Wired Intelligent Edge

 View Only
last person joined: 2 days ago 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution

Aruba CX 6300F - HP Aruba 5406R OSPF MD5 Rotating key authentication issue.

This thread has been viewed 8 times
  • 1.  Aruba CX 6300F - HP Aruba 5406R OSPF MD5 Rotating key authentication issue.

    Posted Oct 18, 2022 11:25 AM
    Hello All,

    I have an Aruba CX 6300F L3 switch that I am trying to get OSPF MD5 authentication working with a rotating keychain on  HP 5406R. I got it working with a regular "non-rotating key" but for some reason it doesn't like the keychain commands.

    Any thoughts are greatly appreciated. Please let me know if you need me to provide more info.

    ---6300F Commands----

    interface vlan 223
    description "Routed-link-to-5406R"
    ip address 192.168.235.155/24
    ip ospf 1 area 0.0.0.0
    ip ospf authentication message-digest
    ip ospf keychain "keyRotate" 

    keychain keyRotate
    key 2
    key-string plaintext 2001keyrotate
    accept-lifetime start-time 08:00:00 07/15/2022 end-time 08:00:00 01/15/2023
    send-lifetime start-time 08:00:00 08/01/2022 end-time 08:00:00 01/01/2023
    key 3
    key-string plaintext 3001keyrotate
    accept-lifetime start-time 08:00:00 12/15/2022 end-time 08:00:00 08/15/2023
    send-lifetime start-time 08:00:00 01/01/2023 end-time 08:00:00 08/01/2023

    5406 Commands

    vlan 2235
    name "Routed-link-to-6300F"
    untagged C2
    ip address 192.168.235.101 255.255.255.0
    ip ospf 192.168.235.101 area backbone
    ip ospf 192.168.235.101 md5-auth-key-chain "keyRotate"
    exit


    key-chain "keyRotate"
    key-chain "keyRotate" key 2 key-string "2001keyrotate"
    key-chain "keyRotate" key 2 accept-lifetime 07/15/2022 08:00:00 01/15/2023 08:00:00
    key-chain "keyRotate" key 2 send-lifetime 08/01/2022 08:00:00 01/01/2023 08:00:00
    key-chain "keyRotate" key 3 key-string "3001keyrotate"
    key-chain "keyRotate" key 3 accept-lifetime 12/15/2022 08:00:00 08/15/2023 08:00:00
    key-chain "keyRotate" key 3 send-lifetime 01/01/2023 08:00:00 08/01/2023 08:00:00

    I keep receiving this error message on the 5406R

    E 10/14/22 10:38:25 03132 OSPF: AM1: RECV: Discarding packet on interface vl2235
    : Invalid authentication key or sequence number mismatch (5 times in
    60 seconds)