Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
930
Views
5
Helpful
1
Replies

RIP Md5 authentication errors between Nexus 5K and C 3750

Go to solution
BristolCityCouncil
Level 1
Level 1

‎11-29-2017 02:14 AM - edited ‎03-08-2019 12:55 PM

Pleas can you help me. I have upgraded my RIP routing switches to Nexus 5Ks from C3750Gs.  The remote sites that were connected to the C3750s are running RIPv2. We have also configured Md5 RIP authentication between C3750 and the remote sites.  

 

Since I have moved them to the Nexus the authentication is not working. The nexus log is full of the following errors : 

%RIP-4-SYSLOG_SL_MSG_WARNING: RIP-4-VALIDATE_SRC: message repeated 2 times in last 25 sec
%RIP-4-VALIDATE_SRC: rip-Schools [6261] (default-base) MD5 authentication failed(seq_no).

 

If I remove the authentication routing working fine between the 2 devices.  Please can you let me know if the hash values are different between the 2 types of Hardware?  

 

Kind regards

Will

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Georg Pauwen
VIP
VIP

‎11-29-2017 03:27 AM

Hello,

 

you are possibly hitting the bug below:

 

RIP routes not installed when RIP packet has same sequence as previous
CSCuy83572
Description
Symptom:
Routes present in the 1st update packet will be installed but those in other packets that are split due to there be many prefixes (in my case > 23) won't be installed.

RIP will log the following message in syslog:
2011 Oct 9 19:05:42 N6K-1 %RIP-4-VALIDATE_SRC: rip-1 [4477] (ucf-base) MD5 authentication failed(seq_no)for inf Vlan621

Conditions:
This is seen when there are more than 23 prefixes to be sent by neighbor, so the updates have to be split in multiple packets and the neighbor uses the same sequence number in the Auth header for these split packets.

Workaround:
As the issue is seen with MD5 Authentication header, if authentication is not used, or if Simple (clear text) authentication is used, issue won't trigger, as the sequence number field won't be present.

 

Known Fixed Releases:

6.2(16)
7.3(2)N1(1)
7.3(1)N1(1)
7.3(1)D1(1)
7.2(2)D1(1)
7.1(3)N1(4)
7.0(8)N1(1a)
7.0(3)I5(1)
7.0(3)F1(1)

 

View solution in original post

1 Reply 1

Go to solution
Georg Pauwen
VIP
VIP

‎11-29-2017 03:27 AM

Hello,

 

you are possibly hitting the bug below:

 

RIP routes not installed when RIP packet has same sequence as previous
CSCuy83572
Description
Symptom:
Routes present in the 1st update packet will be installed but those in other packets that are split due to there be many prefixes (in my case > 23) won't be installed.

RIP will log the following message in syslog:
2011 Oct 9 19:05:42 N6K-1 %RIP-4-VALIDATE_SRC: rip-1 [4477] (ucf-base) MD5 authentication failed(seq_no)for inf Vlan621

Conditions:
This is seen when there are more than 23 prefixes to be sent by neighbor, so the updates have to be split in multiple packets and the neighbor uses the same sequence number in the Auth header for these split packets.

Workaround:
As the issue is seen with MD5 Authentication header, if authentication is not used, or if Simple (clear text) authentication is used, issue won't trigger, as the sequence number field won't be present.

 

Known Fixed Releases:

6.2(16)
7.3(2)N1(1)
7.3(1)N1(1)
7.3(1)D1(1)
7.2(2)D1(1)
7.1(3)N1(4)
7.0(8)N1(1a)
7.0(3)I5(1)
7.0(3)F1(1)

 

Customers Also Viewed These Support Documents