On Wed, 27 May 2020 at 12:58, Dave Bell <d...@geordish.org<mailto:d...@geordish.org>> wrote: >We've just turned up something similar. The difference is we are not using a >keychain for the P2P password.
I changed the interface-level hello-password to just use the password only (no key chain) and while the adjacency comes up, I kept getting this in the logs: %ROUTING-ISIS-5-AUTH_FAILURE_DROP : Dropped L2 LSP from 1071.3820.2072.00 due to cryptographic password mismatch Using plain ‘MD5’ authentication on the key chain causes the adjacency to drop entirely, so I returned it to HMAC-MD5. Thinking maybe there’s a character in my password that is messing things up (for some reason), I changed it to just ‘password’ and it was still bitching about a ‘cryptographic password mismatch’. If I remove the key chain entirely and just use a single ‘lsp-password’ with hmac-md5, everything appears to come up and no complaints from the NCS about password mismatches. LSPs are installed, along with routes. I cannot imagine that key chains simply do not work. Juniper states that the encryption algorithm is HMAC-MD5 (https://www.juniper.net/documentation/en_US/junos/topics/usage-guidelines/routing-configuring-is-is-authentication.html ), which makes sense since changing to just ‘MD5’ on the Cisco breaks the adjacency completely, so I don’t think it’s an issue with the algorithm. -evt _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/