cisco XR bgp key chain auth

sachin30720041 · ‎04-21-2022

Hello,

I have configured setup of 2 cisco XR routers XR8 and XR9.

Both routers have key chains configured for authentication. But both routers keep on throwing the following error.

P/0/0/CPU0:ios#RP/0/0/CPU0:Apr 22 06:03:34.807 : tcp[400]: %IP-TCP-3-EAOPT_SEND_NOKEY : No active send-key for key-chain 'key1' for the Enhanced Authentication option to send to peer 100.80.90.9, error - 'Key Chain Server Process' detected the 'fatal' condition 'No key available'

XRV8----------------------XRV9

xrv8
-------------
route-policy pass
pass
exit

key chain key1
key 1
key-string cisco
exit

router bgp 8
bgp router-id 8.8.8.8

neighbor 100.80.90.9
remote-as 9
keychain key1
address-family ipv4 unicast
route-policy pass in
route-policy pass out

xrv9
-------------
key chain key1
key 1
key-string cisco
exit

int gi0/0/0/0
ip address 100.80.90.9 255.255.255.0
no sh

int lo0
ip address 9.9.9.9 255.255.255.255

route-policy pass
pass
exit

router bgp 9
bgp router-id 9.9.9.9
address-family ipv4 unicast
network 9.9.9.9/32
exit

neighbor 100.80.90.8
keychain key1
remote-as 8
address-family ipv4 unicast
route-policy pass in
route-policy pass out

Am I missing any configuration ?

Thanks,

Sachin

balaji.bandi · ‎04-22-2022

Note Any key that is configured without a lifetime is considered invalid; therefore, the key is rejected during configuration.

The lifetime of a key is defined by the following options:

•Start-time—Specifies the absolute time.

•End-time—Specifies the absolute time that is relative to the start-time or infinite time.

https://www.cisco.com/c/en/us/td/docs/routers/xr12000/software/xr12k_r3-9/security/configuration/guide/sc39kcm.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help