bgp peer authentication

Unanswered Question
Nov 2nd, 2009


when i configured ibgp peership with "nei password cisco" i am getting output that no md5 authentication from but when i configured neighborship on with "nei pass 7 030752180500" (030752180500--this encrypted key in running config of, neighborship is eshtablishes without any issue.

my query is that--if i am able to use this encrypted key to establish neigh then what is the use of this authentication?

please help

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Edison Ortiz Mon, 11/02/2009 - 09:41

The key you've illustrated was generated by the service password-encryption command.

This command is primarily useful for keeping unauthorized individuals from viewing your password in your configuration file.

The MD5 authentication occurs in the wire during the BGP peering exchange and the only option to peer with BGP while having the password is MD5, there isn't any simple text authentication.



sourabh1000_2 Mon, 11/02/2009 - 09:56

Dear Mr.Edison,

all you say is correct but my basic question is that if any unauthorized router become a neighbor with excrypted password without knowing the real password then what is the use of that encrypted password as anyone can become a neighbor by using this encry password.

thanks and regards,


Edison Ortiz Mon, 11/02/2009 - 10:35

I addressed your question.

The encrypted password above is the same as 'cisco' in non-encrypted form.

The neighbors must have the same password in order for the peering to come up.

While one neighbor has 'cisco' and the other one has the encrypted password of 'cisco', they will both send the same password and MD5 algorithm will produce the same result on the hash.

BTW, with BGP - you need to configure neighbor at both ends. An unauthorized router can't peer with you unless you peer back to them.

The password will help preventing the BGP packet from being sniffed while traversing unprotected hops.



Reza Sharifi Mon, 11/02/2009 - 10:47


You can not establish neighbored relationship with a peer if you do not know what the password is. Try this with 2 routers:

1-Establish a BGP session between router A and router B

2-Make sure that BGP neighbors are in established mode by issuing "sh ip bg nei" command.

3-On router A, add a password to the neighbor and use the above command and watch it go from established to active.

4-Add the same exact password to router B or delete the password on router A and watch it go back from active to established




This Discussion