2.41    4 65530       3       4        3    0    0 00:00:47        0
spoke#show run | s router bgp
router bgp 65531
  no synchronization
  bgp log-neighbor-changes
  neighbor 2.2.2.41 remote-as 65530
  neighbor 2.2.2.41 password 7 010703174F
  neighbor 2.2.2.41 ebgp-multihop 2
  no auto-summary
spoke#
spoke#sh ip bgp nei 2.2.2.41 advertised-routes
BGP table version is 3, local router ID is 2.2.2.162
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 1.1.1.0/24       0.0.0.0                  0         32768 i

Total number of prefixes 1
spoke#

Just to save you the work, "010703174F" is level 7 encryption for "test", the command was entered as "neighbor 2.2.2.41 password 0 test".

x86 box running 5.2:

[admin@x86-lab-1] /routing bgp> exp
# may/25/2011 15:41:20 by RouterOS 5.2
# software id = WTPH-Z5E2
#
/routing bgp instance
set default as=65530 client-to-client-reflection=yes disabled=no ignore-as-path-len=no name=default out-filter="" redistribute-connected=no redistribute-ospf=no redistribute-other-bgp=no redistribute-rip=no redistribute-static=no router-id=0.0.0.0 routing-table=""
/routing bgp peer
add address-families=ip as-override=no default-originate=never disabled=no hold-time=3m in-filter="" instance=default multihop=yes name=peer1 nexthop-choice=default out-filter="" passive=no remote-address=2.2.2.162 remote-as=65531 remove-private-as=no route-reflect=no tcp-md5-key=test ttl=2 use-bfd=no
[admin@x86-vrrp-1] /routing bgp>
[admin@x86-vrrp-1] /routing bgp> /ip route print where bgp
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 1 ADb  1.1.1.0/24                         2.2.2.162      20
[admin@x86-lab-1] /routing bgp>

They're just peachy establishing adjacency and you can see the route it learned.
Only changes made are find/replace on the first three octets as the only quick lab routers I had available were public IPs.

Posted: **Thu May 26, 2011 11:48 am**

If your password has special characters then try removing any back or forward slashes or exclamation points. I have a password containing the following symbols and it works fine between ROS 4.11 and IOS 12.0S.

#}(>&:,; (special characters from my password)

MikroTik

tcp-md5-key to cisco

tcp-md5-key to cisco

Re: tcp-md5-key to cisco

Re: tcp-md5-key to cisco