Guest

Preview Tool

Cisco Bug: CSCtd29491 - Default APS authentication string of "cisco"

Last Modified

Jan 15, 2017

Products (1)

  • Cisco ASR 9000 Series Aggregation Services Routers

Known Affected Releases

3.9.0.BASE

Description (partial)

Symptom:
MR-APS on XR platforms require a authentification string for each aps group and is used by the PGP link to exhange messages in a protected manner. If none is provided the string defaults to "cisco".

MR-APS on IOS platforms do not require any string and defaults to none.


Conditions:
Connection of a XR and IOS in a MR-APS group using default or mismatched authentification strings will result in unsuccessful PGP communications as shown below on XR:

RP/0/RSP0/CPU0:thor14#sh aps
Thu Jan 28 15:40:00.420 EST

APS Group 1
  PGP: protocol version: native 4 adopted -1
  PGP: Authentication "cisco", hello time 1 sec, hold time 3 sec
  Protect ch 0 (SONET0_1_1_0): Disabled
    SONET framing, SONET signaling, bidirectional, non-revertive
    Rx K1: 0x00 (No Request - Null)
       K2: 0x05 (bridging Null, 1+1, bidirectional)
    Tx K1: 0x00 (No Request - Null)
       K2: 0x05 (bridging Null, 1+1, bidirectional)
  Working ch 1 (10.10.1.1): not contacted.

since an invalid adopted PGP protocol version is shown:
PGP: protocol version: native 4 adopted -1

resulting in a 'not contacted' status to its PGP peer:
 Working ch 1 (10.10.1.1): not contacted.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.