Assuming it's truly Ethernet between the routers and you're peering to the connected interface, you should see ARP. If the TCP option for MD5 (Option 19) is rejected, that means you're getting a message back from the other end which means a L2 frame, which means ARP should be populated.
Or you should be able to ping the IP of the other end of the link. Even if it's filtering ICMP, it *must* respond to the ARP request (unless you're in a CCIE lab and you're using a VACL to block ARP or something ridiculous like that). If you're not getting ARP over an Ethernet interface for the connected peer, you have a layer 2 problem. On Thu, Jun 7, 2012 at 8:22 AM, Tony Singh <[email protected]> wrote: > Guys > > PE>CE > > Just a question but got a scenario here at work where bgp peerings have > failed right after loads of md5 bad auth messages in syslog, do we expect > any arp entries on that interface if this happens, or is the security on > the tcp session terminated if we have set password either end and it's not > matching on one end, hence arp will not show anything. > > Sorry cannot cut and paste and configs, in fear of losing my job ;) > > debug shows open failed: Connection timed out; remote host not responding > on CE > > > Im raising a ticket with the ISP anyway but need to understand about the > arp/tcp md5 bit > > thanks in advance > > Tony > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > > http://onlinestudylist.com/mailman/listinfo/ccie_rs > _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com http://onlinestudylist.com/mailman/listinfo/ccie_rs
