Cisco Bug: CSCtd29491 - Default APS authentication string of "cisco"
Jan 15, 2017
- Cisco ASR 9000 Series Aggregation Services Routers
Known Affected Releases
Symptom: MR-APS on XR platforms require a authentification string for each aps group and is used by the PGP link to exhange messages in a protected manner. If none is provided the string defaults to "cisco". MR-APS on IOS platforms do not require any string and defaults to none. Conditions: Connection of a XR and IOS in a MR-APS group using default or mismatched authentification strings will result in unsuccessful PGP communications as shown below on XR: RP/0/RSP0/CPU0:thor14#sh aps Thu Jan 28 15:40:00.420 EST APS Group 1 PGP: protocol version: native 4 adopted -1 PGP: Authentication "cisco", hello time 1 sec, hold time 3 sec Protect ch 0 (SONET0_1_1_0): Disabled SONET framing, SONET signaling, bidirectional, non-revertive Rx K1: 0x00 (No Request - Null) K2: 0x05 (bridging Null, 1+1, bidirectional) Tx K1: 0x00 (No Request - Null) K2: 0x05 (bridging Null, 1+1, bidirectional) Working ch 1 (10.10.1.1): not contacted. since an invalid adopted PGP protocol version is shown: PGP: protocol version: native 4 adopted -1 resulting in a 'not contacted' status to its PGP peer: Working ch 1 (10.10.1.1): not contacted.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases