Trivial Description
Tool qpid-route supports only ANONYMOUS sasl mech in method mapRoutes.
This results as (although both broker nodes are running with very same ACL rules and qpid.sasldb):
ExecutionException(error_code=403, command_id=serial(0), class_code=8, command_code=1, field_index=0, description=u'unauthorized-access: ACL denied queue create request from anonymous@QPID (qpid/broker/SessionAdapter.cpp:349)', error_info={}, channel=1, id=serial(0))
The reason is because when qpid-route queries subsequent brokers in the federation topology, it does not set any credentials (esp. those used for the first broker).
Trivial fix to follow just passes the credentials and other connection options to any further broker that the tool connects to.