[j-nsp] RIP MD5 Key ID

Daniel Roesen dr at cluenet.de
Wed Oct 27 09:44:34 EDT 2004


On Wed, Oct 27, 2004 at 06:34:48AM -0700, Paul Goyette wrote:
> Try setting the other side's Key ID to 1 - a quick code examination 
> indicates that we set the key_id to 1 in all cases, at least as of JUNOS 
> release 6.3.

Empirical testing showed that all key IDs >0 work ok being configured
on the IOS side. Seems that IOS' key ID check is sloppy at best...
no matter wether using "1", "100" or "123" it works.

Interestingly, the OP didn't get it working with using key ID 100.
Perhaps there are more parameters (IOS version e.g.) involved.

> Well, it is mostly compliant!  :)  I've filed a bug report to allow
> the user to configure the key_id field.

Thanks, great. Some other Juniper folks contacted me privately and
we exchanged configs and findings. They'll bring that issue up with
development.

Do you have a PR# for future reference?


Best regards,
Daniel

-- 
CLUE-RIPE -- Jabber: dr at cluenet.de -- dr at IRCnet -- PGP: 0xA85C8AA0


More information about the juniper-nsp mailing list