cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1221
Views
15
Helpful
4
Replies

bgp peer authentication

sourabh1000_2
Level 1
Level 1

hi,

when i configured ibgp peership with "nei 1.1.1.2 password cisco" i am getting output that no md5 authentication from 1.1.1.2 but when i configured neighborship on 1.1.1.2 with "nei 1.1.1.1 pass 7 030752180500" (030752180500--this encrypted key in running config of 1.1.1.1), neighborship is eshtablishes without any issue.

my query is that--if i am able to use this encrypted key to establish neigh then what is the use of this authentication?

please help

4 Replies 4

Edison Ortiz
Hall of Fame
Hall of Fame

The key you've illustrated was generated by the service password-encryption command.

This command is primarily useful for keeping unauthorized individuals from viewing your password in your configuration file.

The MD5 authentication occurs in the wire during the BGP peering exchange and the only option to peer with BGP while having the password is MD5, there isn't any simple text authentication.

Regards

Edison.

Dear Mr.Edison,

all you say is correct but my basic question is that if any unauthorized router become a neighbor with excrypted password without knowing the real password then what is the use of that encrypted password as anyone can become a neighbor by using this encry password.

thanks and regards,

sourabh

I addressed your question.

The encrypted password above is the same as 'cisco' in non-encrypted form.

The neighbors must have the same password in order for the peering to come up.

While one neighbor has 'cisco' and the other one has the encrypted password of 'cisco', they will both send the same password and MD5 algorithm will produce the same result on the hash.

BTW, with BGP - you need to configure neighbor at both ends. An unauthorized router can't peer with you unless you peer back to them.

The password will help preventing the BGP packet from being sniffed while traversing unprotected hops.

Regards

Edison.

Sourabh,

You can not establish neighbored relationship with a peer if you do not know what the password is. Try this with 2 routers:

1-Establish a BGP session between router A and router B

2-Make sure that BGP neighbors are in established mode by issuing "sh ip bg nei" command.

3-On router A, add a password to the neighbor and use the above command and watch it go from established to active.

4-Add the same exact password to router B or delete the password on router A and watch it go back from active to established

HTH

Reza

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: