Nexus OSPF Authentication error when using message-digest-key

GediCoder08111 · ‎03-29-2021

Hi,
On nexus 9k ver 9.3.5 I am using message digest key to create a type 7 digest, but I am getting this error:
Error: Invalid Type 7 password

The exact same configuration on version 9.3.1 works fine. So something must have changed in this version but I am not seeing anything new in release notes or configuration guide. Can someone help and guide how to work around this?

On version 9.3(1) Bios:version 07.66 - it works just fine

On version 9.3(5) Bios:version 01.02 - it does not work.

GediCoder08111 · ‎03-29-2021

NVM, found a way around it... Not sure why Cisco did not document the new steps clearly.

Georg Pauwen · ‎03-29-2021

Hello,

glad that you got it resolved. What is the workaround ?

GediCoder08111 · ‎05-05-2021

Hi Georg,
Sorry I missed your reply.
In global config I had to create a key-chain that did accept the type 7
key chain mychain
key 1
key-string 7 <my-original 18-chr string>
cryptographic-algorithm MD5

Then on the interface authenticating with the router i called out the key-chain
ip ospf authentication message-digest
ip ospf authentication key-chain mychain

hope this helps. I'd still be interested to understand why the change in behavior between the two versions.

bart.t · ‎06-02-2025

Little late, but I believe "ip ospf authentication message-digest" would be thus redundant.

Instead of saying message-digest is configured, you're now pointing to a key-chain.

I also believe type 7 is not MD5, because it is reversible.