|
Cisco IOS HeartBeat script _not_ working.
![[jp]](/s/countries/jp.gif) Shadow Hawkins on Friday, 13 April 2012 16:23:16
Hello,
I have a Cisco router trying to run a 6in4-heartbeat tunnel. The IOS is 15.1(4)M3 "Advanced Enterprise Services" and everything configured everything as described.
NTP was already up and running and the time zone has been correctly set.
Here is the documentation I have found http://www.sixxs.net/wiki/Heartbeat_for_Cisco_IOS
My first problem is that I need to set an username and password, but in the script I can set only the password. Running the debug there are no errors, just a ping timeout:
DEBUG(cli_lib) : : IN : #tclsh flash:heartbeat6.tcl
DEBUG(cli_lib) : : OUT : HEARTBEAT TUNNEL 2604:8800:100:XXX::2 sender XXXX XXXX
DEBUG(cli_lib) : : OUT :
DEBUG(cli_lib) : : OUT : Type escape sequence to abort.
DEBUG(cli_lib) : : OUT : Sending 1, 100-byte ICMP Echos to 2604:8800:100:XXX::1, timeout is 2 seconds:
DEBUG(cli_lib) : : OUT : Packet sent with a source address of 2604:8800:100:159::2
DEBUG(cli_lib) : : OUT : .
DEBUG(cli_lib) : : OUT : Success rate is 0 percent (0/1)
DEBUG(cli_lib) : : OUT : #
DEBUG(cli_lib) : : CTL : cli_close called.
If I run the heartbeat script on a machine behind the router everything is working. Did anyone had this problem?
Thanks.
Cisco IOS HeartBeat script _not_ working.
Are you using the correct password? According to the PoP:
Last Heartbeat : 2012-04-13 12:40:04 (1334320804; 0 days 02:15:03 ago)
Hash Fail : 141, last: 210.225.123.61 2012-04-13 14:24:00 (1334327040; 0 days 00:31:07 ago)
As such, you might want to check that.
Cisco IOS HeartBeat script _not_ working.
Shadow Hawkins on Friday, 13 April 2012 18:04:28
Thanks for the reply.
The password is correct, the problem is I do not know where to write the username. In the script there is only the password field and I do not know how the hash is computed.
Cisco IOS HeartBeat script _not_ working.
the heartbeat protocol's authentication is seperate from the username and password that you use for logging into the website. Instead one uses the IPv6 address of your side of the tunnel and the heartbeat password that is associated with it. see the wiki page to find out what it is.
Cisco IOS HeartBeat script _not_ working.
Shadow Hawkins on Friday, 13 April 2012 19:01:14
I'm talking about the tunnel username and password. The one working when i set it up in the aiccu.conf file on a Linux/Windows machine.
Here is what is written on my tunnel configuration page just before the password field:
TIC Password for this tunnel
This TIC Password allows you to login using SGL9-SIXXS/TXXXXX as a username. and the provided password. Such a login can only retrieve information about the given tunnel and optionally the subnet. This login method is only available for TIC logins, thus eg the username/password combination used for AICCU. One can't login to this webinterface with it. If no password is defined, this TIC login method is disabled.
Also in the aiccu.conf file the username is mandatory:
# AICCU Configuration
# Login information
username SGL9-SIXXS/TXXXXX
password XXXXX
# Interface names to use
# ipv6_interface is the name of the interface that will be used as a tunnel interface.
# On *BSD the ipv6_interface should be set to gifX (eg gif0) for proto-41 tunnels
# or tunX (eg tun0) for AYIYA tunnels.
ipv6_interface sixxs
.
.
.
I can't find in the Wiki how the hash should be computed due to dead links.
Cisco IOS HeartBeat script _not_ working.
I'm talking about the tunnel username and password.
That is the so-called "TIC Password", this is a combination of the username you use to log in to the website, a slash, and the tunnel ID. The password for this is whatever you enter in the box right below that text.
This password is used for TIC, but not for the heartbeat.
I can't find in the Wiki how the hash should be computed due to dead links.
The heartbeat 'hash' is over the full heartbeat string including the password, then the password is stripped and replaced with the hash. This is what the script does.
As input to the script though you pass it in the Heartbeat Password that is shown by the TIC transaction done by AICCU.
Thus as a summary, for users there are three passwords in SixXS:
- the username/password for logging into the website and TIC (eg EXA1-SIXXS + passwordstring)
- an optional per-tunnel password, the so called "TIC password" (EXA1-SIXXS/T12345 + passwordstring)
- a per-tunnel heartbeat/AYIYA password, this is only revealed in the TIC transaction.
The latter is what you have to feed the script.
Cisco IOS HeartBeat script _not_ working.
Shadow Hawkins on Saturday, 14 April 2012 03:20:33
Thank you very much for your help, but sadly I still can't make it work.
I have no clue where to find that "later password" if it is not the one under "TIC Password for this tunnel" in the tunnel configuration page. To be 100% sure to write it correctly I copied the password from the script and pasted into the web form.
Are the AICCU hearbeat and the Cisco IOS hearbeat script using different passwords? Because on the first the Username/password is working.
Are recent there reports of that IOS script is working?
Cisco IOS HeartBeat script _not_ working.
On the wiki page there is a section at the bottom called "Find out tunnel passphrase"
In the output you will see amongst others:
sock_getline() : "UserState: enabled"
sock_getline() : "AdminState: enabled"
sock_getline() : "Password: XXXXXXXXXX"
sock_getline() : "Heartbeat_Interval: 60"
sock_getline() : "202 Done"
You will need that Password, the XXXXX's, for the heartbeat script.
Cisco IOS HeartBeat script _not_ working.
Shadow Hawkins on Saturday, 14 April 2012 10:10:01
It's working, thanks for the help.
Maybe changing, in the script, the password variable in passphrase could help.
set password ""; # Tunnel passphrase (see below)
Also actually including an explanation below, as it's written, will help for sure. As now there isn't anything password related "below" in the script file nor in the README.
|
![[ch]](/s/countries/ch.gif)
on Friday, 13 April 2012 16:56:11
Posting is only allowed when you are