Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

bgp peer authentication

hi,

when i configured ibgp peership with "nei 1.1.1.2 password cisco" i am getting output that no md5 authentication from 1.1.1.2 but when i configured neighborship on 1.1.1.2 with "nei 1.1.1.1 pass 7 030752180500" (030752180500--this encrypted key in running config of 1.1.1.1), neighborship is eshtablishes without any issue.

my query is that--if i am able to use this encrypted key to establish neigh then what is the use of this authentication?

please help

4 REPLIES
Hall of Fame Super Bronze

Re: bgp peer authentication

The key you've illustrated was generated by the service password-encryption command.

This command is primarily useful for keeping unauthorized individuals from viewing your password in your configuration file.

The MD5 authentication occurs in the wire during the BGP peering exchange and the only option to peer with BGP while having the password is MD5, there isn't any simple text authentication.

Regards

Edison.

New Member

Re: bgp peer authentication

Dear Mr.Edison,

all you say is correct but my basic question is that if any unauthorized router become a neighbor with excrypted password without knowing the real password then what is the use of that encrypted password as anyone can become a neighbor by using this encry password.

thanks and regards,

sourabh

Hall of Fame Super Bronze

Re: bgp peer authentication

I addressed your question.

The encrypted password above is the same as 'cisco' in non-encrypted form.

The neighbors must have the same password in order for the peering to come up.

While one neighbor has 'cisco' and the other one has the encrypted password of 'cisco', they will both send the same password and MD5 algorithm will produce the same result on the hash.

BTW, with BGP - you need to configure neighbor at both ends. An unauthorized router can't peer with you unless you peer back to them.

The password will help preventing the BGP packet from being sniffed while traversing unprotected hops.

Regards

Edison.

VIP Super Bronze

Re: bgp peer authentication

Sourabh,

You can not establish neighbored relationship with a peer if you do not know what the password is. Try this with 2 routers:

1-Establish a BGP session between router A and router B

2-Make sure that BGP neighbors are in established mode by issuing "sh ip bg nei" command.

3-On router A, add a password to the neighbor and use the above command and watch it go from established to active.

4-Add the same exact password to router B or delete the password on router A and watch it go back from active to established

HTH

Reza

617
Views
15
Helpful
4
Replies
CreatePlease to create content